All modules terraform templates done

terraforn/main.tf

@@ -1,65 +1,101 @@
+terraform {
+  required_version = ">= 0.14"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.0"
+    }
+  }
+}
+
 provider "aws" {
-  region = "us-east-1"
+  region = var.aws_region
 }
 
-resource "aws_vpc" "k8s_vpc" {
-  cidr_block = "10.0.0.0/16"
-  enable_dns_support = true
-  enable_dns_hostnames = true
-  tags = {
-    Name = "k8s_vpc-${terraform.workspace}"
-  }
+# VPC Module
+module "vpc_k8s" {
+  source              = "./modules/vpc"
+  vpc_cidr            = "10.0.0.0/16"
+  public_subnet_cidrs = ["10.0.1.0/24", "10.0.2.0/24"]
+  private_subnet_cidrs= ["10.0.3.0/24", "10.0.4.0/24"]
+  availability_zones  = ["us-east-1a", "us-east-1b"]
+  cluster_name        = "?????" # TODO
 }
 
-resource "aws_subnet" "k8s_subnet" {
-  vpc_id                  = aws_vpc.k8s_vpc.id
-  cidr_block              = "10.0.1.0/24"
-  map_public_ip_on_launch = true
-  availability_zone       = "us-east-1a"
-  tags = {
-    Name = "k8s_subnet-${terraform.workspace}"
-  }
+
+# Security Groups Module
+module "security_groups" {
+  source          = "./modules/security_groups"
+  cluster_name    = "?????" # TODO
+  vpc_id          = module.vpc.vpc_id
+  ssh_access_cidr = "?????" # TODO
+  environment     = "prd"
 }
 
-resource "aws_security_group" "k8s_sg" {
-  name        = "k8s_sg-${terraform.workspace}"
-  description = "Allow Kubernetes cluster traffic"
-  vpc_id      = aws_vpc.k8s_vpc.id
 
-  ingress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
+# EC2 Module for Kubernetes Nodes
+module "ec2_k8s_nodes" {
+  source            = "./modules/ec2"
+  instance_count    = 3
+  ami_id            = "?????" # TODO
+  instance_type     = "t2.medium"
+  subnet_id         = "?????" # TODO
+  key_name          = "?????" # TODO
+  security_group_id = "?????" # TODO
+  cluster_name      = "?????" # TODO
+}
 
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
 
-  tags = {
-    Name = "k8s_sg-${terraform.workspace}"
-  }
+# Networking Module
+module "networking_k8s" {
+  source            = "./modules/networking"
+  cluster_name      = "?????" # TODO
+  availability_zones= ["us-east-1a", "us-east-1b"]
+  subnets           = ["subnet-?????", "subnet-?????"] # TODO
+  route53_zone_id   = "?????" # TODO
+  route53_zone_name = "?????" # TODO
 }
 
-module "ec2_k8s" {
-  source             = "./modules/ec2_k8s"
-  ami_id             = "ami-?????"
-  subnet_id          = aws_subnet.k8s_subnet.id
-  key_name           = "your-key-name"
-  security_group_name= aws_security_group.k8s_sg.name
+
+# IAM Module
+module "iam_k8s" {
+  source       = "./modules/iam"
+  cluster_name = "?????" # TODO
 }
 
 
-module "cilium" {
-  source = "git::https://github.com/your-repo/terraform-helm-cilium.git?ref=v1.0.0"
-  # Configuration parameters for Cilium
+# CloudWatch Module
+module "cloudwatch_k8s_logs" {
+  source            = "./modules/cloudwatch"
+  cluster_name      = "?????"
+  log_retention_days= 90
+  environment       = "prd"
+}
+
+# S3 Modules
+module "s3_logs" {
+  source        = "./modules/s3"
+  bucket_prefix = "?????" # TODO
+  environment   = "prd"
 }
 
