diff --git a/terraforn/main.tf b/terraforn/main.tf index 47795e2..044e535 100644 --- a/terraforn/main.tf +++ b/terraforn/main.tf @@ -1,65 +1,101 @@ +terraform { + required_version = ">= 0.14" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 3.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 2.0" + } + } +} + provider "aws" { - region = "us-east-1" + region = var.aws_region } -resource "aws_vpc" "k8s_vpc" { - cidr_block = "10.0.0.0/16" - enable_dns_support = true - enable_dns_hostnames = true - tags = { - Name = "k8s_vpc-${terraform.workspace}" - } +# VPC Module +module "vpc_k8s" { + source = "./modules/vpc" + vpc_cidr = "10.0.0.0/16" + public_subnet_cidrs = ["10.0.1.0/24", "10.0.2.0/24"] + private_subnet_cidrs= ["10.0.3.0/24", "10.0.4.0/24"] + availability_zones = ["us-east-1a", "us-east-1b"] + cluster_name = "?????" # TODO } -resource "aws_subnet" "k8s_subnet" { - vpc_id = aws_vpc.k8s_vpc.id - cidr_block = "10.0.1.0/24" - map_public_ip_on_launch = true - availability_zone = "us-east-1a" - tags = { - Name = "k8s_subnet-${terraform.workspace}" - } + +# Security Groups Module +module "security_groups" { + source = "./modules/security_groups" + cluster_name = "?????" # TODO + vpc_id = module.vpc.vpc_id + ssh_access_cidr = "?????" # TODO + environment = "prd" } -resource "aws_security_group" "k8s_sg" { - name = "k8s_sg-${terraform.workspace}" - description = "Allow Kubernetes cluster traffic" - vpc_id = aws_vpc.k8s_vpc.id - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } +# EC2 Module for Kubernetes Nodes +module "ec2_k8s_nodes" { + source = "./modules/ec2" + instance_count = 3 + ami_id = "?????" # TODO + instance_type = "t2.medium" + subnet_id = "?????" # TODO + key_name = "?????" # TODO + security_group_id = "?????" # TODO + cluster_name = "?????" # TODO +} - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - tags = { - Name = "k8s_sg-${terraform.workspace}" - } +# Networking Module +module "networking_k8s" { + source = "./modules/networking" + cluster_name = "?????" # TODO + availability_zones= ["us-east-1a", "us-east-1b"] + subnets = ["subnet-?????", "subnet-?????"] # TODO + route53_zone_id = "?????" # TODO + route53_zone_name = "?????" # TODO } -module "ec2_k8s" { - source = "./modules/ec2_k8s" - ami_id = "ami-?????" - subnet_id = aws_subnet.k8s_subnet.id - key_name = "your-key-name" - security_group_name= aws_security_group.k8s_sg.name + +# IAM Module +module "iam_k8s" { + source = "./modules/iam" + cluster_name = "?????" # TODO } -module "cilium" { - source = "git::https://github.com/your-repo/terraform-helm-cilium.git?ref=v1.0.0" - # Configuration parameters for Cilium +# CloudWatch Module +module "cloudwatch_k8s_logs" { + source = "./modules/cloudwatch" + cluster_name = "?????" + log_retention_days= 90 + environment = "prd" +} + +# S3 Modules +module "s3_logs" { + source = "./modules/s3" + bucket_prefix = "?????" # TODO + environment = "prd" } -module "grafana" { - source = "git::https://github.com/your-repo/terraform-helm-grafana.git?ref=v1.0.0" - # Configuration parameters for Grafana +module "s3_tfstate" { + source = "./modules/s3" + bucket_prefix = "?????" # TODO + environment = "prd" +} + + +# Helm for deploying Cilium +module "cilium" { + source = "./modules/cilium" + kube_cluster_endpoint = module.kubernetes.cluster_endpoint + kube_cluster_token = module.kubernetes.cluster_token + kube_cluster_ca_certificate = module.kubernetes.cluster_ca_certificate + cilium_version = "1.9.5" # TODO specify Cilium version } diff --git a/terraforn/modules/cilium/cilium-values.yaml b/terraforn/modules/cilium/cilium-values.yaml new file mode 100644 index 0000000..defbd62 --- /dev/null +++ b/terraforn/modules/cilium/cilium-values.yaml @@ -0,0 +1,6 @@ +hubble: + listenAddress: ":4244" + relay: + enabled: true + ui: + enabled: true diff --git a/terraforn/modules/cilium/main.tf b/terraforn/modules/cilium/main.tf new file mode 100644 index 0000000..03d98d0 --- /dev/null +++ b/terraforn/modules/cilium/main.tf @@ -0,0 +1,21 @@ +provider "helm" { + kubernetes { + host = var.kube_cluster_endpoint + token = var.kube_cluster_token + cluster_ca_certificate = base64decode(var.kube_cluster_ca_certificate) + } +} + +resource "helm_release" "cilium" { + name = "cilium" + repository = "https://helm.cilium.io/" + chart = "cilium" + version = var.cilium_version + + namespace = var.namespace + + # Enabling Hubble within the Cilium installation + values = [ + "${file("${path.module}/cilium-values.yaml")}" + ] +} diff --git a/terraforn/modules/cilium/outputs.tf b/terraforn/modules/cilium/outputs.tf new file mode 100644 index 0000000..f9e32c7 --- /dev/null +++ b/terraforn/modules/cilium/outputs.tf @@ -0,0 +1,9 @@ +output "cilium_helm_release_name" { + description = "The name of the deployed Cilium Helm release." + value = helm_release.cilium.name +} + +output "cilium_namespace" { + description = "The namespace where Cilium is deployed." + value = var.namespace +} diff --git a/terraforn/modules/cilium/variables.tf b/terraforn/modules/cilium/variables.tf new file mode 100644 index 0000000..30e428f --- /dev/null +++ b/terraforn/modules/cilium/variables.tf @@ -0,0 +1,26 @@ +variable "kube_cluster_endpoint" { + description = "Endpoint for the Kubernetes cluster." + type = string +} + +variable "kube_cluster_token" { + description = "Token for authentication to the Kubernetes cluster." + type = string +} + +variable "kube_cluster_ca_certificate" { + description = "CA certificate for the Kubernetes cluster, base64 encoded." + type = string +} + +variable "cilium_version" { + description = "The version of the Cilium Helm chart to deploy." + type = string + default = "1.9.1" +} + +variable "namespace" { + description = "The Kubernetes namespace in which to deploy Cilium." + type = string + default = "kube-system" +} diff --git a/terraforn/modules/cloudwatch/main.tf b/terraforn/modules/cloudwatch/main.tf index e69de29..9e0cba6 100644 --- a/terraforn/modules/cloudwatch/main.tf +++ b/terraforn/modules/cloudwatch/main.tf @@ -0,0 +1,9 @@ +resource "aws_cloudwatch_log_group" "k8s_logs" { + name = "/aws/k8s/${var.cluster_name}" + retention_in_days = var.log_retention_days + + tags = { + Name = "LogGroup-${var.cluster_name}" + Environment = var.environment + } +} diff --git a/terraforn/modules/cloudwatch/outputs.tf b/terraforn/modules/cloudwatch/outputs.tf index e69de29..a63d092 100644 --- a/terraforn/modules/cloudwatch/outputs.tf +++ b/terraforn/modules/cloudwatch/outputs.tf @@ -0,0 +1,9 @@ +output "cloudwatch_log_group_name" { + value = aws_cloudwatch_log_group.k8s_logs.name + description = "The name of the CloudWatch log group created for the Kubernetes cluster." +} + +output "cloudwatch_log_group_arn" { + value = aws_cloudwatch_log_group.k8s_logs.arn + description = "The ARN of the CloudWatch log group created for the Kubernetes cluster." +} diff --git a/terraforn/modules/cloudwatch/variables.tf b/terraforn/modules/cloudwatch/variables.tf index e69de29..691f86a 100644 --- a/terraforn/modules/cloudwatch/variables.tf +++ b/terraforn/modules/cloudwatch/variables.tf @@ -0,0 +1,15 @@ +variable "cluster_name" { + description = "The name of the Kubernetes cluster. Used for naming the log group." + type = string +} + +variable "log_retention_days" { + description = "The number of days to retain logs in the log group." + type = number + default = 30 +} + +variable "environment" { + description = "The deployment environment (e.g., dev, staging, prod) for tagging purposes." + type = string +} diff --git