diff --git a/CHANGELOG.md b/CHANGELOG.md index 27443c58..d3f868d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [1.1.0] (2023-3-17) + +Lots of new functionality added related to gathering and storing meta data about the exact environment that was used to create AWS resources via Terraform. Also added functionality to gather and persist as much information as possible about build and deploy CI work flows. + +- add module to gather environment state data of current user +- add cookiecutter meta tags for AWS resources +- revert to installing nutmeg.2 by default +- gather and persist CI build and deploy meta data in new k8s secrets +- add scorm proxy service to backend file storage based on eduNEXT prototype + ## [1.0.26] (2023-3-8) - bug fix: settings_merge.yml PREVIEW_LMS_BASE @@ -272,7 +282,7 @@ General production release - resolved deprecation warnings in all modules - restructured terraform folders - fixed a bug that was causing multiple SSL/TLS certificates to be created in both us-east-1 as well as the environment region -- added the text 'openedx_devops' to the descriptions of all security groups, IAM roles, and IAM policies resources that are explicitly created by this repository +- added the text 'cookiecutter' to the descriptions of all security groups, IAM roles, and IAM policies resources that are explicitly created by this repository ## [0.0.3] - 2022-03-20 diff --git a/README.rst b/README.rst index 7804e513..4f592c36 100644 --- a/README.rst +++ b/README.rst @@ -141,7 +141,7 @@ Create a Github repo and push it there: git add . git commit -m "first commit" git branch -M main - git remote add origin https://github.com/lpm0073/openedx_devops.git + git remote add origin https://github.com/youraccount/{{ cookiecutter.github_repo_name }}.git git push -u origin main Now take a look at your repo. Don't forget to carefully look at the generated README. Awesome, right? diff --git a/cookiecutter.json b/cookiecutter.json index 6cbf83f8..5a82ac0a 100644 --- a/cookiecutter.json +++ b/cookiecutter.json @@ -16,6 +16,8 @@ "global_aws_route53_hosted_zone_id": "Z1234567ABCDE1U23DEF", "global_aws_region": "us-east-1", "global_account_id": "123456789012", + "global_google_analytics_account": "SET-ME-PLEASE", + "global_language_code": "en", "stack_add_bastion": ["Y", "N"], "stack_add_bastion_openedx_dev_environment": ["N", "Y"], "stack_add_k8s_dashboard": ["Y", "N"], @@ -26,7 +28,7 @@ "stack_add_remote_mysql": ["Y", "N"], "stack_add_remote_mongodb": ["Y", "N"], "stack_add_remote_redis": ["Y", "N"], - "ci_build_tutor_version": "15.2.0", + "ci_build_tutor_version": "14.2.4", "ci_build_kubectl_version": "1.25/stable", "kubernetes_cluster_version": "1.25", "ci_build_theme_repository": "edx-theme-example", @@ -38,7 +40,7 @@ "ci_build_xblock_org": "openedx", "ci_build_xblock_repository": "edx-ora2", "ci_build_xblock_ref": "master", - "ci_deploy_open_edx_version": "olive.1", + "ci_deploy_open_edx_version": "nutmeg.2", "ci_deploy_install_backup_plugin": ["N", "Y"], "ci_deploy_install_credentials_server": ["N", "Y"], "ci_deploy_install_discovery_service": ["Y", "N"], @@ -66,7 +68,7 @@ "ci_openedx_actions_tutor_k8s_configure_mongodb_version": "v1.0.1", "ci_openedx_actions_tutor_k8s_configure_redis_version": "v1.0.0", "ci_openedx_actions_tutor_k8s_configure_smtp_version": "v1.0.0", - "ci_openedx_actions_tutor_print_dump": "v1.0.0", + "ci_openedx_actions_tutor_print_dump": "v1.0.4", "ci_openedx_actions_tutor_plugin_build_backup_version": "v0.1.7", "ci_openedx_actions_tutor_plugin_build_credentials_version": "v1.0.0", "ci_openedx_actions_tutor_plugin_build_license_manager_version": "v0.0.2", @@ -117,26 +119,26 @@ "redis_port": 6379, "redis_family": "redis6.x", "terraform_required_version": "~> 1.3", - "terraform_aws_modules_acm": "~> 4.3", - "terraform_aws_modules_cloudfront": "~> 3.1", - "terraform_aws_modules_eks": "~> 19.4", + "terraform_aws_modules_acm": "4.3", + "terraform_aws_modules_cloudfront": "3.1", + "terraform_aws_modules_eks": "19.4", "terraform_aws_modules_iam": "~> 5.9", - "terraform_aws_modules_iam_assumable_role_with_oidc": "~> 5.10", - "terraform_aws_modules_rds": "~> 5.2", - "terraform_aws_modules_s3": "~> 3.6", - "terraform_aws_modules_sg": "~> 4.16", - "terraform_aws_modules_vpc": "~> 3.18", - "terraform_helm_cert_manager": "~> 1.11", - "terraform_helm_ingress_nginx_controller": "~> 4.4", - "terraform_helm_vertical_pod_autoscaler": "~> 6.0", - "terraform_helm_karpenter": "~> 0.16", - "terraform_helm_dashboard": "~> 6.0", - "terraform_helm_kubeapps": "~> 12.2", - "terraform_helm_kubecost": "~> 1.100", - "terraform_helm_metrics_server": "~> 3.8", + "terraform_aws_modules_iam_assumable_role_with_oidc": "5.10", + "terraform_aws_modules_rds": "5.2", + "terraform_aws_modules_s3": "3.6", + "terraform_aws_modules_sg": "4.16", + "terraform_aws_modules_vpc": "3.18", + "terraform_helm_cert_manager": "1.11", + "terraform_helm_ingress_nginx_controller": "4.4", + "terraform_helm_vertical_pod_autoscaler": "6.0", + "terraform_helm_karpenter": "0.16", + "terraform_helm_dashboard": "6.0", + "terraform_helm_kubeapps": "12.2", + "terraform_helm_kubecost": "1.100", + "terraform_helm_metrics_server": "3.8", "terraform_helm_prometheus": "39.6.0", "terraform_provider_kubernetes_version": "~> 2.16", - "terraform_provider_hashicorp_aws_version": "~> 4.48", + "terraform_provider_hashicorp_aws_version": "4.48", "terraform_provider_hashicorp_local_version": "~> 2.2", "terraform_provider_hashicorp_random_version": "~> 3.4", "terraform_provider_hashicorp_kubectl_version": "~> 1.14", diff --git a/{{cookiecutter.github_repo_name}}/.github/workflows/build-openedx.yml b/{{cookiecutter.github_repo_name}}/.github/workflows/build-openedx.yml index 9d690ec5..edaa77cb 100644 --- a/{{cookiecutter.github_repo_name}}/.github/workflows/build-openedx.yml +++ b/{{cookiecutter.github_repo_name}}/.github/workflows/build-openedx.yml @@ -39,6 +39,11 @@ jobs: aws-region: {% raw %}${{ env.AWS_REGION }}{% endraw %} tutor-version: "{{ cookiecutter.ci_build_tutor_version }}" + - name: Load additional environment specific settings + shell: bash + run: |- + echo "TUTOR_OPENEDX_COMMON_VERSION=open-release/{{ cookiecutter.ci_deploy_open_edx_version }}" >> $GITHUB_ENV + #------------------------------------------------------------------------ # Add a custom theme here. #------------------------------------------------------------------------ @@ -88,6 +93,9 @@ jobs: - name: Dump tutor config uses: openedx-actions/tutor-print-dump@{{ cookiecutter.ci_openedx_actions_tutor_print_dump }} + with: + namespace: {% raw %}${{ env.NAMESPACE }}{% endraw %} + action: build #------------------------------------------------------------------------ # Build and upload the Docker container diff --git a/{{cookiecutter.github_repo_name}}/.github/workflows/deploy-{{cookiecutter.environment_name}}.yml b/{{cookiecutter.github_repo_name}}/.github/workflows/deploy-{{cookiecutter.environment_name}}.yml index 3ecd877b..952a6f89 100644 --- a/{{cookiecutter.github_repo_name}}/.github/workflows/deploy-{{cookiecutter.environment_name}}.yml +++ b/{{cookiecutter.github_repo_name}}/.github/workflows/deploy-{{cookiecutter.environment_name}}.yml @@ -130,7 +130,7 @@ jobs: echo "TUTOR_LMS_HOST=$LMS_HOSTNAME" >> $GITHUB_ENV echo "TUTOR_CMS_HOST=$CMS_HOSTNAME" >> $GITHUB_ENV echo "TUTOR_DOCKER_IMAGE_OPENEDX=${AWS_ECR_REPOSITORY_OPENEDX}" >> $GITHUB_ENV - echo "OPENEDX_COMMON_VERSION=open-release/{{ cookiecutter.ci_deploy_open_edx_version }}" >> $GITHUB_ENV + echo "TUTOR_OPENEDX_COMMON_VERSION=open-release/{{ cookiecutter.ci_deploy_open_edx_version }}" >> $GITHUB_ENV # --------------------------------------------------------------------------------- # Configure optional tutor plugins @@ -319,6 +319,9 @@ jobs: - name: Dump tutor config uses: openedx-actions/tutor-print-dump@{{ cookiecutter.ci_openedx_actions_tutor_print_dump }} + with: + namespace: {% raw %}${{ env.NAMESPACE }}{% endraw %} + action: deploy # ----------------------------------------------------------------------- # Deploy diff --git a/{{cookiecutter.github_repo_name}}/VERSION b/{{cookiecutter.github_repo_name}}/VERSION new file mode 100644 index 00000000..ce77b519 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/VERSION @@ -0,0 +1 @@ +v1.0.27 diff --git a/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/settings_merge.yml b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/settings_merge.yml index 0bf9a43e..00d34ba5 100644 --- a/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/settings_merge.yml +++ b/{{cookiecutter.github_repo_name}}/ci/tutor-deploy/environments/{{cookiecutter.environment_name}}/settings_merge.yml @@ -1,73 +1,117 @@ --- +ACTIVATION_EMAIL_SUPPORT_LINK: https://{{ cookiecutter.global_root_domain }}/support/ +AUTH_PASSWORD_VALIDATORS: +- NAME: django.contrib.auth.password_validation.UserAttributeSimilarityValidator +- NAME: common.djangoapps.util.password_policy_validators.MinimumLengthValidator + OPTIONS: + min_length: 8 +- NAME: common.djangoapps.util.password_policy_validators.MaximumLengthValidator + OPTIONS: + max_length: 75 +AWS_SES_REGION_ENDPOINT: email.{{ cookiecutter.global_aws_region }}.amazonaws.com +AWS_SES_REGION_NAME: "{{ cookiecutter.global_aws_region }}" CORS_ORIGIN_ALLOW_ALL: true CORS_ORIGIN_WHITELIST: - https://{{ cookiecutter.global_root_domain }} - https://{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} - https://{{ cookiecutter.environment_studio_subdomain }}.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} - https://apps.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} +COURSE_ABOUT_VISIBILITY_PERMISSION: see_about_page +COURSE_CATALOG_VISIBILITY_PERMISSION: see_in_catalog +CREDIT_HELP_LINK_URL: https://{{ cookiecutter.global_root_domain }}/support/ CROSS_DOMAIN_CSRF_COOKIE_DOMAIN: "{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}" CROSS_DOMAIN_CSRF_COOKIE_NAME: native-csrf-cookie CSRF_COOKIE_SECURE: true -CSRF_TRUSTED_ORIGINS: [] +CSRF_TRUSTED_ORIGINS: +- https://apps.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} DCS_SESSION_COOKIE_SAMESITE: lax DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL: true -ACTIVATION_EMAIL_SUPPORT_LINK: https://{{ cookiecutter.global_root_domain }}/support/ -AWS_SES_REGION_ENDPOINT: email.{{ cookiecutter.global_aws_region }}.amazonaws.com -AWS_SES_REGION_NAME: "{{ cookiecutter.global_aws_region }}" -CREDIT_HELP_LINK_URL: https://{{ cookiecutter.global_root_domain }}/support/ DEFAULT_MOBILE_AVAILABLE: false DEFAULT_EMAIL_LOGO_URL: https://cdn.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} ENTERPRISE_SUPPORT_URL: https://{{ cookiecutter.global_root_domain }}/support/ ENTERPRISE_TAGLINE: "{{ cookiecutter.global_platform_name }}" FACEBOOK_API_VERSION: v12.0 FEATURES: - ENABLE_CHANGE_USER_PASSWORD_ADMIN: true - CERTIFICATES_HTML_VIEW: true - PREVIEW_LMS_BASE: "preview.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}" - ENABLE_COURSEWARE_INDEX: true - ENABLE_CSMH_EXTENDED: false - ENABLE_LEARNER_RECORDS: true - ENABLE_LIBRARY_INDEX: true - MILESTONES_APP: true - ENABLE_PREREQUISITE_COURSES: true - ENABLE_DASHBOARD_SEARCH: false + ALLOW_ALL_ADVANCED_COMPONENTS: true + ALLOW_HIDING_DISCUSSION_TAB: true AUTH_USE_OPENID_PROVIDER: false + AUTH_USE_OPENID: false AUTOMATIC_AUTH_FOR_TESTING: false + CERTIFICATES_ENABLED: true + CERTIFICATES_HTML_VIEW: true + CUSTOM_CERTIFICATE_TEMPLATES_ENABLED: true CUSTOM_COURSES_EDX: false + ENABLE_ACCOUNT_DELETION: true ENABLE_BULK_ENROLLMENT_VIEW: true + ENABLE_CHANGE_USER_PASSWORD_ADMIN: true ENABLE_COMBINED_LOGIN_REGISTRATION: true ENABLE_CORS_HEADERS: true ENABLE_COUNTRY_ACCESS: false + ENABLE_COURSEWARE_INDEX: true + ENABLE_COURSEWARE_MICROFRONTEND: false ENABLE_CREDIT_API: false ENABLE_CREDIT_ELIGIBILITY: false ENABLE_CROSS_DOMAIN_CSRF_COOKIE: true - ENABLE_DISCUSSION_HOME_PANEL: false - ENABLE_DISCUSSION_SERVICE: false + ENABLE_CSMH_EXTENDED: false + ENABLE_DASHBOARD_SEARCH: true + ENABLE_DISCUSSION_EMAIL_DIGEST: true + ENABLE_DISCUSSION_HOME_PANEL: true + ENABLE_DISCUSSION_SERVICE: true + ENABLE_DJANGO_ADMIN_SITE: true ENABLE_EDXNOTES: true ENABLE_ENROLLMENT_RESET: true ENABLE_EXPORT_GIT: false ENABLE_GRADE_DOWNLOADS: true ENABLE_INSTRUCTOR_ANALYTICS: true + ENABLE_INSTRUCTOR_EMAIL: true + ENABLE_LEARNER_RECORDS: true + ENABLE_LIBRARY_INDEX: true ENABLE_LTI_PROVIDER: false ENABLE_MKTG_SITE: false ENABLE_MOBILE_REST_API: true ENABLE_OAUTH2_PROVIDER: true + ENABLE_PEARSON_HACK_TEST: false + ENABLE_PREREQUISITE_COURSES: true ENABLE_PUBLISHER: false ENABLE_READING_FROM_MULTIPLE_HISTORY_TABLES: false ENABLE_SPECIAL_EXAMS: false ENABLE_SYSADMIN_DASHBOARD: true ENABLE_THIRD_PARTY_AUTH: true ENABLE_VIDEO_UPLOAD_PIPELINE: false + ENABLE_XBLOCK_VIEW_ENDPOINT: true + MILESTONES_APP: true + ORGANIZATIONS_APP: true + PREVENT_CONCURRENT_LOGINS: true + PREVIEW_LMS_BASE: preview.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} SHOW_FOOTER_LANGUAGE_SELECTOR: false SHOW_HEADER_LANGUAGE_SELECTOR: false +GOOGLE_ANALYTICS_ACCOUNT: {{ cookiecutter.global_google_analytics_account }} +HEARTBEAT_EXTENDED_CHECKS: +- openedx.core.djangoapps.heartbeat.default_checks.check_celery +- openedx.core.djangoapps.django_comment_common.comment_client.utils.check_forum_heartbeat ID_VERIFICATION_SUPPORT_LINK: https://{{ cookiecutter.global_root_domain }}/support/ -LANGUAGE_CODE: en +LANGUAGE_CODE: {{ cookiecutter.global_language_code }} LANGUAGE_COOKIE: openedx-language-preference +LOGIN_REDIRECT_WHITELIST: +- https://{{ cookiecutter.environment_studio_subdomain }}.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} +- https://apps.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }} LOGO_URL_PNG: "https://cdn.{{ cookiecutter.environment_subdomain }}.{{ cookiecutter.global_root_domain }}" +MKTG_URL_OVERRIDES: + ABOUT: '#' + BLOG: '#' + DONATE: '#' + PRIVACY: '#' + TOS: '#' +PARENTAL_CONSENT_AGE_LIMIT: 13 PLATFORM_DESCRIPTION: "{{ cookiecutter.global_platform_description }}" PLATFORM_FACEBOOK_ACCOUNT: http://www.facebook.com/ PLATFORM_NAME: "{{ cookiecutter.global_platform_name }}" PLATFORM_TWITTER_ACCOUNT: '' +PROFILE_IMAGE_SIZES_MAP: + full: 500 + large: 120 + medium: 50 + small: 30 REGISTRATION_EXTRA_FIELDS: city: hidden confirm_email: hidden @@ -93,7 +137,13 @@ SUPPORT_SITE_LINK: https://{{ cookiecutter.global_root_domain }}/support/ TIME_ZONE: America/New_York THIRD_PARTY_AUTH_BACKENDS: - social_core.backends.google.GoogleOAuth2 +- social_core.backends.linkedin.LinkedinOAuth2 - social_core.backends.facebook.FacebookOAuth2 +- social_core.backends.azuread.AzureADOAuth2 +- common.djangoapps.third_party_auth.appleid.AppleIdAuth +- common.djangoapps.third_party_auth.identityserver3.IdentityServer3 +- common.djangoapps.third_party_auth.saml.SAMLAuthBackend +- common.djangoapps.third_party_auth.lti.LTIAuthBackend WIKI_ENABLED: false API_ACCESS_FROM_EMAIL: api-requests@{{ cookiecutter.global_root_domain }} API_ACCESS_MANAGER_EMAIL: api-access@{{ cookiecutter.global_root_domain }} diff --git a/{{cookiecutter.github_repo_name}}/doc/DATA_BACKUP.md b/{{cookiecutter.github_repo_name}}/doc/DATA_BACKUP.md index 49f89d41..b044dd29 100644 --- a/{{cookiecutter.github_repo_name}}/doc/DATA_BACKUP.md +++ b/{{cookiecutter.github_repo_name}}/doc/DATA_BACKUP.md @@ -35,7 +35,7 @@ MongoDB script source: [openedx-backup-mongodb.sh](../terraform/stacks/modules/e Terraform creates a dedicated AWS S3 bucket, {{ cookiecutter.environment_name }}-{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-backup.s3.amazonaws.com, for archiving backups. This bucket does not provide public access. Note that it is preconfigured with a lifecycle policy to retain large files (greater than 1Gb) for 30 days. -See Terraform source code: [openedx_backups.tf](../terraform/environments/modules/s3_openedx_storage/openedx_backups.tf) +See Terraform source code: [openedx_backups.tf](../terraform/environments/modules/s3/openedx_backups.tf) ## Local storage diff --git a/{{cookiecutter.github_repo_name}}/doc/wordfence-firewall-screenshot.png b/{{cookiecutter.github_repo_name}}/doc/wordfence-firewall-screenshot.png new file mode 100644 index 00000000..8c5485a7 Binary files /dev/null and b/{{cookiecutter.github_repo_name}}/doc/wordfence-firewall-screenshot.png differ diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/README.md b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/README.md new file mode 100644 index 00000000..005793bf --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/README.md @@ -0,0 +1,30 @@ +# Cookiecutter Meta + +Collects and persists meta data about the current user's environment. Data collected is made visible to Terraform by persisting each data element its own .state file in ./output. These files in turn are exposed within Terraform using "data" declarations. + +Cookiecutter Meta is referenced by all modules contained in [environments](../../environments/) and [stacks](../../stacks/) and is ultimated formatted into AWS resource tag elements that are persisted into every AWS resource created by the Terraform scripts contained in this repository. + +## Meta Data + +Collects the following about your operating environment: + +- AWS Command-line interface version number +- The current git branch of this repository +- The most recent git commit date from this repository +- The sha of the most recent git commit from this repository +- The AWS IAM ARN which contains the key-secret in use for the awscli +- Kubectl current version +- The name and version of your computer's operating system +- Terraform current version +- Timestamp of the last time this module was executed +- Cookiecutter version + +## Usage + +Run this module separately and as needed. + +```bash + terraform init # prepare this module to run by downloading all referenced Terraform modules and providers + terraform plan # echo a work plan to the console + terraform apply # run this module +``` diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/main.tf b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/main.tf new file mode 100644 index 00000000..3d0de335 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/main.tf @@ -0,0 +1,245 @@ +#------------------------------------------------------------------------------ +# written by: Lawrence McDaniel +# https://lawrencemcdaniel.com/ +# +# date: Mar-2023 +# +# usage: gather environment variables and add to a tags dict. This is a +# hacky solution in that we use Bash to gather data elements, and meanwhile +# Terraform lacks a good interface to send bash results back to the thread +# of control. +# as a workaround, we get bash to write its results to a file in the "output" +# folder and then we use Terraform 'data' definitions to access each result. +# +# But, it's worse than just that. Terraform also lacks a means of detecting +# state changes on the null_resource objects we declare here, as this would +# require that an 'apply' on each resource in order to run the bash code +# contained therein. thus, it's a chicken-and-egg problem. +# +# our workaround is: +# 1. always execute an "init" resource +# 2. inside this we rewrite the contents of cookiecutter_github_commit.state +# 3. we use a MD5 checksum of the file content of cookiecutter_github_commit.state +# as a taint for all resources that provide data to the tags output. +#------------------------------------------------------------------------------ + + +# ensure that a state file exists for each element we track. +resource "null_resource" "init" { + provisioner "local-exec" { + command = <<-EOT + touch ${path.module}/output/cookiecutter_awscli_version.state + touch ${path.module}/output/cookiecutter_github_branch.state + touch ${path.module}/output/cookiecutter_github_commit_date.state + touch ${path.module}/output/cookiecutter_github_commit.state + touch ${path.module}/output/cookiecutter_github_repository.state + touch ${path.module}/output/cookiecutter_iam_arn.state + touch ${path.module}/output/cookiecutter_kubectl_version.state + touch ${path.module}/output/cookiecutter_os.state + touch ${path.module}/output/cookiecutter_terraform_version.state + touch ${path.module}/output/cookiecutter_timestamp.state + touch ${path.module}/output/cookiecutter_version.state + EOT + } +} + +# rewrite the contents of cookiecutter_github_commit.state, which will +# taint our other resouces in the event that this changes the file +# contents. +resource "null_resource" "taint" { + provisioner "local-exec" { + command = <<-EOT + GIT_PARENT_DIRECTORY=$(git rev-parse --show-toplevel) + cookiecutter_github_commit=$(git -C $GIT_PARENT_DIRECTORY rev-parse HEAD) + echo $cookiecutter_github_commit > ${path.module}/output/cookiecutter_github_commit.state + EOT + } + triggers = { + timestamp = "${timestamp()}" + } +} +data "local_file" "taint" { + filename = "${path.module}/output/cookiecutter_github_commit.state" + depends_on = [ + null_resource.taint + ] +} + +resource "null_resource" "environment" { + provisioner "local-exec" { + command = <<-EOT + # common variables + GIT_PARENT_DIRECTORY=$(git rev-parse --show-toplevel) + + #------------------------------------------------------------------------------ + # 1. cookiecutter_awscli_version + # get the current version of AWS CLI running on the machine that is executing + # this module. + #------------------------------------------------------------------------------ + cookiecutter_awscli_version=$(aws --version | awk '{print $1}' | sed 's/aws-cli//') + cookiecutter_awscli_version=$(echo $cookiecutter_awscli_version | sed 's@/@@') + echo $cookiecutter_awscli_version > ${path.module}/output/cookiecutter_awscli_version.state + + #------------------------------------------------------------------------------ + # 2. cookiecutter_github_branch + # get the branch of the most recent commit + #------------------------------------------------------------------------------ + cookiecutter_github_branch=$(git -C $GIT_PARENT_DIRECTORY branch | sed 's/* //') + echo $cookiecutter_github_branch > ${path.module}/output/cookiecutter_github_branch.state + + #------------------------------------------------------------------------------ + # 3. cookiecutter_github_commit_date + # get the commit date of the most recent commit from the repo containing this code + # HINT: this will be a repo generated by the Cookiecutter (ie. {{ cookiecutter.github_repo_name }}) + #------------------------------------------------------------------------------ + cookiecutter_github_commit_date=$(date -r $(git log -1 --format=%ct) +%Y%m%dT%H%M%S) + echo $cookiecutter_github_commit_date > ${path.module}/output/cookiecutter_github_commit_date.state + + #------------------------------------------------------------------------------ + # 4. cookiecutter_github_commit + # get the sha of the most recent commit + #------------------------------------------------------------------------------ + cookiecutter_github_commit=$(git -C $GIT_PARENT_DIRECTORY rev-parse HEAD) + echo $cookiecutter_github_commit > ${path.module}/output/cookiecutter_github_commit.state + + #------------------------------------------------------------------------------ + # 5. cookiecutter_github_repository + # get the url to the remote Github repository from which this code was cloned. + #------------------------------------------------------------------------------ + cookiecutter_github_repository=$(git -C $GIT_PARENT_DIRECTORY config --get remote.origin.url) + echo $cookiecutter_github_repository > ${path.module}/output/cookiecutter_github_repository.state + + #------------------------------------------------------------------------------ + # 6. cookiecutter_global_iam_arn + # get the AWS IAM user of the key pair that AWS CLI is currently using. + #------------------------------------------------------------------------------ + cookiecutter_global_iam_arn=$(aws sts get-caller-identity | jq -r '.["Arn"] as $v | "\($v)"') + echo $cookiecutter_global_iam_arn > ${path.module}/output/cookiecutter_global_iam_arn.state + + #------------------------------------------------------------------------------ + # 7. cookiecutter_kubectl_version + # get the current version of kubectl that is running on the machine executing + # this module. + #------------------------------------------------------------------------------ + cookiecutter_kubectl_version=$(kubectl version --output=json | jq -r '.["clientVersion"].gitVersion as $v | "\($v)"') + echo $cookiecutter_kubectl_version > ${path.module}/output/cookiecutter_kubectl_version.state + + #------------------------------------------------------------------------------ + # 8. cookiecutter_os + # get the operating system of the machine running this module + #------------------------------------------------------------------------------ + echo $OSTYPE > ${path.module}/output/cookiecutter_os.state + + #------------------------------------------------------------------------------ + # 9. cookiecutter_terraform_version + # get the current version of Terraform running on the machine that is executing + # this module. + #------------------------------------------------------------------------------ + cookiecutter_terraform_version=$(terraform --version | head -n 1 | sed 's/Terraform //') + echo $cookiecutter_terraform_version > ${path.module}/output/cookiecutter_terraform_version.state + + #------------------------------------------------------------------------------ + # 10. cookiecutter_timestamp + # get the system date from the machine running this module + #------------------------------------------------------------------------------ + cookiecutter_timestamp=$(date +%Y%m%dT%H%M%S) + echo $cookiecutter_timestamp > ${path.module}/output/cookiecutter_timestamp.state + + EOT + } + + lifecycle { + replace_triggered_by = [ + data.local_file.taint.id + ] + } + + depends_on = [ + null_resource.init + ] +} + +# 1. cookiecutter_awscli_version +data "local_file" "cookiecutter_awscli_version" { + filename = "${path.module}/output/cookiecutter_awscli_version.state" + depends_on = [ + null_resource.environment + ] +} + +# 2. cookiecutter_github_branch +data "local_file" "cookiecutter_github_branch" { + filename = "${path.module}/output/cookiecutter_github_branch.state" + depends_on = [ + null_resource.environment + ] +} + +# 3. cookiecutter_github_commit_date +data "local_file" "cookiecutter_github_commit_date" { + filename = "${path.module}/output/cookiecutter_github_commit_date.state" + depends_on = [ + null_resource.environment + ] +} + +# 4. cookiecutter_github_commit +data "local_file" "cookiecutter_github_commit" { + filename = "${path.module}/output/cookiecutter_github_commit.state" + depends_on = [ + null_resource.environment + ] +} + +# 5. cookiecutter_github_repository +data "local_file" "cookiecutter_github_repository" { + filename = "${path.module}/output/cookiecutter_github_repository.state" + depends_on = [ + null_resource.environment + ] +} + +# 6. cookiecutter_global_iam_arn +data "local_file" "cookiecutter_global_iam_arn" { + filename = "${path.module}/output/cookiecutter_global_iam_arn.state" + depends_on = [ + null_resource.environment + ] +} + +# 7. cookiecutter_kubectl_version +data "local_file" "cookiecutter_kubectl_version" { + filename = "${path.module}/output/cookiecutter_kubectl_version.state" + depends_on = [ + null_resource.environment + ] +} + +# 8. cookiecutter_os +data "local_file" "cookiecutter_os" { + filename = "${path.module}/output/cookiecutter_os.state" + depends_on = [ + null_resource.environment + ] +} + +# 9. cookiecutter_terraform_version +data "local_file" "cookiecutter_terraform_version" { + filename = "${path.module}/output/cookiecutter_terraform_version.state" + depends_on = [ + null_resource.environment + ] +} + +# 10. cookiecutter_timestamp +data "local_file" "cookiecutter_timestamp" { + filename = "${path.module}/output/cookiecutter_timestamp.state" + depends_on = [ + null_resource.environment + ] +} + +# 11. cookiecutter_version +data "local_file" "cookiecutter_version" { + filename = "${path.module}/../../../VERSION" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output.tf b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output.tf new file mode 100644 index 00000000..360f13da --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output.tf @@ -0,0 +1,20 @@ +output "tags" { + value = { + "cookiecutter/meta/terraform" = "true" + "cookiecutter/meta/version" = replace(tostring(data.local_file.cookiecutter_version.content), "\n", "") + "cookiecutter/meta/aws_iam_user" = replace(tostring(data.local_file.cookiecutter_global_iam_arn.content), "\n", "") + "cookiecutter/meta/github_repository" = replace(tostring(data.local_file.cookiecutter_github_repository.content), "\n", "") + "cookiecutter/meta/github_branch" = replace(tostring(data.local_file.cookiecutter_github_branch.content), "\n", "") + "cookiecutter/meta/github_commit" = replace(tostring(data.local_file.cookiecutter_github_commit.content), "\n", "") + "cookiecutter/meta/github_commit_date" = replace(tostring(data.local_file.cookiecutter_github_commit_date.content), "\n", "") + "cookiecutter/meta/awscli_version" = replace(tostring(data.local_file.cookiecutter_awscli_version.content), "\n", "") + "cookiecutter/meta/terraform_version" = replace(tostring(data.local_file.cookiecutter_terraform_version.content), "\n", "") + "cookiecutter/meta/kubectl_version" = replace(tostring(data.local_file.cookiecutter_kubectl_version.content), "\n", "") + "cookiecutter/meta/os" = replace(tostring(data.local_file.cookiecutter_os.content), "\n", "") + "cookiecutter/meta/timestamp" = replace(tostring(data.local_file.cookiecutter_timestamp.content), "\n", "") + } + + depends_on = [ + null_resource.environment + ] +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_awscli_version.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_awscli_version.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_awscli_version.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_branch.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_branch.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_branch.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_commit.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_commit.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_commit.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_commit_date.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_commit_date.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_commit_date.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_repository.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_repository.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_github_repository.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_global_iam_arn.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_global_iam_arn.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_global_iam_arn.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_kubectl_version.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_kubectl_version.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_kubectl_version.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_os.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_os.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_os.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_terraform_version.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_terraform_version.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_terraform_version.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_timestamp.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_timestamp.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_timestamp.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_version.state b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_version.state new file mode 100644 index 00000000..3d17e76e --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/output/cookiecutter_version.state @@ -0,0 +1 @@ +unassigned diff --git a/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/versions.tf new file mode 100644 index 00000000..8bf0e5ee --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/common/cookiecutter_meta/versions.tf @@ -0,0 +1,22 @@ +#------------------------------------------------------------------------------ +# written by: Lawrence McDaniel +# https://lawrencemcdaniel.com/ +# +# date: March-2022 +# +# usage: build an EKS cluster load balancer that uses a Fargate Compute Cluster +#------------------------------------------------------------------------------ +terraform { + required_version = "~> 1.3" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.48" + } + local = { + source = "hashicorp/local" + version = "~> 2.2" + } + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/README.md index e1859b8d..c42edd45 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/README.md +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/README.md @@ -1,11 +1,15 @@ -## Terragrunt Environments +# Environments -Terraform environments give you the ability to create multiple, distinct AWS VPC clouds for prod, development, QA and so on. That is, you would be create distinct RDS instances, MongoDB instances, Kubernetes Cluster instances and so on; one for each additional environment. +Cookiecutter environments give you the ability to create multiple, segregated operating environments for your Open edX installation, saving you time and effort in creating and maintaining environments for `prod`, `dev`, `test`, `qa`, `mcdaniel`, etcetera. Cookiecutter environments run on a [backend stack](../stacks/). -The envisioned implementations of additional environments would consist of environments like: `prod`, `dev`, `test`, `qa`, `mcdaniel`, etcetera. +Cookiecutter environments are logically separated, using their own sets of: -These additional environments will run on shared infrastructure, named `{{ cookiecutter.global_platform_shared_resource_identifier }}` by default, unless you have specified otherwise. However, each environment has its own data and its own Kubernetes namespace. - -The general strategy is that a common set of parameters are defined in [terraform/environments/global.hcl](./global.hcl) that each environment uses, plus, each environment maintains its own set of parameters for environment-specific settings like domain names and resource instances sizes for example. - -The difference between these two methodologies is that the former creates an entire VPC per environment, increasing your monthly AWS bill by multiples, whereas the latter simply adds additional domain records, S3 buckets, and logical databases as necessary to support the additional environments. +- cloud storage and data backup locations +- logical MySQL databases and MongoDB contentstores +- Redis cache keys +- application credentials and service accounts +- domain name and DNS entries +- ssl certificates +- ingresses +- Kubernetes namespaces and resource monitoring configurations +- Github Action build-deploy workflows diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/README.md new file mode 100644 index 00000000..08c4b33a --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/README.md @@ -0,0 +1,7 @@ +# Amazon Certificate Manager + +Requests ssl certificates for stack aws_region {{ cookiecutter.global_platform_region }} for ELB, adds DNS records for certificate verification, and adds a certificate to us-east-1 for AWS Cloudfront distributions. + +## Additional Features + +This module integrates [cookiecutter_meta](../../../common/cookiecutter_meta/README.md), which manages an optional additional set of AWS resource tags. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/main.tf index 9f80a16b..beda5148 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/main.tf @@ -1,17 +1,15 @@ -#------------------------------------------------------------------------------ -# written by: Lawrence McDaniel -# https://lawrencemcdaniel.com/ -# -# date: Apr-2022 -# -# usage: Add DNS records and tls certs to stack aws_region for ELB. -# Also add certs to us-east-1 for Cloudfront distributions. -#------------------------------------------------------------------------------ -provider "aws" { - alias = "environment_region" - region = var.aws_region -} +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/acm" + "cookiecutter/resource/source" = "terraform-aws-modules/acm/aws" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_aws_modules_acm }}" + } + ) +} data "aws_route53_zone" "root_domain" { name = var.root_domain } @@ -23,7 +21,7 @@ data "aws_route53_zone" "environment_domain" { module "acm_root_domain_environment_region" { source = "terraform-aws-modules/acm/aws" - version = "{{ cookiecutter.terraform_aws_modules_acm }}" + version = "~> {{ cookiecutter.terraform_aws_modules_acm }}" providers = { aws = aws.environment_region @@ -35,9 +33,9 @@ module "acm_root_domain_environment_region" { subject_alternative_names = [ "*.${var.root_domain}", ] + tags = local.tags wait_for_validation = true - tags = var.tags } module "acm_environment_environment_region" { @@ -54,7 +52,14 @@ module "acm_environment_environment_region" { subject_alternative_names = [ "*.${var.environment_domain}", ] + tags = local.tags wait_for_validation = true - tags = var.tags +} + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/providers.tf new file mode 100644 index 00000000..0e21dac8 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/providers.tf @@ -0,0 +1,4 @@ +provider "aws" { + alias = "environment_region" + region = var.aws_region +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/versions.tf index efd9a51b..02d1cb1a 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/acm/versions.tf @@ -12,7 +12,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } local = { source = "hashicorp/local" diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/README.md new file mode 100644 index 00000000..be13fdee --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/README.md @@ -0,0 +1,15 @@ +# Environment Specific Cloudfront Distribution + +Creates a dedicated CDN on a per-environment basis. The following resources are created and configured: + +- AWS Cloudfront distribution, sourced by its corresponding AWS S3 Bucket s3://{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-{{ cookiecutter.environment_name }}-storage created in the s3 Terraform module. +- An ssl certificate with preconfigured CNAME, originating from us-east-1 as is required by Cloudfront +- A DNS record added to the environment AWS Route53 Hosted Zone + +## Note the following + +The AWS S3 bucket is configured to allow publicly accessible content. However, you must manually and explicitly make content public in order for it to be viewable from the CDN created by this module. Moreover, you should remain aware that this bucket by default contains a collections of mixed content originating from various parts of the openedx platform, including profile images, course content, grade downloads, and so on. It is possible to customize this behavior in order to segregate content that you may deem too sensitive. See [openedx-actions/tutor-plugin-enable-s3](https://github.com/openedx-actions/tutor-plugin-enable-s3), called from Github Actions Deployment workflows in this repo. + +## Additional Features + +This module integrates [cookiecutter_meta](../../../common/cookiecutter_meta/README.md), which manages an optional additional set of AWS resource tags. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/certificate_manager.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/certificate_manager.tf index 47499a50..5918690c 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/certificate_manager.