-module "grafana" {
-  source = "git::https://github.com/your-repo/terraform-helm-grafana.git?ref=v1.0.0"
-  # Configuration parameters for Grafana
+module "s3_tfstate" {
+  source        = "./modules/s3"
+  bucket_prefix = "?????" # TODO
+  environment   = "prd"
+}
+
+
+# Helm for deploying Cilium
+module "cilium" {
+  source                   = "./modules/cilium"
+  kube_cluster_endpoint    = module.kubernetes.cluster_endpoint
+  kube_cluster_token       = module.kubernetes.cluster_token
+  kube_cluster_ca_certificate = module.kubernetes.cluster_ca_certificate
+  cilium_version           = "1.9.5" # TODO specify Cilium version
 }

terraforn/modules/cilium/cilium-values.yaml

@@ -0,0 +1,6 @@
+hubble:
+  listenAddress: ":4244"
+  relay:
+    enabled: true
+  ui:
+    enabled: true

terraforn/modules/cilium/main.tf

@@ -0,0 +1,21 @@
+provider "helm" {
+  kubernetes {
+    host                   = var.kube_cluster_endpoint
+    token                  = var.kube_cluster_token
+    cluster_ca_certificate = base64decode(var.kube_cluster_ca_certificate)
+  }
+}
+
+resource "helm_release" "cilium" {
+  name       = "cilium"
+  repository = "https://helm.cilium.io/"
+  chart      = "cilium"
+  version    = var.cilium_version
+
+  namespace = var.namespace
+
+  # Enabling Hubble within the Cilium installation
+  values = [
+    "${file("${path.module}/cilium-values.yaml")}"
+  ]
+}

terraforn/modules/cilium/outputs.tf

@@ -0,0 +1,9 @@
+output "cilium_helm_release_name" {
+  description = "The name of the deployed Cilium Helm release."
+  value       = helm_release.cilium.name
+}
+
+output "cilium_namespace" {
+  description = "The namespace where Cilium is deployed."
+  value       = var.namespace
+}

terraforn/modules/cilium/variables.tf

@@ -0,0 +1,26 @@
+variable "kube_cluster_endpoint" {
+  description = "Endpoint for the Kubernetes cluster."
+  type        = string
+}
+
+variable "kube_cluster_token" {
+  description = "Token for authentication to the Kubernetes cluster."
+  type        = string
+}
+
+variable "kube_cluster_ca_certificate" {
+  description = "CA certificate for the Kubernetes cluster, base64 encoded."
+  type        = string
+}
+
+variable "cilium_version" {
+  description = "The version of the Cilium Helm chart to deploy."
+  type        = string
+  default     = "1.9.1"
+}
+
+variable "namespace" {
+  description = "The Kubernetes namespace in which to deploy Cilium."
+  type        = string
+  default     = "kube-system"
+}

terraforn/modules/cloudwatch/main.tf

@@ -0,0 +1,9 @@
+resource "aws_cloudwatch_log_group" "k8s_logs" {
+  name              = "/aws/k8s/${var.cluster_name}"
+  retention_in_days = var.log_retention_days
+
+  tags = {
+    Name        = "LogGroup-${var.cluster_name}"
+    Environment = var.environment
+  }
+}

terraforn/modules/cloudwatch/outputs.tf

@@ -0,0 +1,9 @@
+output "cloudwatch_log_group_name" {
+  value       = aws_cloudwatch_log_group.k8s_logs.name
+  description = "The name of the CloudWatch log group created for the Kubernetes cluster."
+}
+
+output "cloudwatch_log_group_arn" {
+  value       = aws_cloudwatch_log_group.k8s_logs.arn
+  description = "The ARN of the CloudWatch log group created for the Kubernetes cluster."
+}

terraforn/modules/cloudwatch/variables.tf

@@ -0,0 +1,15 @@
+variable "cluster_name" {
+  description = "The name of the Kubernetes cluster. Used for naming the log group."
+  type        = string
+}
+
+variable "log_retention_days" {
+  description = "The number of days to retain logs in the log group."
+  type        = number
+  default     = 30
+}
+
+variable "environment" {
+  description = "The deployment environment (e.g., dev, staging, prod) for tagging purposes."
+  type        = string
+}

terraforn/modules/ec2/main.tf

@@ -1,24 +1,13 @@
-resource "aws_instance" "k8s_master" {
-  ami               = var.ami_id
-  instance_type     = var.master_instance_type
-  subnet_id         = var.subnet_id
-  key_name          = var.key_name
-  security_groups   = [var.security_group_name]
+resource "aws_instance" "k8s_node" {
+  count         = var.instance_count
+  ami           = var.ami_id
+  instance_type = var.instance_type
+  subnet_id     = var.subnet_id
+  key_name      = var.key_name
 