a/terraforn/modules/ec2/main.tf b/terraforn/modules/ec2/main.tf index 8d0274a..983d928 100644 --- a/terraforn/modules/ec2/main.tf +++ b/terraforn/modules/ec2/main.tf @@ -1,24 +1,13 @@ -resource "aws_instance" "k8s_master" { - ami = var.ami_id - instance_type = var.master_instance_type - subnet_id = var.subnet_id - key_name = var.key_name - security_groups = [var.security_group_name] +resource "aws_instance" "k8s_node" { + count = var.instance_count + ami = var.ami_id + instance_type = var.instance_type + subnet_id = var.subnet_id + key_name = var.key_name - tags = { - Name = "k8s_master-${terraform.workspace}" - } -} - -resource "aws_instance" "k8s_worker" { - count = var.worker_count - ami = var.ami_id - instance_type = var.worker_instance_type - subnet_id = var.subnet_id - key_name = var.key_name - security_groups = [var.security_group_name] + vpc_security_group_ids = [var.security_group_id] tags = { - Name = "k8s_worker-${count.index}-${terraform.workspace}" + Name = "${var.cluster_name}-${count.index}" } } diff --git a/terraforn/modules/ec2/outputs.tf b/terraforn/modules/ec2/outputs.tf index e94998c..98db00c 100644 --- a/terraforn/modules/ec2/outputs.tf +++ b/terraforn/modules/ec2/outputs.tf @@ -1,9 +1,9 @@ -output "master_instance_id" { - value = aws_instance.k8s_master.id - description = "The ID of the Kubernetes master instance." +output "instance_ids" { + value = aws_instance.k8s_node.*.id + description = "The IDs of the EC2 instances." } -output "worker_instance_ids" { - value = aws_instance.k8s_worker.*.id - description = "The IDs of the Kubernetes worker instances." +output "instance_public_ips" { + value = aws_instance.k8s_node.*.public_ip + description = "The public IPs of the EC2 instances." } diff --git a/terraforn/modules/ec2/variables.tf b/terraforn/modules/ec2/variables.tf index 5473277..3620cbd 100644 --- a/terraforn/modules/ec2/variables.tf +++ b/terraforn/modules/ec2/variables.tf @@ -1,30 +1,34 @@ -variable "ami_id" { - description = "The AMI ID for the instances." +variable "instance_count" { + description = "Number of instances to launch." + type = number } -variable "master_instance_type" { - description = "Instance type for the master node." - default = "t2.medium" +variable "ami_id" { + description = "The ID of the AMI to use for the instances." + type = string } -variable "worker_instance_type" { - description = "Instance type for the worker nodes." - default = "t2.medium" +variable "instance_type" { + description = "The instance type of the Kubernetes nodes." + type = string } variable "subnet_id" { - description = "The ID of the subnet where instances will be created." + description = "The ID of the subnet to launch the instances in." + type = string } variable "key_name" { description = "The key name to use for the instance." + type = string } -variable "security_group_name" { - description = "The name of the security group to attach to the instances." +variable "security_group_id" { + description = "The ID of the security group to associate with the instances." + type = string } -variable "worker_count" { - description = "The number of worker instances to create." - default = 2 +variable "cluster_name" { + description = "The name of the Kubernetes cluster. Used for tagging." + type = string } diff --git a/terraforn/modules/helm/main.tf b/terraforn/modules/helm/main.tf deleted file mode 100644 index e69de29..0000000 diff --git a/terraforn/modules/helm/outputs.tf b/terraforn/modules/helm/outputs.tf deleted file mode 100644 index e69de29..0000000 diff --git a/terraforn/modules/helm/variables.tf b/terraforn/modules/helm/variables.tf deleted file mode 100644 index e69de29..0000000 diff --git a/terraforn/modules/iam/main.tf b/terraforn/modules/iam/main.tf index e69de29..a33ce2b 