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/certificate_manager.tf @@ -1,12 +1,3 @@ -#------------------------------------------------------------------------------ -# written by: Lawrence McDaniel -# https://lawrencemcdaniel.com/ -# -# date: Feb-2022 -# -# usage: Add DNS records and tls certs to environment aws_region for ALB. -# Also add certs to us-east-1 for Cloudfront distributions. -#------------------------------------------------------------------------------ {% if cookiecutter.global_aws_region != "us-east-1" -%} #------------------------------------------------------------------------------ # SSL/TLS certs issued in the AWS region for ALB @@ -22,7 +13,7 @@ provider "aws" { module "acm_environment_domain" { source = "terraform-aws-modules/acm/aws" - version = "{{ cookiecutter.terraform_aws_modules_acm }}" + version = "~> {{ cookiecutter.terraform_aws_modules_acm }}" providers = { aws = aws.us-east-1 @@ -40,8 +31,12 @@ module "acm_environment_domain" { # adding the Usage tag as a way to differentiate this cert from the one created by # the eks clb ingress, of which we have no control. tags = merge( - var.tags, - { Usage = "Cloudfront" } + local.tags, + { Usage = "Cloudfront" }, + { + "cookiecutter/resource/source" = "terraform-aws-modules/acm/aws" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_aws_modules_acm }}" + } ) } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/main.tf index 45407edd..9685c35b 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/main.tf @@ -17,14 +17,16 @@ locals { s3_bucket_name = var.resource_name s3_bucket_domain = "${local.s3_bucket_name}.s3.${var.aws_region}.amazonaws.com" cdn_name = "cdn.${var.environment_domain}" -} -provider "aws" { - alias = "us-east-1" - region = "us-east-1" + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/cloudfront" + } + ) } - data "aws_route53_zone" "environment_domain" { name = var.environment_domain @@ -64,7 +66,7 @@ resource "aws_route53_record" "cdn_environment_domain" { module "cdn_environment_domain" { source = "terraform-aws-modules/cloudfront/aws" - version = "{{cookiecutter.terraform_aws_modules_cloudfront}}" + version = "~> {{cookiecutter.terraform_aws_modules_cloudfront}}" aliases = [local.cdn_name] @@ -108,4 +110,19 @@ module "cdn_environment_domain" { acm_certificate_arn = data.aws_acm_certificate.environment_domain.arn ssl_support_method = "sni-only" } + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "terraform-aws-modules/cloudfront/aws" + "cookiecutter/resource/version" = "{{cookiecutter.terraform_aws_modules_cloudfront}}" + } + ) +} + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/providers.tf new file mode 100644 index 00000000..21aba178 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/providers.tf @@ -0,0 +1,4 @@ +provider "aws" { + alias = "us-east-1" + region = "us-east-1" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/versions.tf index 2fa47171..19a35530 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/cloudfront/versions.tf @@ -10,7 +10,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/README.md new file mode 100644 index 00000000..05e23329 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/README.md @@ -0,0 +1,33 @@ +# Environment Specific Kubernetes Configuration + +Adds Kubernetes [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) and [Vertical Pod Autoscalers](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler) to the environment. + +## Horizontal Pod Autoscalers + +- cms +- cms worker +- lms +- lms worker +- discovery +- mfe +- notes +- smtp + +More: see [README](./yml/horizontalpodautoscalers/README.md) + +## Vertical Pod Autoscalers + +- cms +- cms worker +- lms +- lms worker +- discovery +- ElasticSearch +- MongoDB +- mfe +- notes +- smtp + +## Additional Features + +This module integrates [cookiecutter_meta](../../../common/cookiecutter_meta/README.md), which manages an optional additional set of AWS resource tags. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/main.tf index f6278488..bf67b941 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/main.tf @@ -7,32 +7,41 @@ # usage: create an RDS MySQL instance. # store the MySQL credentials in Kubernetes Secrets #------------------------------------------------------------------------------ -data "aws_eks_cluster" "eks" { - name = var.resource_name -} - -data "aws_eks_cluster_auth" "eks" { - name = var.resource_name -} - -provider "kubernetes" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.eks.token -} - -provider "kubectl" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority.0.data) - token = data.aws_eks_cluster_auth.eks.token -} - #------------------------------------------------------------------------------ # Tutor deploys into this namespace, bc of a namesapce command-line argument # that we pass inside of GitHub Actions deploy workflow #------------------------------------------------------------------------------ +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/kubernetes" + } + ) +} + resource "kubernetes_namespace" "environment_namespace" { metadata { name = var.environment_namespace } } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} + +resource "kubernetes_secret" "cookiecutter" { + metadata { + name = "cookiecutter" + namespace = var.environment_namespace + } + + # https://stackoverflow.com/questions/64134699/terraform-map-to-string-value + data = { + tags = jsonencode(local.tags) + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/providers.tf new file mode 100644 index 00000000..0da09588 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/providers.tf @@ -0,0 +1,19 @@ +data "aws_eks_cluster" "eks" { + name = var.resource_name +} + +data "aws_eks_cluster_auth" "eks" { + name = var.resource_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.eks.token +} + +provider "kubectl" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.eks.token +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/variables.tf index 44fdfbf7..f2a8b392 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/variables.tf @@ -18,3 +18,9 @@ variable "environment_name" { variable "environment_namespace" { type = string } + +variable "tags" { + description = "collection of all tags to add to this resource. execting the combination of global + environment + resouce tags." + type = map(string) + default = {} +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/versions.tf index 2f80d54d..b46c4ef2 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes/versions.tf @@ -12,7 +12,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } local = { source = "hashicorp/local" diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/README.md index ec020e9c..4a99f6e9 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/README.md +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/README.md @@ -1 +1,12 @@ -## Elastic Kubernetes with EC2 Worker Nodes + Classic Load Balancer +# Environment Specific Kubernetes Ingress + +Implements an Nginx-based ingress controller and AWS Classic Load Balancer for this environment. Creates the following resources: + +- Helm installed Certificate Issuer which relies on Kubernetes [cert-manager](https://cert-manager.io/) +- Open edX ingresses for lms, cms, discovery +- Open edX [MFE](https://openedx.atlassian.net/wiki/spaces/FEDX/pages/1265467645/Open+edX+and+Microfrontends) ingress +- DNS records added to AWS Route53 Hosted Zone for this environment + +## Additional Features + +This module integrates [cookiecutter_meta](../../../common/cookiecutter_meta/README.md), which manages an optional additional set of AWS resource tags. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/kubernetes.tf index bf938df9..184fd704 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/kubernetes.tf @@ -32,3 +32,24 @@ resource "kubectl_manifest" "ingress_mfe" { aws_route53_record.wildcard, ] } + +data "aws_s3_bucket" "storage" { + id = var.s3_bucket_storage +} + +data "template_file" "proxy_service" { + template = file("${path.module}/manifests/proxy-service.yml.tpl") + vars = { + environment_domain = var.environment_domain + environment_namespace = var.environment_namespace + bucket_uri = data.aws_s3_bucket.bucket_domain_name + } +} +resource "kubectl_manifest" "proxy_service" { + yaml_body = data.template_file.proxy_service.rendered + + depends_on = [ + aws_route53_record.naked, + aws_route53_record.wildcard, + ] +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/main.tf index bbbefd07..eeef5723 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/main.tf @@ -6,42 +6,19 @@ # # usage: build an EKS cluster load balancer #------------------------------------------------------------------------------ - -#data "tls_certificate" "cluster" { -# url = data.aws_eks_cluster.eks.identity[0].oidc[0].issuer -#} - -data "aws_eks_cluster" "eks" { - name = var.shared_resource_namespace -} - -data "aws_eks_cluster" "cluster" { - name = var.shared_resource_namespace +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/kubernetes_ingress_clb" + } + ) } -data "aws_eks_cluster_auth" "cluster" { - name = var.shared_resource_namespace -} - -provider "kubernetes" { - host = data.aws_eks_cluster.cluster.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) - token = data.aws_eks_cluster_auth.cluster.token -} - -provider "helm" { - kubernetes { - host = data.aws_eks_cluster.cluster.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) - token = data.aws_eks_cluster_auth.cluster.token - } -} - -data "kubernetes_service" "ingress_nginx_controller" { - metadata { - name = "common-ingress-nginx-controller" - namespace = "kube-system" - } +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" } - -data "aws_elb_hosted_zone_id" "main" {} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/manifests/ingress.yml.tpl b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/manifests/ingress.yml.tpl index e57c1625..78279a62 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/manifests/ingress.yml.tpl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/manifests/ingress.yml.tpl @@ -38,6 +38,25 @@ metadata: # --------------------- nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + + # mcdaniel mar-2023 + # duplicate eduNEXT scorm Xblock proxy configuration + # ------------------------------------------------------------------------- + # see (better): https://github.com/kubernetes/ingress-nginx/issues/6165#issuecomment-692684553 + # see: https://github.com/kubernetes/ingress-nginx/issues/4280 + # + # how it works in Caddy: + # ---------------------- + # @scorm_matcher { + # path /scorm-proxy/* + # } + # route @scorm_matcher { + # uri /scorm-proxy/* strip_prefix /scorm-proxy + # reverse_proxy https://codlp-global-pre-staging-storage.s3.amazonaws.com { + # header_up Host codlp-global-pre-staging-storage.s3.amazonaws.com + # } + # } + spec: tls: - hosts: @@ -55,6 +74,13 @@ spec: name: lms port: number: 8000 + - path: /scorm-proxy/ + pathType: Prefix + backend: + service: + name: scorm-proxy-service + port: + number: 8000 - host: "preview.${environment_domain}" http: paths: @@ -75,6 +101,13 @@ spec: name: cms port: number: 8000 + - path: /scorm-proxy/ + pathType: Prefix + backend: + service: + name: scorm-proxy-service + port: + number: 8000 - host: discovery.${environment_domain} http: paths: diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/manifests/proxy-service.yml.tpl b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/manifests/proxy-service.yml.tpl new file mode 100644 index 00000000..f7910a6a --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/manifests/proxy-service.yml.tpl @@ -0,0 +1,11 @@ +# +# part of the eduNEXT scorm proxy solution +# +kind: Service +apiVersion: v1 +metadata: + name: scorm-proxy-service + namespace: ${naenvironment_namespacemespace} +spec: + type: ExternalName + externalName: ${bucket_uri} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/providers.tf new file mode 100644 index 00000000..109cd596 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/providers.tf @@ -0,0 +1,34 @@ +data "aws_eks_cluster" "eks" { + name = var.shared_resource_namespace +} + +data "aws_eks_cluster" "cluster" { + name = var.shared_resource_namespace +} + +data "aws_eks_cluster_auth" "cluster" { + name = var.shared_resource_namespace +} + +data "kubernetes_service" "ingress_nginx_controller" { + metadata { + name = "common-ingress-nginx-controller" + namespace = "kube-system" + } +} + +data "aws_elb_hosted_zone_id" "main" {} + +provider "kubernetes" { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.cluster.token +} + +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.cluster.token + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/variables.tf index 50f43a61..edf2d1a4 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_ingress_clb/variables.tf @@ -35,3 +35,7 @@ variable "tags" { type = map(string) default = {} } + +variable "s3_bucket_storage" { + type = string +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/README.md new file mode 100644 index 00000000..3b3ecb08 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/README.md @@ -0,0 +1,21 @@ +# Environment Specific Open edX Credentials + +Creates Kuberenetes secrets for the following Open edX passwords and credentials in this environment: + +- Open edX admin user account name and password +- ecommerce-config +- Django application edx-secret-key for this environment +- Javascript Web Token (jwt) for lms and cms for this environment +- Open edX License Manager oauth for this environment +- MongoDB host name, port, admin account name and password for this stack +- MongoDB host name, port, openedx account name and password for this environment +- MySQL host name, port, openedx account name and password for this environment +- MySQL host name, port, Discovery Service account name and password for this environment +- MySQL host name, port, Xqueue Service account name and password for this environment +- MySQL host name, port, root account name and password for this stack +- Redis host name, port, environment key +- AWS IAM key-secret for read-write access to AWS S3 buckets for this environment + +## Additional Features + +This module integrates [cookiecutter_meta](../../../common/cookiecutter_meta/README.md), which manages an optional additional set of AWS resource tags. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/main.tf new file mode 100644 index 00000000..4f20b140 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/main.tf @@ -0,0 +1,16 @@ +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/kubernetes_secrets" + } + ) +} + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/providers.tf similarity index 100% rename from {{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/kubernetes.tf rename to {{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/providers.tf diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/variables.tf index 66af35aa..635d0d0c 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/variables.tf @@ -17,3 +17,9 @@ variable "resource_name" { variable "root_domain" { type = string } + +variable "tags" { + description = "collection of all tags to add to this resource. execting the combination of global + environment + resouce tags." + type = map(string) + default = {} +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/versions.tf index 215ef597..5bf2ccc8 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/kubernetes_secrets/versions.tf @@ -10,7 +10,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } local = { source = "hashicorp/local" diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/README.md new file mode 100644 index 00000000..b151f893 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/README.md @@ -0,0 +1,10 @@ +# Environment Specific MongoDB Configuration + +Creates environment specific configuration for the Stack-level MonogDB service. Creates the following resources: + +- Kubernetes secret with MongoDB host, port, username, password +- DNS record added to the environment AWS Route53 Hosted Zone + +## Additional Features + +This module integrates [cookiecutter_meta](../../../common/cookiecutter_meta/README.md), which manages an optional additional set of AWS resource tags. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/kubernetes.tf index 438766b8..d3e6f656 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/kubernetes.tf @@ -7,21 +7,6 @@ # usage: create environment connection resources for remote MongoDB instance. # store the MongoDB credentials in Kubernetes Secrets #------------------------------------------------------------------------------ -data "aws_eks_cluster" "eks" { - name = var.resource_name -} - -data "aws_eks_cluster_auth" "eks" { - name = var.resource_name -} - -provider "kubernetes" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.eks.token -} - - # Retrieve the mongodb_admin connection parameters from the shared resource namespace. # we'll refer to this data for the HOST and PORT assignments on all other MySQL # secrets. @@ -55,25 +40,25 @@ resource "kubernetes_secret" "openedx" { data = { # see: https://docs.tutor.overhang.io/configuration.html # ------------------------------------------------------------------------- - MONGODB_DATABASE = substr("${var.db_prefix}_edx", -32, -1) - MONGODB_HOST = data.kubernetes_secret.mongodb_admin.data.MONGODB_HOST - MONGODB_USERNAME = "" - MONGODB_PASSWORD = "" + MONGODB_DATABASE = substr("${var.db_prefix}_edx", -32, -1) + MONGODB_HOST = data.kubernetes_secret.mongodb_admin.data.MONGODB_HOST + MONGODB_USERNAME = "" + MONGODB_PASSWORD = "" # you can harden security by adding auth # credentials here #MONGODB_USERNAME = substr("${var.db_prefix}_edx", -32, -1) #MONGODB_PASSWORD = random_password.mongodb_openedx.result - MONGODB_PORT = data.kubernetes_secret.mongodb_admin.data.MONGODB_PORT - MONGODB_USE_SSL = "false" - MONGODB_REPLICA_SET = "" - MONGODB_AUTH_MECHANISM = "" - MONGODB_AUTH_SOURCE = "admin" + MONGODB_PORT = data.kubernetes_secret.mongodb_admin.data.MONGODB_PORT + MONGODB_USE_SSL = "false" + MONGODB_REPLICA_SET = "" + MONGODB_AUTH_MECHANISM = "" + MONGODB_AUTH_SOURCE = "admin" # see: https://github.com/overhangio/tutor-forum # ------------------------------------------------------------------------- - FORUM_MONGODB_DATABASE = substr("${var.db_prefix}_cs_comments", -32, -1) - FORUM_MONGODB_USE_SSL = "false" - FORUM_MONGODB_AUTH_SOURCE = "" - FORUM_MONGODB_AUTH_MECH = "" + FORUM_MONGODB_DATABASE = substr("${var.db_prefix}_cs_comments", -32, -1) + FORUM_MONGODB_USE_SSL = "false" + FORUM_MONGODB_AUTH_SOURCE = "" + FORUM_MONGODB_AUTH_MECH = "" } } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/main.tf index 7e92d6f2..0cefc225 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/main.tf @@ -6,3 +6,19 @@ # # usage: create environment connection resources for remote MongoDB instance. #------------------------------------------------------------------------------ +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/mongodb" + } + ) +} + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/providers.tf new file mode 100644 index 00000000..57e8384d --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/providers.tf @@ -0,0 +1,13 @@ +data "aws_eks_cluster" "eks" { + name = var.resource_name +} + +data "aws_eks_cluster_auth" "eks" { + name = var.resource_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.eks.token +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/variables.tf index bb0d4e00..52f9a9a5 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mongodb/variables.tf @@ -27,3 +27,9 @@ variable "environment_namespace" { variable "db_prefix" { type = string } + +variable "tags" { + description = "collection of all tags to add to this resource. execting the combination of global + environment + resouce tags." + type = map(string) + default = {} +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/README.md new file mode 100644 index 00000000..5e062e5b --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/README.md @@ -0,0 +1,10 @@ +# Environment Specific MySQL Configuration + +Creates environment specific configuration for the Stack-level [AWS RDS MySQL](https://aws.amazon.com/rds/) service. Creates the following resources: + +- Kubernetes secret with MySQL host, port, username, password +- DNS record added to the environment AWS Route53 Hosted Zone + +## Additional Features + +This module integrates [cookiecutter_meta](../../../common/cookiecutter_meta/README.md), which manages an optional additional set of AWS resource tags. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/kubernetes.tf index 2f369d3e..5fde5556 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/kubernetes.tf @@ -7,21 +7,6 @@ # usage: create an RDS MySQL instance. # store the MySQL credentials in Kubernetes Secrets #------------------------------------------------------------------------------ -data "aws_eks_cluster" "eks" { - name = var.resource_name -} - -data "aws_eks_cluster_auth" "eks" { - name = var.resource_name -} - -provider "kubernetes" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.eks.token -} - - # Retrieve the mysql_root connection parameters from the shared resource namespace. # we'll refer to this data for the HOST and PORT assignments on all other MySQL # secrets. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/main.tf index 817aea01..1d7b7e8f 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/main.tf @@ -6,3 +6,19 @@ # # usage: create an RDS MySQL instance. #------------------------------------------------------------------------------ +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/mysql" + } + ) +} + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/providers.tf new file mode 100644 index 00000000..57e8384d --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/providers.tf @@ -0,0 +1,13 @@ +data "aws_eks_cluster" "eks" { + name = var.resource_name +} + +data "aws_eks_cluster_auth" "eks" { + name = var.resource_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.eks.token +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/variables.tf index 1a687361..0e74a30c 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/variables.tf @@ -35,3 +35,9 @@ variable "db_instance_id" { variable "db_prefix" { type = string } + +variable "tags" { + description = "collection of all tags to add to this resource. execting the combination of global + environment + resouce tags." + type = map(string) + default = {} +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/versions.tf index e2e8b255..a0a0a7a5 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/mysql/versions.tf @@ -12,7 +12,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/README.md new file mode 100644 index 00000000..48e3ce2b --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/README.md @@ -0,0 +1,10 @@ +# Environment Specific AWS ElastiCache Redis Configuration + +Creates environment specific configuration for the Stack-level MonogDB service. Creates the following resources: + +- Kubernetes secret with [AWS ElastiCache](https://aws.amazon.com/elasticache/) Redis Service host, port, username, password +- DNS record added to the environment AWS Route53 Hosted Zone + +## Additional Features + +This module integrates [cookiecutter_meta](../../../common/cookiecutter_meta/README.md), which manages an optional additional set of AWS resource tags. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/kubernetes.tf index f4a4cff0..c442dc45 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/kubernetes.tf @@ -7,20 +7,6 @@ # usage: create an ElastiCache Redis cache # stored cache credentials in Kubernetes Secrets. #------------------------------------------------------------------------------ -data "aws_eks_cluster" "eks" { - name = var.shared_resource_namespace -} - -data "aws_eks_cluster_auth" "eks" { - name = var.shared_resource_namespace -} - -provider "kubernetes" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.eks.token -} - resource "kubernetes_secret" "environment_redis" { metadata { name = "redis" diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/main.tf index e69de29b..40b5a70e 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/main.tf @@ -0,0 +1,16 @@ +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/redis" + } + ) +} + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/providers.tf new file mode 100644 index 00000000..35cf28f5 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/providers.tf @@ -0,0 +1,13 @@ +data "aws_eks_cluster" "eks" { + name = var.shared_resource_namespace +} + +data "aws_eks_cluster_auth" "eks" { + name = var.shared_resource_namespace +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.eks.token +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/versions.tf index dd41b8e9..30701079 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/redis/versions.tf @@ -12,7 +12,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/README.md new file mode 100644 index 00000000..b0f8e0e8 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/README.md @@ -0,0 +1,17 @@ +# Environment Specific Remote Storage + +Creates dedicated AWS S3 Buckets for storage, backups, and secrets management. Creates the following resources: + +- s3://{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-{{ cookiecutter.environment_name }}-storage +- s3://{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-{{ cookiecutter.environment_name }}-backups +- s3://{{ cookiecutter.global_platform_name }}-{{ cookiecutter.global_platform_region }}-{{ cookiecutter.environment_name }}-secrets +- AWS IAM user + key-secret to facilitate programatic bucket access via awscli from within Open edX software +- Kubernetes secret created with the namespace for this environment, containing all AWS S3 bucket meta data and credentials + +## Note the following + +The AWS S3 bucket is configured to allow publicly accessible content. However, you must manually and explicitly make content public in order for it to be viewable from the CDN created by this module. Moreover, you should remain aware that this bucket by default contains a collections of mixed content originating from various parts of the openedx platform, including profile images, course content, grade downloads, and so on. It is possible to customize this behavior in order to segregate content that you may deem too sensitive. See [openedx-actions/tutor-plugin-enable-s3](https://github.com/openedx-actions/tutor-plugin-enable-s3) and [hastexo/tutor-contrib-s3](https://github.com/hastexo/tutor-contrib-s3), called from Github Actions Deployment workflows in this repo. + +## Additional Features + +This module integrates [cookiecutter_meta](../../../common/cookiecutter_meta/README.md), which manages an optional additional set of AWS resource tags. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/iam.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/iam.tf similarity index 86% rename from {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/iam.tf rename to {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/iam.tf index 4c3675a3..9cbd3d77 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/iam.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/iam.tf @@ -31,6 +31,15 @@ resource "random_id" "id" { resource "aws_iam_user" "user" { name = "s3-openedx-user-${random_id.id.hex}" path = "/system/s3-bucket-user/" + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_iam_user" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) + } data "aws_iam_policy_document" "user_policy" { diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/kubernetes.tf similarity index 58% rename from {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/kubernetes.tf rename to {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/kubernetes.tf index c896cdb3..f4bae792 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/kubernetes.tf @@ -1,17 +1,3 @@ -data "aws_eks_cluster" "eks" { - name = var.kubernetes_name -} - -data "aws_eks_cluster_auth" "eks" { - name = var.kubernetes_name -} - -provider "kubernetes" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.eks.token -} - resource "kubernetes_secret" "s3" { metadata { name = var.secret_name diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/main.tf similarity index 52% rename from {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/main.tf rename to {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/main.tf index d89bc9c8..33418b9c 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/main.tf @@ -6,3 +6,19 @@ # # usage: create an AWS S3 bucket to offload Open edX file storage. #------------------------------------------------------------------------------ + +locals { + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/s3" + } + ) + +} + +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/openedx_backups.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/openedx_backups.tf similarity index 75% rename from {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/openedx_backups.tf rename to {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/openedx_backups.tf index 8777685f..ded93176 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/openedx_backups.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/openedx_backups.tf @@ -9,11 +9,19 @@ module "openedx_backup" { source = "terraform-aws-modules/s3-bucket/aws" - version = "{{ cookiecutter.terraform_aws_modules_s3 }}" + version = "~> {{ cookiecutter.terraform_aws_modules_s3 }}" bucket = var.resource_name_backup acl = "private" + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "terraform-aws-modules/s3-bucket/aws" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_aws_modules_s3 }}" + } + ) + versioning = { enabled = true } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/openedx_secrets.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/openedx_secrets.tf similarity index 65% rename from {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/openedx_secrets.tf rename to {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/openedx_secrets.tf index 0925780e..68c1ddb4 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/openedx_secrets.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/openedx_secrets.tf @@ -9,11 +9,19 @@ module "openedx_secrets" { source = "terraform-aws-modules/s3-bucket/aws" - version = "{{ cookiecutter.terraform_aws_modules_s3 }}" + version = "~> {{ cookiecutter.terraform_aws_modules_s3 }}" bucket = var.resource_name_secrets acl = "private" + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "terraform-aws-modules/s3-bucket/aws" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_aws_modules_s3 }}" + } + ) + block_public_acls = true block_public_policy = true diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/openedx_storage.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/openedx_storage.tf similarity index 82% rename from {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/openedx_storage.tf rename to {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/openedx_storage.tf index fb7d96fd..ca7ad440 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/openedx_storage.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/openedx_storage.tf @@ -9,11 +9,19 @@ module "openedx_storage" { source = "terraform-aws-modules/s3-bucket/aws" - version = "{{ cookiecutter.terraform_aws_modules_s3 }}" + version = "~> {{ cookiecutter.terraform_aws_modules_s3 }}" bucket = var.resource_name_storage acl = "private" + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "terraform-aws-modules/s3-bucket/aws" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_aws_modules_s3 }}" + } + ) + control_object_ownership = true object_ownership = "BucketOwnerPreferred" @@ -37,13 +45,13 @@ module "openedx_storage" { "http://${var.environment_studio_domain}" ] allowed_headers = ["*"] - expose_headers = [ + expose_headers = [ "Access-Control-Allow-Origin", "Access-Control-Allow-Method", "Access-Control-Allow-Header" ] max_age_seconds = 3000 - } + } ] versioning = { enabled = false diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/outputs.tf similarity index 100% rename from {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/outputs.tf rename to {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/outputs.tf diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/providers.tf new file mode 100644 index 00000000..bd888608 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/providers.tf @@ -0,0 +1,13 @@ +data "aws_eks_cluster" "eks" { + name = var.kubernetes_name +} + +data "aws_eks_cluster_auth" "eks" { + name = var.kubernetes_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.eks.token +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/variables.tf similarity index 100% rename from {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/variables.tf rename to {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/variables.tf diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/versions.tf similarity index 91% rename from {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/versions.tf rename to {{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/versions.tf index c6b6dd9d..f78c7ceb 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3_openedx_storage/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/s3/versions.tf @@ -12,7 +12,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } local = { source = "hashicorp/local" diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/README.md b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/README.md new file mode 100644 index 00000000..53bf9552 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/README.md @@ -0,0 +1,13 @@ +# Environment Specific Virtual Private Cloud Configuration + +Creates the following environment specific resources inside of the stack-level Virtual Private Cloud: + +- AWS Route53 Hosted Zone for management of the environment subdomain +- DNS NS records to link the AWS Route53 Hosted zone to the root domain + +## Note the following + + +## Additional Features + +This module integrates [cookiecutter_meta](../../../common/cookiecutter_meta/README.md), which manages an optional additional set of AWS resource tags. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/main.tf new file mode 100644 index 00000000..89e103f9 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/main.tf @@ -0,0 +1,20 @@ +locals { + s3_bucket_name = var.resource_name + s3_bucket_domain = "${local.s3_bucket_name}.s3.${var.aws_region}.amazonaws.com" + cdn_name = "cdn.${var.environment_domain}" + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/vpn" + } + ) +} + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/route53.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/route53.tf index ab07e0ed..7b6ffde4 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/route53.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/route53.tf @@ -6,14 +6,19 @@ # # usage: Add DNS records. #------------------------------------------------------------------------------ - data "aws_route53_zone" "root_domain" { name = var.root_domain } resource "aws_route53_zone" "environment_domain" { name = var.environment_domain - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_route53_zone" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } resource "aws_route53_record" "environment_domain-ns" { diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/versions.tf index efd9a51b..02d1cb1a 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/vpc/versions.tf @@ -12,7 +12,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } local = { source = "hashicorp/local" diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/ebs_volume.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/ebs_volume.tf index 9e4bef3f..d4bf4b4b 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/ebs_volume.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/ebs_volume.tf @@ -35,7 +35,7 @@ resource "kubernetes_persistent_volume_claim" "wordpress" { } spec { - access_modes = ["ReadWriteOnce"] + access_modes = ["ReadWriteOnce"] storage_class_name = "gp2" resources { requests = { @@ -45,6 +45,14 @@ resource "kubernetes_persistent_volume_claim" "wordpress" { volume_name = kubernetes_persistent_volume.wordpress.metadata.0.name } + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_ebs_volume" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) + depends_on = [ kubernetes_persistent_volume.wordpress ] @@ -52,13 +60,13 @@ resource "kubernetes_persistent_volume_claim" "wordpress" { resource "kubernetes_persistent_volume" "wordpress" { metadata { - name = local.wordpressDomain + name = local.wordpressDomain labels = { "topology.kubernetes.io/region" = "${var.aws_region}" - "topology.kubernetes.io/zone" = "${aws_ebs_volume.wordpress.availability_zone}" - "ebs_volume_id" = "${aws_ebs_volume.wordpress.id}" - "name" = "${local.wordpressDomain}" - "namespace" = "${local.wordpressNamespace}" + "topology.kubernetes.io/zone" = "${aws_ebs_volume.wordpress.availability_zone}" + "ebs_volume_id" = "${aws_ebs_volume.wordpress.id}" + "name" = "${local.wordpressDomain}" + "namespace" = "${local.wordpressNamespace}" } annotations = { } @@ -66,28 +74,28 @@ resource "kubernetes_persistent_volume" "wordpress" { spec { capacity = { - storage = "${local.persistenceSize}Gi" + storage = "${local.persistenceSize}Gi" } - access_modes = ["ReadWriteOnce"] + access_modes = ["ReadWriteOnce"] storage_class_name = "gp2" persistent_volume_source { aws_elastic_block_store { volume_id = aws_ebs_volume.wordpress.id - fs_type = "ext4" + fs_type = "ext4" } } node_affinity { required { node_selector_term { match_expressions { - key = "topology.kubernetes.io/zone" + key = "topology.kubernetes.io/zone" operator = "In" - values = ["${aws_ebs_volume.wordpress.availability_zone}"] + values = ["${aws_ebs_volume.wordpress.availability_zone}"] } match_expressions { - key = "topology.kubernetes.io/region" + key = "topology.kubernetes.io/region" operator = "In" - values = ["${var.aws_region}"] + values = ["${var.aws_region}"] } } } @@ -106,7 +114,15 @@ resource "kubernetes_persistent_volume" "wordpress" { resource "aws_ebs_volume" "wordpress" { availability_zone = data.aws_subnet.private_subnet.availability_zone size = local.persistenceSize - tags = var.tags + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_ebs_volume" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) + # local.ebsVolumePreventDestroy defaults to 'Y' # for anything other than an upper case 'N' we'll assume that diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/kubernetes.tf index ac7e7b96..5d5dfbb7 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/kubernetes.tf @@ -12,24 +12,3 @@ resource "kubernetes_namespace" "wordpress" { name = local.wordpressNamespace } } - - -data "aws_eks_cluster" "eks" { - name = var.shared_resource_namespace -} - -data "aws_eks_cluster_auth" "eks" { - name = var.shared_resource_namespace -} - -provider "kubernetes" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.eks.token -} - -provider "kubectl" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority.0.data) - token = data.aws_eks_cluster_auth.eks.token -} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/main.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/main.tf index a8e5adac..a76f0c30 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/main.tf @@ -45,6 +45,16 @@ locals { HorizontalAutoscalingMinReplicas = 1 HorizontalAutoscalingMaxReplicas = 1 externalCachePort = "11211" + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/environments/modules/wordpress" + "cookiecutter/resource/source" = "bitnami/wordpress" + "cookiecutter/resource/version" = "{{ cookiecutter.wordpress_helm_chart_version }}" + } + ) } @@ -124,3 +134,22 @@ resource "null_resource" "wordpress_post_deployment" { helm_release.wordpress ] } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} + +resource "kubernetes_secret" "cookiecutter" { + metadata { + name = "cookiecutter" + namespace = var.cert_manager_namespace + } + + # https://stackoverflow.com/questions/64134699/terraform-map-to-string-value + data = { + tags = jsonencode(local.tags) + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/outputs.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/outputs.tf index 10831d0c..5fe379d7 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/outputs.