-  tags = {
-    Name = "k8s_master-${terraform.workspace}"
-  }
-}
-
-resource "aws_instance" "k8s_worker" {
-  count             = var.worker_count
-  ami               = var.ami_id
-  instance_type     = var.worker_instance_type
-  subnet_id         = var.subnet_id
-  key_name          = var.key_name
-  security_groups   = [var.security_group_name]
+  vpc_security_group_ids = [var.security_group_id]
 
   tags = {
-    Name = "k8s_worker-${count.index}-${terraform.workspace}"
+    Name = "${var.cluster_name}-${count.index}"
   }
 }

terraforn/modules/ec2/outputs.tf

@@ -1,9 +1,9 @@
-output "master_instance_id" {
-  value       = aws_instance.k8s_master.id
-  description = "The ID of the Kubernetes master instance."
+output "instance_ids" {
+  value       = aws_instance.k8s_node.*.id
+  description = "The IDs of the EC2 instances."
 }
 
-output "worker_instance_ids" {
-  value       = aws_instance.k8s_worker.*.id
-  description = "The IDs of the Kubernetes worker instances."
+output "instance_public_ips" {
+  value       = aws_instance.k8s_node.*.public_ip
+  description = "The public IPs of the EC2 instances."
 }

terraforn/modules/ec2/variables.tf

@@ -1,30 +1,34 @@
-variable "ami_id" {
-  description = "The AMI ID for the instances."
+variable "instance_count" {
+  description = "Number of instances to launch."
+  type        = number
 }
 
-variable "master_instance_type" {
-  description = "Instance type for the master node."
-  default     = "t2.medium"
+variable "ami_id" {
+  description = "The ID of the AMI to use for the instances."
+  type        = string
 }
 
-variable "worker_instance_type" {
-  description = "Instance type for the worker nodes."
-  default     = "t2.medium"
+variable "instance_type" {
+  description = "The instance type of the Kubernetes nodes."
+  type        = string
 }
 
 variable "subnet_id" {
-  description = "The ID of the subnet where instances will be created."
+  description = "The ID of the subnet to launch the instances in."
+  type        = string
 }
 
 variable "key_name" {
   description = "The key name to use for the instance."
+  type        = string
 }
 
-variable "security_group_name" {
-  description = "The name of the security group to attach to the instances."
+variable "security_group_id" {
+  description = "The ID of the security group to associate with the instances."
+  type        = string
 }
 
-variable "worker_count" {
-  description = "The number of worker instances to create."
-  default     = 2
+variable "cluster_name" {
+  description = "The name of the Kubernetes cluster. Used for tagging."
+  type        = string
 }

terraforn/modules/iam/main.tf

@@ -0,0 +1,26 @@
+resource "aws_iam_role" "k8s_role" {
+  name = "${var.cluster_name}-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "k8s_policy" {
+  role       = aws_iam_role.k8s_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+}
+
+resource "aws_iam_instance_profile" "k8s_instance_profile" {
+  name = "${var.cluster_name}-instance-profile"
+  role = aws_iam_role.k8s_role.name
+}

terraforn/modules/iam/outputs.tf

@@ -0,0 +1,9 @@
+output "iam_role_name" {
+  value       = aws_iam_role.k8s_role.name
+  description = "The name of the IAM role created for Kubernetes nodes."
+}
+
+output "iam_instance_profile" {
+  value       = aws_iam_instance_profile.k8s_instance_profile.name
+  description = "The instance profile to be used by the EC2 instances."
+}

terraforn/modules/iam/variables.tf

@@ -0,0 +1,4 @@
+variable "cluster_name" {
+  description = "The name of the Kubernetes cluster. Used for naming IAM resources."
+  type        = string
+}