100644 --- a/terraforn/modules/iam/main.tf +++ b/terraforn/modules/iam/main.tf @@ -0,0 +1,26 @@ +resource "aws_iam_role" "k8s_role" { + name = "${var.cluster_name}-role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "ec2.amazonaws.com" + } + }, + ] + }) +} + +resource "aws_iam_role_policy_attachment" "k8s_policy" { + role = aws_iam_role.k8s_role.name + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" +} + +resource "aws_iam_instance_profile" "k8s_instance_profile" { + name = "${var.cluster_name}-instance-profile" + role = aws_iam_role.k8s_role.name +} diff --git a/terraforn/modules/iam/outputs.tf b/terraforn/modules/iam/outputs.tf index e69de29..99df019 100644 --- a/terraforn/modules/iam/outputs.tf +++ b/terraforn/modules/iam/outputs.tf @@ -0,0 +1,9 @@ +output "iam_role_name" { + value = aws_iam_role.k8s_role.name + description = "The name of the IAM role created for Kubernetes nodes." +} + +output "iam_instance_profile" { + value = aws_iam_instance_profile.k8s_instance_profile.name + description = "The instance profile to be used by the EC2 instances." +} diff --git a/terraforn/modules/iam/variables.tf b/terraforn/modules/iam/variables.tf index e69de29..576ecc9 100644 --- a/terraforn/modules/iam/variables.tf +++ b/terraforn/modules/iam/variables.tf @@ -0,0 +1,4 @@ +variable "cluster_name" { + description = "The name of the Kubernetes cluster. Used for naming IAM resources." + type = string +} diff --git a/terraforn/modules/networking/main.tf b/terraforn/modules/networking/main.tf index e69de29..3f9b674 100644 --- a/terraforn/modules/networking/main.tf +++ b/terraforn/modules/networking/main.tf @@ -0,0 +1,35 @@ +resource "aws_elb" "k8s_elb" { + name = "${var.cluster_name}-elb" + availability_zones = var.availability_zones + subnets = var.subnets + + listener { + instance_port = 80 + instance_protocol = "HTTP" + lb_port = 80 + lb_protocol = "HTTP" + } + + health_check { + target = "HTTP:80/" + interval = 30 + timeout = 5 + healthy_threshold = 2 + unhealthy_threshold = 2 + } + + tags = { + Name = "${var.cluster_name}-elb" + } +} + +resource "aws_route53_record" "k8s_dns" { + zone_id = var.route53_zone_id + name = "${var.cluster_name}.${var.route53_zone_name}" + type = "A" + alias { + name = aws_elb.k8s_elb.dns_name + zone_id = aws_elb.k8s_elb.zone_id + evaluate_target_health = true + } +} diff --git a/terraforn/modules/networking/outputs.tf b/terraforn/modules/networking/outputs.tf index e69de29..c8f8ad9 100644 --- a/terraforn/modules/networking/outputs.tf +++ b/terraforn/modules/networking/outputs.tf @@ -0,0 +1,9 @@ +output "elb_dns_name" { + value = aws_elb.k8s_elb.dns_name + description = "The DNS name of the ELB created for the Kubernetes cluster." +} + +output "route53_dns_record" { + value = aws_route53_record.k8s_dns.name + description = "The Route 53 DNS record for the Kubernetes cluster." +} diff --git a/terraforn/modules/networking/variables.tf b/terraforn/modules/networking/variables.tf index e69de29..858b9d1 100644 --- a/terraforn/modules/networking/variables.tf +++ b/terraforn/modules/networking/variables.tf @@ -0,0 +1,24 @@ +variable "cluster_name" { + description = "The name of the Kubernetes cluster. Used for naming." + type = string +} + +variable "availability_zones" { + description = "The availability zones in which to deploy the ELB." + type = list(string) +} + +variable "subnets" { + description = "The subnets for the ELB." + type = list(string) +} + +variable "route53_zone_id" { + description = "The Route 53 hosted zone ID for DNS records." + type = string +} + +variable "route53_zone_name" { + description = "The Route 53 hosted zone name for DNS records." + type = string +} diff --git a/terraforn/modules/s3/main.tf b/terraforn/modules/s3/main.tf new file mode 