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/outputs.tf @@ -11,7 +11,7 @@ output "wordpressConfig" { } output "tags" { - value = var.tags + value = local.tags } output "wordpress-id" { diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/providers.tf new file mode 100644 index 00000000..091ea2fc --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/providers.tf @@ -0,0 +1,19 @@ +data "aws_eks_cluster" "eks" { + name = var.shared_resource_namespace +} + +data "aws_eks_cluster_auth" "eks" { + name = var.shared_resource_namespace +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.eks.token +} + +provider "kubectl" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.eks.token +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/variables.tf index f9d58ed6..888f3f92 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/variables.tf @@ -18,10 +18,6 @@ variable "wordpressConfig" { type = map(string) } -variable "tags" { - type = map(string) -} - variable "aws_region" { type = string } @@ -49,3 +45,9 @@ variable "resource_quota_memory" { variable "subnet_ids" { type = list(string) } + +variable "tags" { + description = "collection of all tags to add to this resource. execting the combination of global + environment + resouce tags." + type = map(string) + default = {} +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/versions.tf index f2de1571..3ab34592 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/modules/wordpress/versions.tf @@ -12,7 +12,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } local = { source = "hashicorp/local" diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/cloudfront/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/cloudfront/terragrunt.hcl index 2a81b630..00be8537 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/cloudfront/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/cloudfront/terragrunt.hcl @@ -29,7 +29,7 @@ locals { dependencies { paths = [ "../../../stacks/{{ cookiecutter.global_platform_shared_resource_identifier }}/vpc", - "../s3_openedx_storage", + "../s3", "../vpc", "../acm" ] @@ -50,8 +50,8 @@ dependency "vpc" { } -dependency "s3_openedx_storage" { - config_path = "../s3_openedx_storage" +dependency "s3" { + config_path = "../s3" # Configure mock outputs for the `validate` and `init` commands that are returned when there are no outputs available (e.g the # module hasn't been applied yet. diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/env.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/env.hcl index 0834c282..7c11dd0f 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/env.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/env.hcl @@ -17,6 +17,9 @@ locals { environment_namespace = "${local.global_vars.locals.platform_name}-${local.global_vars.locals.platform_region}-${local.environment}" shared_resource_namespace = local.global_vars.locals.shared_resource_namespace db_prefix = replace(replace("${local.global_vars.locals.platform_name}_${local.environment}", ".", ""), "-", "") + s3_bucket_storage = "${local.environment_namespace}-storage" + s3_bucket_backup = "${local.environment_namespace}-backup" + s3_bucket_secrets = "${local.environment_namespace}-storage" tags = merge( local.global_vars.locals.tags, diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes_ingress_clb/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes_ingress_clb/terragrunt.hcl index ee5976b8..09e5b833 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes_ingress_clb/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes_ingress_clb/terragrunt.hcl @@ -14,7 +14,7 @@ locals { # Extract out common variables for reuse shared_resource_namespace = local.global_vars.locals.shared_resource_namespace root_domain = local.global_vars.locals.root_domain - services_subdomain = local.global_vars.locals.services_subdomain + services_subdomain = local.global_vars.locals.services_subdomain platform_name = local.global_vars.locals.platform_name platform_region = local.global_vars.locals.platform_region account_id = local.global_vars.locals.account_id @@ -22,6 +22,7 @@ locals { environment_namespace = local.environment_vars.locals.environment_namespace environment_domain = local.environment_vars.locals.environment_domain studio_subdomain = local.global_vars.locals.studio_subdomain + s3_bucket_storage = local.environment_vars.locals.s3_bucket_storage tags = merge( local.environment_vars.locals.tags, @@ -92,11 +93,12 @@ include { # These are the variables we have to pass in to use the module specified in the terragrunt configuration above inputs = { - aws_region = local.aws_region - environment_domain = local.environment_domain - environment_namespace = local.environment_namespace - studio_subdomain = local.studio_subdomain - shared_resource_namespace = local.shared_resource_namespace - root_domain = local.root_domain - tags = local.tags + aws_region = local.aws_region + environment_domain = local.environment_domain + environment_namespace = local.environment_namespace + studio_subdomain = local.studio_subdomain + shared_resource_namespace = local.shared_resource_namespace + root_domain = local.root_domain + s3_bucket_storage = local.s3_bucket_storage + tags = local.tags } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes_secrets/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes_secrets/terragrunt.hcl index 46607c0a..04c29cc6 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes_secrets/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/kubernetes_secrets/terragrunt.hcl @@ -15,6 +15,11 @@ locals { environment = local.environment_vars.locals.environment resource_name = local.environment_vars.locals.shared_resource_namespace root_domain = local.global_vars.locals.root_domain + + tags = merge( + local.environment_vars.locals.tags, + { Name = "${local.resource_name}" } + ) } @@ -85,4 +90,5 @@ inputs = { resource_name = local.resource_name environment_namespace = local.environment_namespace root_domain = local.root_domain + tags = local.tags } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mongodb/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mongodb/terragrunt.hcl index e5ff9234..171e7eb4 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mongodb/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mongodb/terragrunt.hcl @@ -16,6 +16,11 @@ locals { environment_namespace = local.environment_vars.locals.environment_namespace shared_resource_namespace = local.environment_vars.locals.shared_resource_namespace db_prefix = local.environment_vars.locals.db_prefix + + tags = merge( + local.environment_vars.locals.tags, + { Name = "${local.resource_name}" } + ) } dependencies { @@ -99,4 +104,5 @@ inputs = { environment_domain = local.environment_domain environment_namespace = local.environment_namespace shared_resource_namespace = local.shared_resource_namespace + tags = local.tags } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mysql/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mysql/terragrunt.hcl index 41a4a2c7..d2026b02 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mysql/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/mysql/terragrunt.hcl @@ -17,6 +17,11 @@ locals { shared_resource_namespace = local.environment_vars.locals.shared_resource_namespace environment = local.environment_vars.locals.environment db_prefix = local.environment_vars.locals.db_prefix + + tags = merge( + local.environment_vars.locals.tags, + { Name = "${local.resource_name}" } + ) } dependencies { @@ -102,4 +107,5 @@ inputs = { environment_domain = local.environment_domain environment_namespace = local.environment_namespace shared_resource_namespace = local.shared_resource_namespace + tags = local.tags } diff --git a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/s3_openedx_storage/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/s3/terragrunt.hcl similarity index 89% rename from {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/s3_openedx_storage/terragrunt.hcl rename to {{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/s3/terragrunt.hcl index 1ba86879..c860c43e 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/s3_openedx_storage/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/environments/{{cookiecutter.environment_name}}/s3/terragrunt.hcl @@ -14,17 +14,13 @@ locals { # Extract out common variables for reuse kubernetes_name = local.environment_vars.locals.shared_resource_namespace aws_region = local.global_vars.locals.aws_region - resource_name_storage = "${local.environment_vars.locals.environment_namespace}-storage" - resource_name_backup = "${local.environment_vars.locals.environment_namespace}-backup" - resource_name_secrets = "${local.environment_vars.locals.environment_namespace}-secrets" + resource_name_storage = local.environment_vars.locals.s3_bucket_storage + resource_name_backup = local.environment_vars.locals.s3_bucket_backup + resource_name_secrets = local.environment_vars.locals.s3_bucket_secrets environment_domain = local.environment_vars.locals.environment_domain environment_studio_domain = "${local.environment_vars.locals.environment_studio_subdomain}.${local.environment_domain}" environment_namespace = local.environment_vars.locals.environment_namespace - - tags = merge( - local.environment_vars.locals.tags, - { Name = "${local.environment_vars.locals.environment_namespace}" } - ) + tags = local.environment_vars.locals.tags } @@ -79,7 +75,7 @@ dependency "kubernetes" { # Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the # working directory, into a temporary folder, and execute your Terraform commands in that folder. terraform { - source = "../../modules//s3_openedx_storage" + source = "../../modules//s3" } # Include all settings from the root terragrunt.hcl file diff --git a/{{cookiecutter.github_repo_name}}/terraform/global.hcl b/{{cookiecutter.github_repo_name}}/terraform/global.hcl index 64e8e40c..8d6f4a6d 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/global.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/global.hcl @@ -19,12 +19,13 @@ locals { studio_subdomain = "{{ cookiecutter.environment_studio_subdomain }}" tags = { - "cookiecutter/platform_name" = local.platform_name - "cookiecutter/platform_region" = local.platform_region - "cookiecutter/shared_resource_identifier" = local.shared_resource_identifier - "cookiecutter/root_domain" = local.root_domain - "cookiecutter/services_subdomain" = local.services_subdomain - "cookiecutter/terraform" = "true" + "cookiecutter/global/platform_name" = local.platform_name + "cookiecutter/global/platform_region" = local.platform_region + "cookiecutter/global/shared_resource_identifier" = local.shared_resource_identifier + "cookiecutter/global/shared_resource_namespace" = local.shared_resource_namespace + "cookiecutter/global/root_domain" = local.root_domain + "cookiecutter/global/services_subdomain" = local.services_subdomain + "cookiecutter/global/aws_region" = local.aws_region } } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/etc/update-motd.d/09-welcome-banner.tpl b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/etc/update-motd.d/09-welcome-banner.tpl index 6dd7c574..96358646 100755 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/etc/update-motd.d/09-welcome-banner.tpl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/etc/update-motd.d/09-welcome-banner.tpl @@ -5,7 +5,7 @@ # # date: aug-2022 # -# usage: print the login banner for openedx_devops cookiecutter. +# usage: print the login banner #------------------------------------------------------------------------------ COLUMNS=78 title="Welcome to the Bastion Server for ${platform_name}" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/etc/update-motd.d/10-help-text.tpl b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/etc/update-motd.d/10-help-text.tpl index aeab642b..3eb53c78 100755 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/etc/update-motd.d/10-help-text.tpl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/etc/update-motd.d/10-help-text.tpl @@ -5,7 +5,7 @@ # # date: aug-2022 # -# usage: print the login help menu for openedx_devops cookiecutter. +# usage: print the login help menu #------------------------------------------------------------------------------ printf " Installed Applications\n" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/kubernetes.tf index 6b829f86..72e4af62 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/kubernetes.tf @@ -7,20 +7,6 @@ # usage: create an RDS MySQL instance. # store the MySQL credentials in Kubernetes Secrets #------------------------------------------------------------------------------ -data "aws_eks_cluster" "eks" { - name = var.resource_name -} - -data "aws_eks_cluster_auth" "eks" { - name = var.resource_name -} - -provider "kubernetes" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.eks.token -} - resource "kubernetes_secret" "ssh_secret" { metadata { name = "bastion-ssh-key" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/main.tf index c834fd58..284e3d91 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/main.tf @@ -8,6 +8,16 @@ #------------------------------------------------------------------------------ locals { hostname = "bastion.${var.services_subdomain}" + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/ec2_bastion" + "cookiecutter/module/version" = "" + } + ) + } resource "aws_instance" "bastion" { @@ -18,7 +28,14 @@ resource "aws_instance" "bastion" { subnet_id = var.subnet_ids[random_integer.subnet_id.result] monitoring = false ebs_optimized = false - tags = var.tags + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_instance" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) vpc_security_group_ids = [ resource.aws_security_group.sg_bastion.id, @@ -28,7 +45,13 @@ resource "aws_instance" "bastion" { root_block_device { delete_on_termination = true volume_size = var.volume_size - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_instance" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } # aws cli configuration @@ -43,13 +66,13 @@ resource "aws_instance" "bastion" { inline = [ "mkdir ~/.aws", "mkdir ~/scripts", - "rm -rf /tmp/openedx_devops", - "mkdir /tmp/openedx_devops", - "mkdir /tmp/openedx_devops/etc/", + "rm -rf /tmp/cookiecutter", + "mkdir /tmp/cookiecutter", + "mkdir /tmp/cookiecutter/etc/", "echo PATH='$HOME/scripts:$PATH' >> ~/.profile", # report what we've done so far - "echo created folder /tmp/openedx_devops", + "echo created folder /tmp/cookiecutter", "echo created folder ~/.aws", "echo created folder ~/scripts", "echo added ~/scripts to path", @@ -91,7 +114,7 @@ resource "aws_instance" "bastion" { } content = data.template_file.welcome_banner.rendered - destination = "/tmp/openedx_devops/etc/09-welcome-banner" + destination = "/tmp/cookiecutter/etc/09-welcome-banner" } provisioner "file" { @@ -103,7 +126,7 @@ resource "aws_instance" "bastion" { } content = data.template_file.help_text.rendered - destination = "/tmp/openedx_devops/etc/10-help-text" + destination = "/tmp/cookiecutter/etc/10-help-text" } # installation bootstrapper script @@ -171,7 +194,7 @@ resource "aws_instance" "bastion" { # "/home/ubuntu/scripts/install.sh", # 3.) clean up - "rm -rf /tmp/openedx_devops", + "rm -rf /tmp/cookiecutter", ] } @@ -235,11 +258,11 @@ data "aws_security_group" "stack-namespace-node" { # only allows public ssh access. resource "aws_security_group" "sg_bastion" { name_prefix = "${var.resource_name}-bastion" - description = "openedx_devops: Public ssh access" + description = "cookiecutter: Public ssh access" vpc_id = var.vpc_id ingress { - description = "openedx_devops: public ssh from anywhere" + description = "cookiecutter: public ssh from anywhere" from_port = 22 to_port = 22 protocol = "tcp" @@ -247,7 +270,7 @@ resource "aws_security_group" "sg_bastion" { } egress { - description = "openedx_devops: public ssh out to anywhere" + description = "cookiecutter: public ssh out to anywhere" from_port = 0 to_port = 0 protocol = "-1" @@ -255,7 +278,13 @@ resource "aws_security_group" "sg_bastion" { ipv6_cidr_blocks = ["::/0"] } - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_security_group" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } @@ -263,7 +292,13 @@ resource "aws_security_group" "sg_bastion" { # add to the root domain. resource "aws_eip" "bastion" { instance = aws_instance.bastion.id - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_eip" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } @@ -305,7 +340,13 @@ data "template_file" "update" { resource "aws_iam_user" "aws_cli" { name = "${var.resource_name}-bastion" path = "/system/bastion-user/" - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_iam_user" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } resource "aws_iam_access_key" "aws_cli" { @@ -359,3 +400,10 @@ data "template_file" "help_text" { aws_region = var.aws_region } } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/providers.tf new file mode 100644 index 00000000..57e8384d --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/providers.tf @@ -0,0 +1,13 @@ +data "aws_eks_cluster" "eks" { + name = var.resource_name +} + +data "aws_eks_cluster_auth" "eks" { + name = var.resource_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.eks.token +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/scripts/install-tasks.sh b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/scripts/install-tasks.sh index 7fd91166..1762fda2 100755 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/scripts/install-tasks.sh +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/scripts/install-tasks.sh @@ -11,12 +11,12 @@ #-------------------------------------------------------- -if [ -d "/tmp/openedx_devops/etc" ] +if [ -d "/tmp/cookiecutter/etc" ] then - sudo cp /tmp/openedx_devops/etc/09-welcome-banner /etc/update-motd.d/09-welcome-banner + sudo cp /tmp/cookiecutter/etc/09-welcome-banner /etc/update-motd.d/09-welcome-banner sudo chmod 755 /etc/update-motd.d/09-welcome-banner - sudo cp /tmp/openedx_devops/etc/10-help-text /etc/update-motd.d/10-help-text + sudo cp /tmp/cookiecutter/etc/10-help-text /etc/update-motd.d/10-help-text sudo chmod 755 /etc/update-motd.d/10-help-text # set execute permissions for only the banner components @@ -26,7 +26,7 @@ then sudo chmod 644 /etc/update-motd.d/85-fwupd sudo chmod 644 /etc/update-motd.d/88-esm-announce - echo "added openedx_devops login banner" + echo "added cookiecutter login banner" fi # setup a .kube/config file w correct permissions diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/versions.tf index 673cf644..cbaf7ad0 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/ec2_bastion/versions.tf @@ -20,7 +20,7 @@ terraform { } aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/addon_ebs_csi_driver.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/addon_ebs_csi_driver.tf index 02304a41..e848b594 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/addon_ebs_csi_driver.