mirror of
https://github.com/jlengrand/engine.git
synced 2026-03-10 08:11:21 +00:00
wip: add ec2 subnets
This commit is contained in:
Romaric Philogene
committed by
Benjamin Chastanier
Benjamin Chastanier
parent
d29de40e26
commit
ab77b8f46f
10
lib/aws/bootstrap-eks/backend.j2.tf
Normal file
10
lib/aws/bootstrap-eks/backend.j2.tf
Normal file
@@ -0,0 +1,10 @@
|
||||
terraform {
|
||||
backend "s3" {
|
||||
access_key = "{{ aws_access_key_tfstates_account }}"
|
||||
secret_key = "{{ aws_secret_key_tfstates_account }}"
|
||||
bucket = "{{ aws_terraform_backend_bucket }}"
|
||||
key = "{{ kubernetes_cluster_id }}/{{ aws_terraform_backend_bucket }}.tfstate"
|
||||
dynamodb_table = "{{ aws_terraform_backend_dynamodb_table }}"
|
||||
region = "{{ aws_region_tfstates_account }}"
|
||||
}
|
||||
}
|
||||
81
lib/aws/bootstrap-eks/documentdb.tf
Normal file
81
lib/aws/bootstrap-eks/documentdb.tf
Normal file
@@ -0,0 +1,81 @@
|
||||
locals {
|
||||
tags_documentdb = merge(
|
||||
aws_eks_cluster.eks_cluster.tags,
|
||||
{
|
||||
"Service" = "DocumentDB"
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
# Network
|
||||
|
||||
resource "aws_subnet" "documentdb_zone_a" {
|
||||
count = length(var.documentdb_subnets_zone_a)
|
||||
|
||||
availability_zone = var.aws_availability_zones[0]
|
||||
cidr_block = var.documentdb_subnets_zone_a[count.index]
|
||||
vpc_id = aws_vpc.eks.id
|
||||
|
||||
tags = local.tags_documentdb
|
||||
}
|
||||
|
||||
resource "aws_subnet" "documentdb_zone_b" {
|
||||
count = length(var.documentdb_subnets_zone_b)
|
||||
|
||||
availability_zone = var.aws_availability_zones[1]
|
||||
cidr_block = var.documentdb_subnets_zone_b[count.index]
|
||||
vpc_id = aws_vpc.eks.id
|
||||
|
||||
tags = local.tags_documentdb
|
||||
}
|
||||
|
||||
resource "aws_subnet" "documentdb_zone_c" {
|
||||
count = length(var.documentdb_subnets_zone_c)
|
||||
|
||||
availability_zone = var.aws_availability_zones[2]
|
||||
cidr_block = var.documentdb_subnets_zone_c[count.index]
|
||||
vpc_id = aws_vpc.eks.id
|
||||
|
||||
tags = local.tags_documentdb
|
||||
}
|
||||
|
||||
resource "aws_route_table_association" "documentdb_cluster_zone_a" {
|
||||
count = length(var.documentdb_subnets_zone_a)
|
||||
|
||||
subnet_id = aws_subnet.documentdb_zone_a.*.id[count.index]
|
||||
route_table_id = aws_route_table.eks_cluster.id
|
||||
}
|
||||
|
||||
resource "aws_route_table_association" "documentdb_cluster_zone_b" {
|
||||
count = length(var.documentdb_subnets_zone_b)
|
||||
|
||||
subnet_id = aws_subnet.documentdb_zone_b.*.id[count.index]
|
||||
route_table_id = aws_route_table.eks_cluster.id
|
||||
}
|
||||
|
||||
resource "aws_route_table_association" "documentdb_cluster_zone_c" {
|
||||
count = length(var.documentdb_subnets_zone_c)
|
||||
|
||||
subnet_id = aws_subnet.documentdb_zone_c.*.id[count.index]
|
||||
route_table_id = aws_route_table.eks_cluster.id
|
||||
}
|
||||
|
||||
resource "aws_docdb_subnet_group" "documentdb" {
|
||||
description = "DocumentDB linked to ${var.kubernetes_cluster_id}"
|
||||
name = "documentdb-${aws_vpc.eks.id}"
|
||||
subnet_ids = flatten([aws_subnet.documentdb_zone_a.*.id, aws_subnet.documentdb_zone_b.*.id, aws_subnet.documentdb_zone_c.*.id])
|
||||
|
||||
tags = local.tags_documentdb
|
||||
}
|
||||
|
||||
# Todo: create a bastion to avoid this
|
||||
|
||||
resource "aws_security_group_rule" "documentdb_remote_access" {
|
||||
cidr_blocks = ["0.0.0.0/0"]
|
||||
description = "Allow DocumentDB incoming access from anywhere"
|
||||
from_port = 27017
|
||||
protocol = "tcp"
|
||||
security_group_id = aws_security_group.eks_cluster_workers.id
|
||||
to_port = 27017
|
||||
type = "ingress"
|
||||
}
|
||||
42
lib/aws/bootstrap-eks/eks-vpc-common.j2.tf
Normal file
42