100644 index 0000000..b54805e --- /dev/null +++ b/terraforn/modules/s3/main.tf @@ -0,0 +1,30 @@ +resource "aws_s3_bucket" "bucket" { + bucket_prefix = "${var.bucket_prefix}-" + acl = "private" + + versioning { + enabled = true + } + + server_side_encryption_configuration { + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } + } + + tags = { + Name = "Bucket-${var.bucket_prefix}" + Environment = var.environment + } +} + +resource "aws_s3_bucket_public_access_block" "public_access_block" { + bucket = aws_s3_bucket.bucket.id + + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} diff --git a/terraforn/modules/s3/outputs.tf b/terraforn/modules/s3/outputs.tf new file mode 100644 index 0000000..b98b83f --- /dev/null +++ b/terraforn/modules/s3/outputs.tf @@ -0,0 +1,9 @@ +output "s3_bucket_name" { + value = aws_s3_bucket.bucket.bucket + description = "The name of the S3 bucket created." +} + +output "s3_bucket_arn" { + value = aws_s3_bucket.bucket.arn + description = "The ARN of the S3 bucket created." +} diff --git a/terraforn/modules/s3/variables.tf b/terraforn/modules/s3/variables.tf new file mode 100644 index 0000000..2d7b454 --- /dev/null +++ b/terraforn/modules/s3/variables.tf @@ -0,0 +1,9 @@ +variable "bucket_prefix" { + description = "A prefix used to name the bucket (e.g., logs, tfstate). The final name will be auto-generated by AWS to ensure uniqueness." + type = string +} + +variable "environment" { + description = "The deployment environment (e.g., dev, staging, prd) for tagging purposes." + type = string +} diff --git a/terraforn/modules/security groups/main.tf b/terraforn/modules/security groups/main.tf index e69de29..a91acbe 100644 --- a/terraforn/modules/security groups/main.tf +++ b/terraforn/modules/security groups/main.tf @@ -0,0 +1,62 @@ +resource "aws_security_group" "k8s_node_sg" { + name = "${var.cluster_name}-node-sg" + description = "Security group for Kubernetes nodes" + vpc_id = var.vpc_id + + # Allow inbound SSH + ingress { + description = "SSH" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [var.ssh_access_cidr] + } + + # Allow all outbound traffic + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "${var.cluster_name}-node-sg" + Environment = var.environment + } +} + +resource "aws_security_group" "lb_sg" { + name = "${var.cluster_name}-lb-sg" + description = "Security group for Kubernetes Load Balancer" + vpc_id = var.vpc_id + + # Allow inbound HTTP and HTTPS + ingress { + description = "HTTP" + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + ingress { + description = "HTTPS" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + # Allow all outbound traffic + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "${var.cluster_name}-lb-sg" + Environment = var.environment + } +} diff --git a/terraforn/modules/security groups/outputs.tf b/terraforn/modules/security groups/outputs.tf index e69de29..6988041 100644 --- a/terraforn/modules/security groups/outputs.tf +++ b/terraforn/modules/security groups/outputs.tf @@ -0,0 +1,9 @@ +output "k8s_node_sg_id" { + value = aws_security_group.k8s_node_sg.id + description = "The ID of the security group for Kubernetes nodes." +} + +output "lb_sg_id" { + value = aws_security_group.lb_sg.id + description = "The ID of the security group for the Kubernetes Load Balancer." +} diff --git a/terraforn/modules/security groups/variables.tf b/terraforn/modules/security groups/variables.tf index e69de29..e91fafe 100644 --- a/terraforn/modules/security groups/variables.tf +++ b/terraforn/modules/security groups/variables.tf @@ -0,0 +1,20 @@ +variable "cluster_name" { + description = "The name of the Kubernetes cluster. Used for tagging." + type = string +} + +variable "vpc_id" { + description = "The ID of the VPC where security