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/addon_ebs_csi_driver.tf @@ -39,7 +39,13 @@ resource "aws_iam_role" "AmazonEKS_EBS_CSI_DriverRole" { } ] }) - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_iam_role" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } # 3. Attach the required AWS managed policy to the role diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/main.tf index b6c601da..e969e353 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/main.tf @@ -16,54 +16,20 @@ locals { # Used by Karpenter config to determine correct partition (i.e. - `aws`, `aws-gov`, `aws-cn`, etc.) partition = data.aws_partition.current.partition -} - -resource "aws_security_group" "worker_group_mgmt" { - name_prefix = "${var.namespace}-eks_hosting_group_mgmt" - description = "openedx_devops: Ingress CLB worker group management" - vpc_id = var.vpc_id - - ingress { - description = "openedx_devops: Ingress CLB" - from_port = 22 - to_port = 22 - protocol = "tcp" - - cidr_blocks = [ - "10.0.0.0/8", - ] - } - - tags = var.tags - -} - -resource "aws_security_group" "all_worker_mgmt" { - name_prefix = "${var.namespace}-eks_all_worker_management" - description = "openedx_devops: Ingress CLB worker management" - vpc_id = var.vpc_id - ingress { - description = "openedx_devops: Ingress CLB" - from_port = 22 - to_port = 22 - protocol = "tcp" - - cidr_blocks = [ - "10.0.0.0/8", - "172.16.0.0/12", - "192.168.0.0/16", - ] - } - - tags = var.tags + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/kubernetes" + } + ) } - module "eks" { source = "terraform-aws-modules/eks/aws" - version = "{{ cookiecutter.terraform_aws_modules_eks }}" + version = "~> {{ cookiecutter.terraform_aws_modules_eks }}" cluster_name = var.namespace cluster_version = var.kubernetes_cluster_version cluster_endpoint_private_access = true @@ -93,11 +59,15 @@ module "eks" { aws_auth_users = var.map_users tags = merge( - var.tags, + local.tags, # Tag node group resources for Karpenter auto-discovery # NOTE - if creating multiple security groups with this module, only tag the # security group that Karpenter should utilize with the following tag - { "karpenter.sh/discovery" = var.namespace } + { "karpenter.sh/discovery" = var.namespace }, + { + "cookiecutter/resource/source" = "terraform-aws-modules/eks/aws" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_aws_modules_eks }}" + } ) cluster_addons = { @@ -118,7 +88,7 @@ module "eks" { node_security_group_additional_rules = { ingress_self_all = { - description = "openedx_devops: Node to node all ports/protocols" + description = "cookiecutter: Node to node all ports/protocols" protocol = "-1" from_port = 0 to_port = 0 @@ -129,7 +99,7 @@ module "eks" { ] } port_8443 = { - description = "openedx_devops: open port 8443 to vpc" + description = "cookiecutter: open port 8443 to vpc" protocol = "-1" from_port = 8443 to_port = 8443 @@ -137,7 +107,7 @@ module "eks" { source_node_security_group = true } egress_all = { - description = "openedx_devops: Node all egress" + description = "cookiecutter: Node all egress" protocol = "-1" from_port = 0 to_port = 0 @@ -178,8 +148,16 @@ module "eks" { instance_types = ["${var.eks_service_group_instance_type}"] tags = merge( - var.tags, - { Name = "eks-${var.shared_resource_identifier}" } + local.tags, + module.cookiecutter_meta.tags, + # Tag node group resources for Karpenter auto-discovery + # NOTE - if creating multiple security groups with this module, only tag the + # security group that Karpenter should utilize with the following tag + { Name = "eks-${var.shared_resource_identifier}-{{ cookiecutter.global_platform_shared_resource_identifier }}" }, + { + "cookiecutter/resource/source" = "terraform-aws-modules/eks/aws" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_aws_modules_eks }}" + } ) } @@ -204,14 +182,82 @@ module "eks" { instance_types = ["${var.eks_hosting_group_instance_type}"] tags = merge( - var.tags, - { Name = "eks-${var.shared_resource_identifier}-hosting" } + local.tags, + module.cookiecutter_meta.tags, + # Tag node group resources for Karpenter auto-discovery + # NOTE - if creating multiple security groups with this module, only tag the + # security group that Karpenter should utilize with the following tag + { Name = "eks-${var.shared_resource_identifier}-hosting" }, + { + "cookiecutter/resource/source" = "terraform-aws-modules/eks/aws" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_aws_modules_eks }}" + } ) } } } +#============================================================================== +# SUPPORTING RESOURCES +#============================================================================== + +resource "aws_security_group" "worker_group_mgmt" { + name_prefix = "${var.namespace}-eks_hosting_group_mgmt" + description = "cookiecutter: Ingress CLB worker group management" + vpc_id = var.vpc_id + + ingress { + description = "cookiecutter: Ingress CLB" + from_port = 22 + to_port = 22 + protocol = "tcp" + + cidr_blocks = [ + "10.0.0.0/8", + ] + } + + tags = merge( + local.tags, + { Name = "eks-${var.shared_resource_identifier}-worker_group_mgmt" }, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_security_group" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) +} + +resource "aws_security_group" "all_worker_mgmt" { + name_prefix = "${var.namespace}-eks_all_worker_management" + description = "cookiecutter: Ingress CLB worker management" + vpc_id = var.vpc_id + + ingress { + description = "cookiecutter: Ingress CLB" + from_port = 22 + to_port = 22 + protocol = "tcp" + + cidr_blocks = [ + "10.0.0.0/8", + "172.16.0.0/12", + "192.168.0.0/16", + ] + } + + tags = merge( + local.tags, + { Name = "eks-${var.shared_resource_identifier}-all_worker_mgmt" }, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_security_group" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) +} + + + resource "kubernetes_namespace" "namespace-shared" { metadata { name = var.namespace @@ -226,3 +272,10 @@ resource "kubernetes_namespace" "wordpress" { } depends_on = [module.eks] }{% endif -%} + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/variables.tf index f59a6427..0f0e72dd 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/variables.tf @@ -110,6 +110,6 @@ variable "bastion_iam_arn" { } variable "kms_key_owners" { - type = list + type = list(any) default = [] } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/versions.tf index 0a05429f..82ed8aed 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes/versions.tf @@ -18,7 +18,7 @@ terraform { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubectl = { source = "gavinbunney/kubectl" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/main.tf index 6c756223..412ed616 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/main.tf @@ -16,12 +16,16 @@ # helm show values jetstack/cert-manager #------------------------------------------------------------------------------ -data "template_file" "cert-manager-values" { - template = file("${path.module}/manifests/cert-manager-values.yaml.tpl") - vars = { - role_arn = module.cert_manager_irsa.iam_role_arn - namespace = var.cert_manager_namespace - } +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/kubernetes_cert_manager" + "cookiecutter/resource/source" = "jetstack/cert-manager" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_helm_cert_manager }}" + } + ) } resource "helm_release" "cert-manager" { @@ -31,7 +35,7 @@ resource "helm_release" "cert-manager" { chart = "cert-manager" repository = "jetstack" - version = "{{ cookiecutter.terraform_helm_cert_manager }}" + version = "~> {{ cookiecutter.terraform_helm_cert_manager }}" values = [ data.template_file.cert-manager-values.rendered ] @@ -40,10 +44,18 @@ resource "helm_release" "cert-manager" { #------------------------------------------------------------------------------ # SUPPORTING RESOURCES #------------------------------------------------------------------------------ +data "template_file" "cert-manager-values" { + template = file("${path.module}/manifests/cert-manager-values.yaml.tpl") + vars = { + role_arn = module.cert_manager_irsa.iam_role_arn + namespace = var.cert_manager_namespace + } +} + resource "aws_iam_policy" "cert_manager_policy" { name = "${var.namespace}-cert-manager-policy" path = "/" - description = "openedx_devops: Policy, which allows CertManager to create Route53 records" + description = "cookiecutter: Policy, which allows CertManager to create Route53 records" policy = jsonencode({ "Version" : "2012-10-17", @@ -68,15 +80,42 @@ resource "aws_iam_policy" "cert_manager_policy" { } ] }) + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_iam_policy" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } module "cert_manager_irsa" { source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" - version = "{{ cookiecutter.terraform_aws_modules_iam_assumable_role_with_oidc }}" + version = "~> {{ cookiecutter.terraform_aws_modules_iam_assumable_role_with_oidc }}" create_role = true role_name = "${var.namespace}-cert_manager-irsa" provider_url = replace(data.aws_eks_cluster.eks.identity[0].oidc[0].issuer, "https://", "") role_policy_arns = [aws_iam_policy.cert_manager_policy.arn] oidc_fully_qualified_subjects = ["system:serviceaccount:${var.cert_manager_namespace}:cert-manager"] } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} + +resource "kubernetes_secret" "cookiecutter" { + metadata { + name = "cookiecutter-terraform" + namespace = var.cert_manager_namespace + } + + # https://stackoverflow.com/questions/64134699/terraform-map-to-string-value + data = { + tags = jsonencode(local.tags) + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/variables.tf index d9536126..799b0388 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/variables.tf @@ -25,3 +25,9 @@ variable "aws_region" { variable "services_subdomain" { type = string } + +variable "tags" { + description = "A map of tags to add to all resources. Tags added to launch configuration or templates override these values for ASG Tags only." + type = map(string) + default = {} +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/versions.tf index a5b7eb4a..3ca1816b 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_cert_manager/versions.tf @@ -18,7 +18,7 @@ terraform { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubectl = { source = "gavinbunney/kubectl" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_dashboard/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_dashboard/main.tf index 799cb5ab..a504185f 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_dashboard/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_dashboard/main.tf @@ -25,6 +25,17 @@ # echo https://127.0.0.1:8443/ # kubectl -n default port-forward $POD_NAME 8443:8443 #----------------------------------------------------------- +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/kubernetes_dashboard" + "cookiecutter/resource/source" = "kubernetes.github.io/dashboard" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_helm_dashboard }}" + } + ) +} data "template_file" "dashboard-values" { template = file("${path.module}/yml/values.yaml") @@ -32,14 +43,33 @@ data "template_file" "dashboard-values" { resource "helm_release" "dashboard" { name = "common" - namespace = "kubernetes-dashboard" + namespace = var.dashboard_namespace create_namespace = true chart = "kubernetes-dashboard" repository = "https://kubernetes.github.io/dashboard/" - version = "~> 6.0" + version = "~> {{ cookiecutter.terraform_helm_dashboard }}" values = [ data.template_file.dashboard-values.rendered ] } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} + +resource "kubernetes_secret" "cookiecutter" { + metadata { + name = "cookiecutter-terraform" + namespace = var.dashboard_namespace + } + + # https://stackoverflow.com/questions/64134699/terraform-map-to-string-value + data = { + tags = jsonencode(local.tags) + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_dashboard/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_dashboard/variables.tf index 9ff6583d..b4224e5c 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_dashboard/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_dashboard/variables.tf @@ -8,14 +8,16 @@ #------------------------------------------------------------------------------ variable "dashboard_namespace" { - + type = string } variable "dashboard_account_name" { - + type = string } variable "stack_namespace" { - + type = string } variable "tags" { - + description = "A map of tags to add to all resources. Tags added to launch configuration or templates override these values for ASG Tags only." + type = map(string) + default = {} } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/main.tf index 59d94d57..7de76804 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/main.tf @@ -20,6 +20,17 @@ # helm show values ingress-nginx/ingress-nginx #------------------------------------------------------------------------------ +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/kubernetes_ingress_clb" + "cookiecutter/resource/source" = "kubernetes.github.io/ingress-nginx" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_helm_ingress_nginx_controller }}" + } + ) +} data "template_file" "nginx-values" { template = file("${path.module}/yml/nginx-values.yaml") @@ -32,7 +43,7 @@ resource "helm_release" "ingress_nginx_controller" { chart = "ingress-nginx" repository = "https://kubernetes.github.io/ingress-nginx" - version = "{{ cookiecutter.terraform_helm_ingress_nginx_controller }}" + version = "~> {{ cookiecutter.terraform_helm_ingress_nginx_controller }}" values = [ data.template_file.nginx-values.rendered @@ -67,3 +78,22 @@ resource "helm_release" "ingress_nginx_controller" { } } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} + +resource "kubernetes_secret" "cookiecutter" { + metadata { + name = "cookiecutter-terraform" + namespace = var.namespace + } + + # https://stackoverflow.com/questions/64134699/terraform-map-to-string-value + data = { + tags = jsonencode(local.tags) + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/variables.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/variables.tf index f950b4f3..065d974b 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/variables.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/variables.tf @@ -23,3 +23,9 @@ variable "namespace" { variable "stack_namespace" { type = string } + +variable "tags" { + description = "A map of tags to add to all resources. Tags added to launch configuration or templates override these values for ASG Tags only." + type = map(string) + default = {} +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/versions.tf index a5b7eb4a..3ca1816b 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_ingress_clb/versions.tf @@ -18,7 +18,7 @@ terraform { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubectl = { source = "gavinbunney/kubectl" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_karpenter/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_karpenter/main.tf index fc5d7cf6..af9f3764 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_karpenter/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_karpenter/main.tf @@ -25,6 +25,19 @@ # FIXED. but see note below about version. # # see: https://registry.terraform.io/modules/terraform-aws-modules/iam/aws/latest/submodules/iam-role-for-service-accounts-eks +locals { + karpenter_namespace = "karpenter" + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/kubernetes_karpenter" + "cookiecutter/resource/source" = "charts.karpenter.sh" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_helm_karpenter }}" + } + ) +} data "template_file" "karpenter-values" { template = file("${path.module}/yml/karpenter-values.yaml") @@ -32,14 +45,14 @@ data "template_file" "karpenter-values" { resource "helm_release" "karpenter" { - namespace = "karpenter" + namespace = local.karpenter_namespace create_namespace = true name = "karpenter" repository = "https://charts.karpenter.sh" chart = "karpenter" - version = "{{ cookiecutter.terraform_helm_karpenter }}" + version = "~> {{ cookiecutter.terraform_helm_karpenter }}" values = [ data.template_file.karpenter-values.rendered @@ -92,7 +105,13 @@ module "karpenter_controller_irsa_role" { } } - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" + "cookiecutter/resource/version" = "latest" + } + ) } @@ -163,7 +182,13 @@ resource "aws_iam_role" "ec2_spot_fleet_tagging_role" { ] }) - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_iam_role" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } resource "aws_iam_role_policy_attachment" "ec2_spot_fleet_tagging" { @@ -178,3 +203,22 @@ resource "kubectl_manifest" "vpa-karpenter" { helm_release.karpenter ] } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} + +resource "kubernetes_secret" "cookiecutter" { + metadata { + name = "cookiecutter-terraform" + namespace = local.karpenter_namespace + } + + # https://stackoverflow.com/questions/64134699/terraform-map-to-string-value + data = { + tags = jsonencode(local.tags) + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_karpenter/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_karpenter/versions.tf index 0a05429f..82ed8aed 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_karpenter/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_karpenter/versions.tf @@ -18,7 +18,7 @@ terraform { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubectl = { source = "gavinbunney/kubectl" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubeapps/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubeapps/main.tf index e4a02b66..fdcd017b 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubeapps/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubeapps/main.tf @@ -26,6 +26,16 @@ locals { kubeapps_namespace = "kubeapps" kubeapps_account_name = "kubeapps-admin" kubeapps_ingress_hostname = "${local.kubeapps_namespace}.${var.services_subdomain}" + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/kubernetes_kubeapps" + "cookiecutter/resource/source" = "charts.bitnami.com/bitnami/kubeapps" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_helm_kubeapps }}" + } + ) } @@ -40,7 +50,7 @@ resource "helm_release" "kubeapps" { name = "kubeapps" repository = "https://charts.bitnami.com/bitnami" chart = "kubeapps" - version = "{{ cookiecutter.terraform_helm_kubeapps }}" + version = "~> {{ cookiecutter.terraform_helm_kubeapps }}" # see https://docs.bitnami.com/kubernetes/infrastructure/kubeapps/configuration/expose-service/ set { @@ -52,3 +62,22 @@ resource "helm_release" "kubeapps" { kubernetes_namespace.kubeapps ] } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} + +resource "kubernetes_secret" "cookiecutter" { + metadata { + name = "cookiecutter-terraform" + namespace = local.kubeapps_namespace + } + + # https://stackoverflow.com/questions/64134699/terraform-map-to-string-value + data = { + tags = jsonencode(local.tags) + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubeapps/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubeapps/versions.tf index 0a05429f..82ed8aed 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubeapps/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubeapps/versions.tf @@ -18,7 +18,7 @@ terraform { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubectl = { source = "gavinbunney/kubectl" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubecost/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubecost/main.tf index aed58b8a..a4f85697 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubecost/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubecost/main.tf @@ -23,6 +23,17 @@ #----------------------------------------------------------- locals { cost_analyzer = "cost-analyzer" + kubecost = "kubecost" + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/kubernetes_kubecost" + "cookiecutter/resource/source" = "kubecost.github.io/cost-analyzer/" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_helm_kubecost }}" + } + ) } data "template_file" "kubecost-values" { @@ -36,15 +47,34 @@ data "template_file" "kubecost-values" { resource "helm_release" "kubecost" { name = local.cost_analyzer - namespace = "kubecost" + namespace = local.kubecost create_namespace = true repository = "https://kubecost.github.io/cost-analyzer/" chart = "cost-analyzer" - version = "{{ cookiecutter.terraform_helm_kubecost }}" + version = "~> {{ cookiecutter.terraform_helm_kubecost }}" values = [ data.template_file.kubecost-values.rendered ] } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} + +resource "kubernetes_secret" "cookiecutter" { + metadata { + name = "cookiecutter-terraform" + namespace = local.kubecost + } + + # https://stackoverflow.com/questions/64134699/terraform-map-to-string-value + data = { + tags = jsonencode(local.tags) + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubecost/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubecost/versions.tf index fe721fc1..61ea499d 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubecost/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_kubecost/versions.tf @@ -18,7 +18,7 @@ terraform { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubectl = { source = "gavinbunney/kubectl" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_metricsserver/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_metricsserver/main.tf index d2546722..a6503d62 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_metricsserver/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_metricsserver/main.tf @@ -21,23 +21,54 @@ # helm search repo metrics-server # helm show values metrics-server/metrics-server #----------------------------------------------------------- +locals { + metrics_server = "metrics-server" + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/kubernetes_metricsserver" + "cookiecutter/resource/source" = "kubernetes-sigs.github.io/metrics-server/" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_helm_metrics_server }}" + } + ) +} data "template_file" "metrics-server-values" { template = file("${path.module}/config/metrics-server-values.yaml") vars = {} } resource "helm_release" "metrics_server" { - namespace = "metrics-server" + namespace = local.metrics_server create_namespace = true name = "metrics-server" repository = "https://kubernetes-sigs.github.io/metrics-server/" chart = "metrics-server" - version = "{{ cookiecutter.terraform_helm_metrics_server }}" + version = "~> {{ cookiecutter.terraform_helm_metrics_server }}" values = [ data.template_file.metrics-server-values.rendered ] } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} + +resource "kubernetes_secret" "cookiecutter" { + metadata { + name = "cookiecutter-terraform" + namespace = local.metrics_server + } + + # https://stackoverflow.com/questions/64134699/terraform-map-to-string-value + data = { + tags = jsonencode(local.tags) + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_metricsserver/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_metricsserver/versions.tf index 0a05429f..82ed8aed 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_metricsserver/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_metricsserver/versions.tf @@ -18,7 +18,7 @@ terraform { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubectl = { source = "gavinbunney/kubectl" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_prometheus/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_prometheus/main.tf index 251e770f..c7f22c41 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_prometheus/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_prometheus/main.tf @@ -34,6 +34,20 @@ # kubectl delete crd servicemonitors.monitoring.coreos.com # kubectl delete crd thanosrulers.monitoring.coreos.com #----------------------------------------------------------- +locals { + cost_analyzer = "cost-analyzer" + prometheus = "prometheus" + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/kubernetes_prometheus" + "cookiecutter/resource/source" = "prometheus-community.github.io/helm-charts/kube-prometheus-stack" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_helm_prometheus }}" + } + ) +} data "template_file" "prometheus-values" { template = file("${path.module}/yml/prometheus-values.yaml") @@ -41,7 +55,7 @@ data "template_file" "prometheus-values" { } resource "helm_release" "prometheus" { - namespace = "prometheus" + namespace = local.prometheus create_namespace = true name = "prometheus" @@ -72,3 +86,22 @@ resource "random_password" "grafana" { version = "1" } } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} + +resource "kubernetes_secret" "cookiecutter" { + metadata { + name = "cookiecutter-terraform" + namespace = local.prometheus + } + + # https://stackoverflow.com/questions/64134699/terraform-map-to-string-value + data = { + tags = jsonencode(local.tags) + } +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_prometheus/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_prometheus/versions.tf index 0a05429f..82ed8aed 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_prometheus/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_prometheus/versions.tf @@ -18,7 +18,7 @@ terraform { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubectl = { source = "gavinbunney/kubectl" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_vpa/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_vpa/main.tf index 37959202..09a951f2 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_vpa/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_vpa/main.tf @@ -22,7 +22,19 @@ # NOTE: run `helm repo update` prior to running this # Terraform module. #----------------------------------------------------------- +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/kubernetes_vpa" + "cookiecutter/resource/source" = "cowboysysop.github.io/charts/vertical-pod-autoscaler" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_helm_vertical_pod_autoscaler }}" + } + ) + +} data "template_file" "vertical-pod-autoscaler-values" { template = file("${path.module}/yml/vertical-pod-autoscaler-values.yaml") vars = {} @@ -35,10 +47,17 @@ resource "helm_release" "vpa" { name = "vertical-pod-autoscaler" repository = "https://cowboysysop.github.io/charts/" chart = "vertical-pod-autoscaler" - version = "{{ cookiecutter.terraform_helm_vertical_pod_autoscaler }}" + version = "~> {{ cookiecutter.terraform_helm_vertical_pod_autoscaler }}" values = [ data.template_file.vertical-pod-autoscaler-values.rendered ] } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_vpa/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_vpa/versions.tf index 0a05429f..82ed8aed 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_vpa/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/kubernetes_vpa/versions.tf @@ -18,7 +18,7 @@ terraform { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubectl = { source = "gavinbunney/kubectl" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/etc/update-motd.d/10-help-text b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/etc/update-motd.d/10-help-text index 3701d067..39de9822 100755 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/etc/update-motd.d/10-help-text +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/etc/update-motd.d/10-help-text @@ -5,8 +5,7 @@ # # date: aug-2022 # -# usage: print the login banner for openedx_devops -# cookiecutter. +# usage: print the login banner #------------------------------------------------------------------------------ diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/kubernetes.tf index f1093f3c..98cac7bf 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/kubernetes.tf @@ -7,20 +7,6 @@ # usage: create a remote MongoDB instance. # store the MySQL credentials in Kubernetes Secrets #------------------------------------------------------------------------------ -data "aws_eks_cluster" "eks" { - name = var.stack_namespace -} - -data "aws_eks_cluster_auth" "eks" { - name = var.stack_namespace -} - -provider "kubernetes" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.eks.token -} - resource "kubernetes_secret" "mongodb_admin" { metadata { name = "mongodb-admin" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/main.tf index 6f4d716a..3bb9cfee 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/main.tf @@ -23,6 +23,15 @@ locals { ssh_private_key_filename = "${var.stack_namespace}-mongodb.pem" host_name = "mongodb.${var.services_subdomain}" + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/mongodb" + } + ) + } # create the MongoDB instance and install configuration files. @@ -34,7 +43,14 @@ resource "aws_instance" "mongodb" { monitoring = false associate_public_ip_address = false ebs_optimized = false - tags = var.tags + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_instance" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) vpc_security_group_ids = [ aws_security_group.sg_mongodb.id, @@ -45,7 +61,13 @@ resource "aws_instance" "mongodb" { root_block_device { delete_on_termination = true volume_size = 8 - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_instance" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } provisioner "file" { @@ -85,7 +107,7 @@ resource "aws_instance" "mongodb" { } content = data.template_file.welcome_banner.rendered - destination = "/tmp/openedx_devops/mongodb/etc/09-welcome-banner" + destination = "/tmp/cookiecutter/mongodb/etc/09-welcome-banner" } provisioner "file" { @@ -97,7 +119,7 @@ resource "aws_instance" "mongodb" { } source = "${path.module}/etc/update-motd.d/10-help-text" - destination = "/tmp/openedx_devops/mongodb/etc/10-help-text" + destination = "/tmp/cookiecutter/mongodb/etc/10-help-text" } @@ -110,7 +132,7 @@ resource "aws_instance" "mongodb" { } content = data.template_file.aws_config.rendered - destination = "/tmp/openedx_devops/mongodb/.aws/config" + destination = "/tmp/cookiecutter/mongodb/.aws/config" } provisioner "file" { @@ -122,7 +144,7 @@ resource "aws_instance" "mongodb" { } content = data.template_file.aws_credentials.rendered - destination = "/tmp/openedx_devops/mongodb/.aws/credentials" + destination = "/tmp/cookiecutter/mongodb/.aws/credentials" } # installation bootstrapper script @@ -135,7 +157,7 @@ resource "aws_instance" "mongodb" { } source = "${path.module}/scripts/" - destination = "/tmp/openedx_devops/mongodb/scripts/" + destination = "/tmp/cookiecutter/mongodb/scripts/" } # add ssh key to the bastion @@ -185,7 +207,7 @@ resource "null_resource" "install_script" { } content = data.template_file.mongod_conf.rendered - destination = "/tmp/openedx_devops/mongodb/etc/mongod.conf" + destination = "/tmp/cookiecutter/mongodb/etc/mongod.conf" } provisioner "file" { @@ -224,7 +246,6 @@ resource "null_resource" "install_script" { #------------------------------------------------------------------------------ # SUPPORTING RESOURCES #------------------------------------------------------------------------------ - data "aws_ebs_volume" "mongodb" { most_recent = true @@ -296,11 +317,11 @@ data "aws_security_group" "stack-namespace-node" { # only allows inbound traffice to port 27017. resource "aws_security_group" "sg_mongodb" { name_prefix = "${var.stack_namespace}-mongodb" - description = "openedx_devops: MongoDB access from within VPC" + description = "cookiecutter: MongoDB access from within VPC" vpc_id = var.vpc_id ingress { - description = "openedx_devops: MongoDB access from within VPC" + description = "cookiecutter: MongoDB access from within VPC" from_port = 27017 to_port = 27017 protocol = "tcp" @@ -308,7 +329,7 @@ resource "aws_security_group" "sg_mongodb" { } ingress { - description = "openedx_devops: ssh access to MongoDB from within VPC" + description = "cookiecutter: ssh access to MongoDB from within VPC" from_port = 22 to_port = 22 protocol = "tcp" @@ -316,7 +337,7 @@ resource "aws_security_group" "sg_mongodb" { } egress { - description = "openedx_devops: public MongoDB out to anywhere" + description = "cookiecutter: public MongoDB out to anywhere" from_port = 0 to_port = 0 protocol = "-1" @@ -324,7 +345,13 @@ resource "aws_security_group" "sg_mongodb" { ipv6_cidr_blocks = ["::/0"] } - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_security_group" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } @@ -359,7 +386,13 @@ resource "random_password" "mongodb_admin" { resource "aws_iam_user" "aws_cli" { name = "${var.stack_namespace}-mongodb" path = "/system/mongodb-user/" - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_iam_user" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } resource "aws_iam_access_key" "aws_cli" { @@ -439,3 +472,10 @@ data "template_file" "welcome_banner" { platform_name = var.platform_name } } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/providers.tf new file mode 100644 index 00000000..26f4e8ad --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/providers.tf @@ -0,0 +1,13 @@ +data "aws_eks_cluster" "eks" { + name = var.stack_namespace +} + +data "aws_eks_cluster_auth" "eks" { + name = var.stack_namespace +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.eks.token +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/scripts/mongodb-install-tasks.sh.tpl b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/scripts/mongodb-install-tasks.sh.tpl index a004c20e..ed5d3d9d 100755 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/scripts/mongodb-install-tasks.sh.tpl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/scripts/mongodb-install-tasks.sh.tpl @@ -18,7 +18,7 @@ rm /home/ubuntu/scripts/*.sh.tpl # for diagnostics: dump the tmp contents. These files were # added by provisioner directives in aws_instance in main.tf -ls /tmp/openedx_devops/mongodb/ -lha +ls /tmp/cookiecutter/mongodb/ -lha # set aws-mandated permissions on the mongodb private key echo setting permission on ~/.ssh/$PRIVATE_KEY_PEM @@ -31,16 +31,16 @@ ssh-keyscan $PRIVATE_IPV4 >> $HOME/.ssh/known_hosts echo copying files from bastion tmp folder to $PRIVATE_IPV4 # prep mongodb config files, then copy to the mongodb instance -chmod +x /tmp/openedx_devops/mongodb/scripts/*.sh +chmod +x /tmp/cookiecutter/mongodb/scripts/*.sh echo copying scripts to home folder on $PRIVATE_IPV4 -scp -i ~/.ssh/$PRIVATE_KEY_PEM -r /tmp/openedx_devops/mongodb/scripts/ ubuntu@$PRIVATE_IPV4:/home/ubuntu/ +scp -i ~/.ssh/$PRIVATE_KEY_PEM -r /tmp/cookiecutter/mongodb/scripts/ ubuntu@$PRIVATE_IPV4:/home/ubuntu/ echo copying aws cli config to home folder on $PRIVATE_IPV4 -scp -i ~/.ssh/$PRIVATE_KEY_PEM -r /tmp/openedx_devops/mongodb/.aws/ ubuntu@$PRIVATE_IPV4:/home/ubuntu/ +scp -i ~/.ssh/$PRIVATE_KEY_PEM -r /tmp/cookiecutter/mongodb/.aws/ ubuntu@$PRIVATE_IPV4:/home/ubuntu/ # configure the login banner, copy login banner files from bastion tmp folder to the mongodb tmp folder -chmod 755 /tmp/openedx_devops/mongodb/etc/* +chmod 755 /tmp/cookiecutter/mongodb/etc/* echo copying login banner files to mongodb tmp folder on $PRIVATE_IPV4 -scp -i ~/.ssh/$PRIVATE_KEY_PEM -r /tmp/openedx_devops/mongodb/etc/ ubuntu@$PRIVATE_IPV4:/tmp/ +scp -i ~/.ssh/$PRIVATE_KEY_PEM -r /tmp/cookiecutter/mongodb/etc/ ubuntu@$PRIVATE_IPV4:/tmp/ # copy banner files from mongodb tmp folder to /etc/update-motd.d/ echo installing login banners on $PRIVATE_IPV4 @@ -60,11 +60,11 @@ ssh ubuntu@$PRIVATE_IPV4 -i ~/.ssh/$PRIVATE_KEY_PEM sudo chmod 644 /etc/update-m # cleanup # FIX NOTE: un-comment me -# "rm -rf /tmp/openedx_devops/mongodb", +# "rm -rf /tmp/cookiecutter/mongodb", # create an ssh shortcut inside the bastion .ssh folder for the mongodb instance # FIX NOTE: I DO NOT WORK :( -#"grep -qxF 'Host mongodb' ~/.ssh/config || cat /tmp/openedx_devops/mongodb/ssh_config >> ~/.ssh/config && echo added ssh key and config to bastion.", +#"grep -qxF 'Host mongodb' ~/.ssh/config || cat /tmp/cookiecutter/mongodb/ssh_config >> ~/.ssh/config && echo added ssh key and config to bastion.", echo configuring .ssh/config on bastion rm -f ~/.ssh/config diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/scripts/mongodb-preinstall-tasks.sh.tpl b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/scripts/mongodb-preinstall-tasks.sh.tpl index 9e7b0251..f770032a 100755 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/scripts/mongodb-preinstall-tasks.sh.tpl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/scripts/mongodb-preinstall-tasks.sh.tpl @@ -9,16 +9,16 @@ #-------------------------------------------------------- # ensure that we have a top-level tmp folder -echo creating /tmp/openedx_devops -mkdir -p /tmp/openedx_devops +echo creating /tmp/cookiecutter +mkdir -p /tmp/cookiecutter # get rid of any legacy tmp files for mongodb -rm -rf /tmp/openedx_devops/mongodb +rm -rf /tmp/cookiecutter/mongodb # recreate the mongodb temp folder. # at this point we are now certain that this folder exists and that it's empty -echo creating /tmp/openedx_devops/mongodb -mkdir -p /tmp/openedx_devops/mongodb +echo creating /tmp/cookiecutter/mongodb +mkdir -p /tmp/cookiecutter/mongodb # ensure that no legacy private key exists for the mongodb server rm -f ~/.ssh/${ssh_private_key_filename} @@ -28,11 +28,11 @@ rm -f ~/.ssh/known_hosts touch ~/.ssh/known_hosts # setup the tmp working folders for mongodb configuration -echo creating /tmp/openedx_devops/mongodb/.aws -mkdir /tmp/openedx_devops/mongodb/.aws +echo creating /tmp/cookiecutter/mongodb/.aws +mkdir /tmp/cookiecutter/mongodb/.aws -echo creating /tmp/openedx_devops/mongodb/scripts -mkdir /tmp/openedx_devops/mongodb/scripts +echo creating /tmp/cookiecutter/mongodb/scripts +mkdir /tmp/cookiecutter/mongodb/scripts -echo creating /tmp/openedx_devops/mongodb/etc -mkdir /tmp/openedx_devops/mongodb/etc +echo creating /tmp/cookiecutter/mongodb/etc +mkdir /tmp/cookiecutter/mongodb/etc diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/versions.tf index 6ec3eb06..abeea0f6 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb/versions.tf @@ -20,7 +20,7 @@ terraform { } aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb_volume/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb_volume/main.tf index 1e7dda40..df781656 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb_volume/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mongodb_volume/main.tf @@ -7,12 +7,30 @@ # usage: create a detachable EBS volume to be used as the primary storage # volume for MongoDB. #------------------------------------------------------------------------------ +locals { + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/mongodb_volume" + } + ) + +} # create a detachable EBS volume for the Mongodb databases resource "aws_ebs_volume" "mongodb" { availability_zone = data.aws_subnet.database_subnet.availability_zone size = var.allocated_storage - tags = var.tags + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_ebs_volume" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) # un-comment this block if you want to prevent Terraform from destroying the Mongodb volume. lifecycle { @@ -37,3 +55,10 @@ resource "random_integer" "subnet_id" { min = 0 max = length(var.subnet_ids) - 1 } + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/kubernetes.tf index 60a72274..8d0f89ca 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/kubernetes.tf @@ -7,19 +7,6 @@ # usage: create an RDS MySQL instance. # store the MySQL credentials in Kubernetes Secrets #------------------------------------------------------------------------------ -data "aws_eks_cluster" "eks" { - name = var.resource_name -} - -data "aws_eks_cluster_auth" "eks" { - name = var.resource_name -} - -provider "kubernetes" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.eks.token -} resource "kubernetes_secret" "mysql_root" { metadata { diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/main.tf index 79999435..952d84b8 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/main.tf @@ -7,54 +7,26 @@ # usage: create an RDS MySQL instance. #------------------------------------------------------------------------------ -resource "aws_db_subnet_group" "mysql_subnet_group" { - name = "mysql_subnet_group" - subnet_ids = var.subnet_ids - tags = var.tags -} - -module "security_group" { - source = "terraform-aws-modules/security-group/aws" - version = "{{ cookiecutter.terraform_aws_modules_sg }}" - - name = "${var.resource_name}-mysql" - description = "openedx_devops: Allow access to MySQL" - vpc_id = var.vpc_id - - # ingress - ingress_with_cidr_blocks = [ - { - from_port = 3306 - to_port = 3306 - protocol = "tcp" - description = "openedx_devops: MySQL access from within VPC" - cidr_blocks = join(",", var.ingress_cidr_blocks) - }, - ] - - egress_with_cidr_blocks = [ - { - description = "openedx_devops: Node all egress" - protocol = "-1" - from_port = 0 - to_port = 0 - type = "egress" - cidr_blocks = "0.0.0.0/0" - ipv6_cidr_blocks = "::/0" - }, - ] - tags = var.tags -} - - #------------------------------------------------------------------------------ # RDS Module # # see: https://stackoverflow.com/questions/53386811/terraform-the-db-instance-and-ec2-security-group-are-in-different-vpcs #------------------------------------------------------------------------------ +locals { + + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/mysql" + } + ) + +} + module "db" { source = "terraform-aws-modules/rds/aws" - version = "{{cookiecutter.terraform_aws_modules_rds}}" + version = "~> {{cookiecutter.terraform_aws_modules_rds}}" # required parameters (unless we like the default value) # --------------------------------------------------------------------------- @@ -112,5 +84,75 @@ module "db" { create_monitoring_role = var.create_monitoring_role monitoring_interval = var.monitoring_interval parameters = var.parameters - tags = var.tags + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "terraform-aws-modules/rds/aws" + "cookiecutter/resource/version" = "{{cookiecutter.terraform_aws_modules_rds}}" + } + ) +} + +#------------------------------------------------------------------------------ +# SUPPORTING RESOURCES +#------------------------------------------------------------------------------ + +resource "aws_db_subnet_group" "mysql_subnet_group" { + name = "mysql_subnet_group" + subnet_ids = var.subnet_ids + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_db_subnet_group" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) +} + +module "security_group" { + source = "terraform-aws-modules/security-group/aws" + version = "~> {{ cookiecutter.terraform_aws_modules_sg }}" + + name = "${var.resource_name}-mysql" + description = "cookiecutter: Allow access to MySQL" + vpc_id = var.vpc_id + + # ingress + ingress_with_cidr_blocks = [ + { + from_port = 3306 + to_port = 3306 + protocol = "tcp" + description = "cookiecutter: MySQL access from within VPC" + cidr_blocks = join(",", var.ingress_cidr_blocks) + }, + ] + + egress_with_cidr_blocks = [ + { + description = "cookiecutter: Node all egress" + protocol = "-1" + from_port = 0 + to_port = 0 + type = "egress" + cidr_blocks = "0.0.0.0/0" + ipv6_cidr_blocks = "::/0" + }, + ] + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "terraform-aws-modules/security-group/aws" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_aws_modules_sg }}" + } + ) +} + +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/providers.tf new file mode 100644 index 00000000..57e8384d --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/providers.tf @@ -0,0 +1,13 @@ +data "aws_eks_cluster" "eks" { + name = var.resource_name +} + +data "aws_eks_cluster_auth" "eks" { + name = var.resource_name +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.eks.token +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/versions.tf index e2e8b255..a0a0a7a5 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/mysql/versions.tf @@ -12,7 +12,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/kubernetes.