lib/aws/bootstrap-eks/eks-vpc-common.j2.tf
Normal file
@@ -0,0 +1,42 @@
|
||||
data "aws_availability_zones" "available" {}
|
||||
|
||||
locals {
|
||||
tags_eks_vpc = merge(
|
||||
local.tags_common,
|
||||
{
|
||||
Name = "qovery-eks-workers",
|
||||
"kubernetes.io/cluster/qovery-${var.kubernetes_cluster_id}" = "shared",
|
||||
"kubernetes.io/role/elb" = 1,
|
||||
{% if resource_expiration_in_seconds is defined %}ttl = var.resource_expiration_in_seconds,{% endif %}
|
||||
}
|
||||
)
|
||||
|
||||
tags_eks_vpc_public = merge(
|
||||
local.tags_eks_vpc,
|
||||
{
|
||||
"Public" = "true"
|
||||
}
|
||||
)
|
||||
|
||||
tags_eks_vpc_private = merge(
|
||||
local.tags_eks,
|
||||
{
|
||||
"Public" = "false"
|
||||
}
|
||||
)
|
||||
}
|
||||
|
||||
# VPC
|
||||
resource "aws_vpc" "eks" {
|
||||
cidr_block = var.vpc_cidr_block
|
||||
enable_dns_hostnames = true
|
||||
|
||||
tags = local.tags_eks_vpc
|
||||
}
|
||||
|
||||
# Internet gateway
|
||||
resource "aws_internet_gateway" "eks_cluster" {
|
||||
vpc_id = aws_vpc.eks.id
|
||||
|
||||
tags = local.tags_eks_vpc
|
||||
}
|
||||
75
lib/aws/bootstrap-eks/eks-vpc-without-nat-gateways.j2.tf
Normal file
75
lib/aws/bootstrap-eks/eks-vpc-without-nat-gateways.j2.tf
Normal file
@@ -0,0 +1,75 @@
|
||||
{% if vpc_qovery_network_mode == "WithoutNatGateways" %}
|
||||
# Public subnets
|
||||
resource "aws_subnet" "eks_zone_a" {
|
||||
count = length(var.eks_subnets_zone_a_private)
|
||||
|
||||
availability_zone = var.aws_availability_zones[0]
|
||||
cidr_block = var.eks_subnets_zone_a_private[count.index]
|
||||
vpc_id = aws_vpc.eks.id
|
||||
map_public_ip_on_launch = true
|
||||
|
||||
tags = local.tags_eks_vpc
|
||||
}
|
||||
|
||||
resource "aws_subnet" "eks_zone_b" {
|
||||
count = length(var.eks_subnets_zone_b_private)
|
||||
|
||||
availability_zone = var.aws_availability_zones[1]
|
||||
cidr_block = var.eks_subnets_zone_b_private[count.index]
|
||||
vpc_id = aws_vpc.eks.id
|
||||
map_public_ip_on_launch = true
|
||||
|
||||
tags = local.tags_eks_vpc
|
||||
}
|
||||
|
||||
resource "aws_subnet" "eks_zone_c" {
|
||||
count = length(var.eks_subnets_zone_c_private)
|
||||
|
||||
availability_zone = var.aws_availability_zones[2]
|
||||
cidr_block = var.eks_subnets_zone_c_private[count.index]
|
||||
vpc_id = aws_vpc.eks.id
|
||||
map_public_ip_on_launch = true
|
||||
|
||||
tags = local.tags_eks_vpc
|
||||
}
|
||||
|
||||
resource "aws_route_table" "eks_cluster" {
|
||||
vpc_id = aws_vpc.eks.id
|
||||
|
||||
route {
|
||||
cidr_block = "0.0.0.0/0"
|
||||
gateway_id = aws_internet_gateway.eks_cluster.id
|
||||
}
|
||||
|
||||
// todo(pmavro): add tests for it when it will be available in the SDK
|
||||
{% for route in vpc_custom_routing_table %}
|
||||
route {
|
||||
cidr_block = "{{ route.destination }}"
|
||||
gateway_id = "{{ route.target }}"
|
||||
}
|
||||
{% endfor %}
|
||||
|
||||
tags = local.tags_eks_vpc
|
||||
}
|
||||
|
||||
resource "aws_route_table_association" "eks_cluster_zone_a" {
|
||||
count = length(var.eks_subnets_zone_a_private)
|
||||
|
||||
subnet_id = aws_subnet.eks_zone_a.*.id[count.index]
|
||||
route_table_id = aws_route_table.eks_cluster.id
|
||||
}
|
||||
|
||||
resource "aws_route_table_association" "eks_cluster_zone_b" {
|
||||
count = length(var.eks_subnets_zone_b_private)
|
||||
|
||||
subnet_id = aws_subnet.eks_zone_b.*.id[count.index]
|
||||
route_table_id = aws_route_table.eks_cluster.id
|
||||
}
|
||||
|
||||
resource "aws_route_table_association" "eks_cluster_zone_c" {
|
||||
count = length(var.eks_subnets_zone_c_private)
|
||||
|
||||
subnet_id = aws_subnet.eks_zone_c.*.id[count.index]
|
||||
route_table_id = aws_route_table.eks_cluster.id
|
||||
}
|
||||
{% endif %}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user