groups will be created." + type = string +} + +variable "ssh_access_cidr" { + description = "CIDR block allowed for SSH access to the nodes." + type = string + default = "0.0.0.0/0" # TODO restrict this to known IPs for security +} + +variable "environment" { + description = "The deployment environment (e.g., dev, staging, prd) for tagging purposes." + type = string +} diff --git a/terraforn/modules/vpc/main.tf b/terraforn/modules/vpc/main.tf index 297e735..b8a8655 100644 --- a/terraforn/modules/vpc/main.tf +++ b/terraforn/modules/vpc/main.tf @@ -1,111 +1,53 @@ -resource "aws_vpc" "main" { - cidr_block = var.cidr_block +resource "aws_vpc" "k8s_vpc" { + cidr_block = var.vpc_cidr enable_dns_support = true enable_dns_hostnames = true - tags = { - Name = "K8s-VPC-${terraform.workspace}" + Name = "${var.cluster_name}-vpc" } } -resource "aws_subnet" "public" { - count = length(var.public_subnet_cidrs) - - vpc_id = aws_vpc.main.id - cidr_block = var.public_subnet_cidrs[count.index] - availability_zone = element(var.availability_zones, count.index) +resource "aws_subnet" "public_subnet" { + count = length(var.public_subnet_cidrs) + vpc_id = aws_vpc.k8s_vpc.id + cidr_block = element(var.public_subnet_cidrs, count.index) + availability_zone = element(var.availability_zones, count.index) map_public_ip_on_launch = true - tags = { - Name = "Public-Subnet-${count.index}-${terraform.workspace}" + Name = "${var.cluster_name}-public-${count.index}" } } -resource "aws_subnet" "private" { - count = length(var.private_subnet_cidrs) - - vpc_id = aws_vpc.main.id - cidr_block = var.private_subnet_cidrs[count.index] +resource "aws_subnet" "private_subnet" { + count = length(var.private_subnet_cidrs) + vpc_id = aws_vpc.k8s_vpc.id + cidr_block = element(var.private_subnet_cidrs, count.index) availability_zone = element(var.availability_zones, count.index) - tags = { - Name = "Private-Subnet-${count.index}-${terraform.workspace}" + Name = "${var.cluster_name}-private-${count.index}" } } resource "aws_internet_gateway" "igw" { - vpc_id = aws_vpc.main.id - - tags = { - Name = "K8s-IGW-${terraform.workspace}" - } -} - -# Assuming one NAT Gateway per public subnet for simplicity -# TODO optimize this -resource "aws_nat_gateway" "nat" { - count = length(var.public_subnet_cidrs) - - allocation_id = aws_eip.nat[count.index].id - subnet_id = aws_subnet.public[count.index].id - - tags = { - Name = "K8s-NAT-${count.index}-${terraform.workspace}" - } -} - -resource "aws_eip" "nat" { - count = length(var.public_subnet_cidrs) - - vpc = true - + vpc_id = aws_vpc.k8s_vpc.id tags = { - Name = "K8s-NAT-EIP-${count.index}-${terraform.workspace}" + Name = "${var.cluster_name}-igw" } } -# Routing table for public subnets -resource "aws_route_table" "public" { - vpc_id = aws_vpc.main.id - +resource "aws_route_table" "public_route_table" { + vpc_id = aws_vpc.k8s_vpc.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.igw.id } - tags = { - Name = "Public-Subnet-Route-Table-${terraform.workspace}" + Name = "${var.cluster_name}-public-route-table" } } -# Associate public subnets with the public route table -resource "aws_route_table_association" "public" { - count = length(aws_subnet.public) - - subnet_id = aws_subnet.public[count.index].id - route_table_id = aws_route_table.public.id -} - -# Routing table for private subnets -resource "aws_route_table" "private" { - count = length(var.private_subnet_cidrs) - - vpc_id = aws_vpc.main.id - - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = aws_nat_gateway.nat[count.index].id - } - - tags = { - Name = "Private-Subnet-Route-Table-${count.index}-${terraform.workspace}" - } -} - -# Associate private subnets with their respective private route tables -resource "aws_route_table_association" "private" { - count = length(aws_subnet.private) - - subnet_id = aws_subnet.private[count.index].id - route_table_id = aws_route_table.private[count.index].id +resource "aws_route_table_association" "public_route_table_assoc" { + count = length(aws_subnet.public_subnet) + subnet_id = element(aws_subnet.public_subnet.