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/kubernetes.tf index cf76bcbe..a530fc5d 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/kubernetes.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/kubernetes.tf @@ -7,20 +7,6 @@ # usage: create an ElastiCache Redis cache # stored cache credentials in Kubernetes Secrets. #------------------------------------------------------------------------------ -data "aws_eks_cluster" "eks" { - name = var.shared_resource_namespace -} - -data "aws_eks_cluster_auth" "eks" { - name = var.shared_resource_namespace -} - -provider "kubernetes" { - host = data.aws_eks_cluster.eks.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.eks.token -} - resource "kubernetes_secret" "redis" { metadata { name = "redis" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/main.tf index 9a2cae4e..3a6a76dd 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/main.tf @@ -10,26 +10,58 @@ #------------------------------------------------------------------------------ locals { name = var.replication_group_description + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/redis" + } + ) + } +module "redis" { + source = "./modules/elasticache" -################################################################################ -# Supporting Resources -################################################################################ + description = local.name + create_random_auth_token = var.create_random_auth_token + subnet_ids = var.subnet_ids + engine = var.engine + engine_version = var.engine_version + num_cache_clusters = var.num_cache_clusters + port = var.port + vpc_security_group_ids = [aws_security_group.redis.id] + transit_encryption_enabled = var.transit_encryption_enabled + family = var.family + node_type = var.node_type + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/redis/modules/elasticache" + "cookiecutter/resource/version" = "latest" + } + + ) +} + +#------------------------------------------------------------------------------ +# SUPPORTING RESOURCES +#------------------------------------------------------------------------------ resource "aws_security_group" "redis" { - description = "openedx_devops: Redis" - name_prefix = local.name + description = "cookiecutter: Redis" + name_prefix = "${local.name}-redis" vpc_id = var.vpc_id ingress { - description = "openedx_devops: Redis access from within VPC" + description = "cookiecutter: Redis access from within VPC" from_port = var.port to_port = var.port protocol = "tcp" cidr_blocks = var.ingress_cidr_blocks } egress { - description = "openedx_devops: Redis out to anywhere" + description = "cookiecutter: Redis out to anywhere" from_port = 0 to_port = 0 protocol = "-1" @@ -37,23 +69,19 @@ resource "aws_security_group" "redis" { ipv6_cidr_blocks = ["::/0"] } - tags = var.tags -} - + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_security_group" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } -module "redis" { - source = "./modules/elasticache" + ) +} - description = local.name - create_random_auth_token = var.create_random_auth_token - subnet_ids = var.subnet_ids - engine = var.engine - engine_version = var.engine_version - num_cache_clusters = var.num_cache_clusters - port = var.port - vpc_security_group_ids = [aws_security_group.redis.id] - transit_encryption_enabled = var.transit_encryption_enabled - family = var.family - node_type = var.node_type - tags = var.tags +#------------------------------------------------------------------------------ +# COOKIECUTTER META +#------------------------------------------------------------------------------ +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/modules/elasticache_parameter_group/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/modules/elasticache_parameter_group/versions.tf index 11b68f53..0b19bf99 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/modules/elasticache_parameter_group/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/modules/elasticache_parameter_group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/modules/elasticache_subnet_group/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/modules/elasticache_subnet_group/versions.tf index 11b68f53..0b19bf99 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/modules/elasticache_subnet_group/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/modules/elasticache_subnet_group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/versions.tf index 11b68f53..0b19bf99 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/modules/elasticache/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/providers.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/providers.tf new file mode 100644 index 00000000..35cf28f5 --- /dev/null +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/providers.tf @@ -0,0 +1,13 @@ +data "aws_eks_cluster" "eks" { + name = var.shared_resource_namespace +} + +data "aws_eks_cluster_auth" "eks" { + name = var.shared_resource_namespace +} + +provider "kubernetes" { + host = data.aws_eks_cluster.eks.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.eks.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.eks.token +} diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/versions.tf index dd41b8e9..30701079 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/redis/versions.tf @@ -12,7 +12,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } } } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/main.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/main.tf index 3c096425..74ca77d5 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/main.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/main.tf @@ -12,11 +12,19 @@ # There are a LOT of options in this module. # see https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest #------------------------------------------------------------------------------ +locals { + tags = merge( + var.tags, + module.cookiecutter_meta.tags, + { + "cookiecutter/module/source" = "{{ cookiecutter.github_repo_name }}/terraform/stacks/modules/mysql" + } + ) - +} module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "{{ cookiecutter.terraform_aws_modules_vpc }}" + version = "~> {{ cookiecutter.terraform_aws_modules_vpc }}" create_vpc = true name = var.name cidr = var.cidr @@ -32,5 +40,16 @@ module "vpc" { one_nat_gateway_per_az = var.one_nat_gateway_per_az public_subnet_tags = var.public_subnet_tags private_subnet_tags = var.private_subnet_tags - tags = var.tags + + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "terraform-aws-modules/vpc/aws" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_aws_modules_vpc }}" + } + ) +} + +module "cookiecutter_meta" { + source = "../../../../../../../common/cookiecutter_meta" } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/route53.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/route53.tf index 8ee669c5..7b3e7941 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/route53.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/route53.tf @@ -4,7 +4,13 @@ data "aws_route53_zone" "root_domain" { resource "aws_route53_zone" "services_subdomain" { name = var.services_subdomain - tags = var.tags + tags = merge( + local.tags, + { + "cookiecutter/resource/source" = "hashicorp/aws/aws_route53_zone" + "cookiecutter/resource/version" = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + } + ) } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/versions.tf b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/versions.tf index efd9a51b..02d1cb1a 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/versions.tf +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/modules/vpc/versions.tf @@ -12,7 +12,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "{{ cookiecutter.terraform_provider_hashicorp_aws_version }}" + version = "~> {{ cookiecutter.terraform_provider_hashicorp_aws_version }}" } local = { source = "hashicorp/local" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes/terragrunt.hcl index 21292e4f..c8b5ab7f 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes/terragrunt.hcl @@ -35,6 +35,7 @@ locals { tags = merge( local.stack_vars.locals.tags, + local.global_vars.locals.tags, { "cookiecutter/name" = "${local.namespace}-eks" } ) } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_cert_manager/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_cert_manager/terragrunt.hcl index 2f7d0909..24de9d51 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_cert_manager/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_cert_manager/terragrunt.hcl @@ -7,8 +7,8 @@ # usage: build an EKS with EC2 worker nodes and ALB #------------------------------------------------------------------------------ locals { - stack_vars = read_terragrunt_config(find_in_parent_folders("stack.hcl")) - global_vars = read_terragrunt_config(find_in_parent_folders("global.hcl")) + stack_vars = read_terragrunt_config(find_in_parent_folders("stack.hcl")) + global_vars = read_terragrunt_config(find_in_parent_folders("global.hcl")) # Extract out common variables for reuse root_domain = local.global_vars.locals.root_domain @@ -16,6 +16,11 @@ locals { aws_region = local.global_vars.locals.aws_region cert_manager_namespace = "cert-manager" services_subdomain = local.global_vars.locals.services_subdomain + + tags = merge( + local.stack_vars.locals.tags, + ) + } dependencies { @@ -80,4 +85,5 @@ inputs = { cert_manager_namespace = local.cert_manager_namespace namespace = local.shared_resource_namespace services_subdomain = local.services_subdomain + tags = local.tags } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_dashboard/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_dashboard/terragrunt.hcl index 113a7682..f8cdc957 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_dashboard/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_dashboard/terragrunt.hcl @@ -18,8 +18,7 @@ locals { tags = merge( local.stack_vars.locals.tags, - local.global_vars.locals.tags, - { Name = "${local.stack_namespace}-eks" } + { Name = "${local.stack_namespace}-dashboard" } ) } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_ingress_clb/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_ingress_clb/terragrunt.hcl index f5ff40ed..9a39e440 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_ingress_clb/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_ingress_clb/terragrunt.hcl @@ -15,6 +15,11 @@ locals { namespace = "kube-system" root_domain = local.global_vars.locals.root_domain services_subdomain = local.global_vars.locals.services_subdomain + + tags = merge( + local.stack_vars.locals.tags, + { Name = "${local.stack_namespace}-ingress-controller" } + ) } dependencies { @@ -79,4 +84,5 @@ inputs = { stack_namespace = local.stack_namespace root_domain = local.root_domain services_subdomain = local.services_subdomain + tags = local.tags } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_karpenter/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_karpenter/terragrunt.hcl index fdd798e4..1b3b9d03 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_karpenter/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_karpenter/terragrunt.hcl @@ -16,7 +16,6 @@ locals { tags = merge( local.stack_vars.locals.tags, - local.global_vars.locals.tags, { Name = "${local.stack_namespace}-karpenter" } ) } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_kubeapps/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_kubeapps/terragrunt.hcl index 535df8db..96fa2a67 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_kubeapps/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_kubeapps/terragrunt.hcl @@ -17,8 +17,7 @@ locals { tags = merge( local.stack_vars.locals.tags, - local.global_vars.locals.tags, - { Name = "${local.stack_namespace}-eks" } + { Name = "${local.stack_namespace}-kubeapps" } ) } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_kubecost/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_kubecost/terragrunt.hcl index 594a538d..75558fca 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_kubecost/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_kubecost/terragrunt.hcl @@ -17,8 +17,7 @@ locals { tags = merge( local.stack_vars.locals.tags, - local.global_vars.locals.tags, - { Name = "${local.stack_namespace}-eks" } + { Name = "${local.stack_namespace}-kubecost" } ) } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_metricsserver/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_metricsserver/terragrunt.hcl index 4c2d4551..84e82582 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_metricsserver/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_metricsserver/terragrunt.hcl @@ -16,7 +16,6 @@ locals { tags = merge( local.stack_vars.locals.tags, - local.global_vars.locals.tags, { Name = "${local.stack_namespace}-metrics-server" } ) } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_prometheus/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_prometheus/terragrunt.hcl index 5addf8d0..7b3a4442 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_prometheus/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/kubernetes_prometheus/terragrunt.hcl @@ -16,7 +16,6 @@ locals { tags = merge( local.stack_vars.locals.tags, - local.global_vars.locals.tags, { Name = "${local.stack_namespace}-prometheus" } ) } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/mongodb_volume/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/mongodb_volume/terragrunt.hcl index a1f6766b..46c2dcb0 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/mongodb_volume/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/mongodb_volume/terragrunt.hcl @@ -57,4 +57,5 @@ inputs = { allocated_storage = local.mongodb_allocated_storage tags = local.tags subnet_ids = dependency.vpc.outputs.database_subnets + tags = local.tags } diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/redis/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/redis/terragrunt.hcl index 2b4cb19c..47ad4ce5 100644 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/redis/terragrunt.hcl +++ b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/redis/terragrunt.hcl @@ -17,6 +17,7 @@ locals { redis_node_type = local.stack_vars.locals.redis_node_type tags = merge( + local.global_vars.locals.tags, local.stack_vars.locals.tags, { "cookiecutter/name" = "${local.resource_name}" diff --git a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/varnish/terragrunt.hcl b/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/varnish/terragrunt.hcl deleted file mode 100644 index 294ab7e9..00000000 --- a/{{cookiecutter.github_repo_name}}/terraform/stacks/{{cookiecutter.global_platform_shared_resource_identifier}}/varnish/terragrunt.hcl +++ /dev/null @@ -1,95 +0,0 @@ -#------------------------------------------------------------------------------ -# written by: Miguel Afonso -# https://www.linkedin.com/in/mmafonso/ -# -# date: Feb-2023 -# -# usage: create a Varnish cluster -#------------------------------------------------------------------------------ -locals { - # Automatically load environment-level variables - global_vars = read_terragrunt_config(find_in_parent_folders("global.hcl")) - stack_vars = read_terragrunt_config(find_in_parent_folders("stack.hcl")) - - services_subdomain = local.global_vars.locals.services_subdomain - resource_name = local.stack_vars.locals.stack_namespace - shared_resource_namespace = local.stack_vars.locals.stack_namespace - stack_namespace = local.stack_vars.locals.stack_namespace - - tags = merge( - local.stack_vars.locals.tags, - { - "cookiecutter/name" = "${local.resource_name}" - Name = "${local.resource_name}" - } - ) -} - -dependencies { - paths = [ - "../vpc", - "../kubernetes", - ] -} - -dependency "vpc" { - config_path = "../vpc" - - # Configure mock outputs for the `validate` and `init` commands that are returned when there are no outputs available (e.g the - # module hasn't been applied yet. - mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"] - mock_outputs = { - vpc_id = "fake-vpc-id" - database_subnets = ["fake-subnetid-01", "fake-subnetid-02"] - elasticache_subnets = ["fake-elasticache-subnet-01", "fake-elasticache-subnet-02"] - vpc_cidr_block = "fake-cidr-block" - } -} - -dependency "kubernetes" { - config_path = "../kubernetes" - - # Configure mock outputs for the `validate` and `init` commands that are returned when there are no outputs available (e.g the - # module hasn't been applied yet. - mock_outputs_allowed_terraform_commands = ["init", "validate", "plan", "destroy"] - mock_outputs = { - cluster_arn = "fake-cluster-arn" - cluster_certificate_authority_data = "fake-cert" - cluster_endpoint = "fake-cluster-endpoint" - cluster_id = "fake-cluster-id" - cluster_oidc_issuer_url = "fake-oidc-issuer-url" - cluster_platform_version = "fake-cluster-version" - cluster_security_group_arn = "fake-security-group-arn" - cluster_security_group_id = "fake-security-group-id" - cluster_status = "fake-cluster-status" - cluster_version = "fake-cluster-version" - eks_managed_node_groups = "fake-managed-node-group" - fargate_profiles = "fake-fargate-profile" - node_security_group_arn = "fake-security-group-arn" - node_security_group_id = "fake-security-group-id" - oidc_provider = "fake-oidc-provider" - oidc_provider_arn = "fake-provider-arn" - } -} - -# Terragrunt will copy the Terraform configurations specified by the source parameter, along with any files in the -# working directory, into a temporary folder, and execute your Terraform commands in that folder. -terraform { - source = "../../modules//varnish" -} - -# Include all settings from the root terragrunt.hcl file -include { - path = find_in_parent_folders() -} - -# These are the variables we have to pass in to use the module specified in the terragrunt configuration above -inputs = { - - # Varnish cache identifying information - stack_namespace = local.stack_namespace - services_subdomain = local.services_subdomain - resource_name = local.resource_name - shared_resource_namespace = local.shared_resource_namespace - tags = local.tags -}