*.id, count.index) + route_table_id = aws_route_table.public_route_table.id } diff --git a/terraforn/modules/vpc/outputs.tf b/terraforn/modules/vpc/outputs.tf index c99add2..38f4551 100644 --- a/terraforn/modules/vpc/outputs.tf +++ b/terraforn/modules/vpc/outputs.tf @@ -1,14 +1,19 @@ output "vpc_id" { - value = aws_vpc.main.id - description = "The ID of the VPC." + value = aws_vpc.k8s_vpc.id + description = "The ID of the VPC created for the Kubernetes cluster." } -output "public_subnet_ids" { - value = aws_subnet.public[*].id - description = "The IDs of the public subnets." +output "public_subnets" { + value = aws_subnet.public_subnet.*.id + description = "The IDs of the public subnets created in the VPC." } -output "private_subnet_ids" { - value = aws_subnet.private[*].id - description = "The IDs of the private subnets." +output "private_subnets" { + value = aws_subnet.private_subnet.*.id + description = "The IDs of the private subnets created in the VPC." +} + +output "internet_gateway_id" { + value = aws_internet_gateway.igw.id + description = "The ID of the Internet Gateway attached to the VPC." } diff --git a/terraforn/modules/vpc/variables.tf b/terraforn/modules/vpc/variables.tf index 76eb31b..9962925 100644 --- a/terraforn/modules/vpc/variables.tf +++ b/terraforn/modules/vpc/variables.tf @@ -1,4 +1,4 @@ -variable "cidr_block" { +variable "vpc_cidr" { description = "The CIDR block for the VPC." type = string } @@ -14,6 +14,11 @@ variable "private_subnet_cidrs" { } variable "availability_zones" { - description = "A list of availability zones in the region." + description = "A list of availability zones in which to create subnets." type = list(string) } + +variable "cluster_name" { + description = "The name of the Kubernetes cluster. Used for tagging." + type = string +} diff --git a/terraforn/variables.tf b/terraforn/variables.tf index 903df79..a48b08e 100644 --- a/terraforn/variables.tf +++ b/terraforn/variables.tf @@ -1,10 +1,36 @@ variable "aws_region" { + description = "The AWS region to deploy resources into" + type = string + default = "us-west-2" +} + +variable "vpc_cidr" { + description = "The CIDR block for the VPC" + type = string +} + +variable "instance_type" { + description = "The instance type to use for Kubernetes nodes" + type = string +} + +variable "ami_id" { + description = "The AMI ID to use for Kubernetes nodes" type = string - description = "AWS region to deploy the resources" - default = "us-east-2" } variable "cluster_name" { + description = "The name of the Kubernetes cluster" + type = string +} + +variable "helm_chart" { + description = "The Helm chart to be deployed" + type = string +} + +variable "helm_version" { + description = "The version of the Helm chart to be deployed" type = string - description = "rocs-cilium-testing" + default = "latest" } diff --git a/terraforn/versions.tf b/terraforn/versions.tf index 92f5e50..35576bb 100644 --- a/terraforn/versions.tf +++ b/terraforn/versions.tf @@ -6,10 +6,6 @@ terraform { source = "hashicorp/aws" version = "~> 3.0" } - kubernetes = { - source = "hashicorp/kubernetes" - version = "~> 2.0" - } helm = { source = "hashicorp/helm" version = "~> 2.0" @@ -21,11 +17,5 @@ provider "aws" { region = var.aws_region } -provider "kubernetes" { - # TODO setup provider -} - -provider "helm" { - # TODO setup provider - # Configuration for Helm provider, used for deploying Grafana or Cilium -} +# provider "helm" { +# }