Skip to content

Added features necessary to support the new zero apply command #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bmonkman merged 2 commits into from
Jun 24, 2020
Merged

Added features necessary to support the new zero apply command #45

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d03b86a
Added features necessary to support the new zero apply command
bmonkman Jun 23, 2020
2fd4918
Removed duplicate param in zero module and changed to use 1.16 eks ami
bmonkman Jun 23, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@

run:
@echo Done
cd $(PROJECT_DIR) && AUTO_APPROVE="-auto-approve" make

15 changes: 8 additions & 7 deletions templates/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,28 +2,29 @@ ENVIRONMENT ?= staging

apply: apply-remote-state apply-secrets apply-env apply-k8s-utils

## remove state file only if exit code 0 from terraform apply
apply-remote-state:
aws s3 ls <% .Name %>-$(ENVIRONMENT)-terraform-state || (\
pushd terraform/bootstrap/remote-state && \
terraform init && \
terraform apply -var "environment=$(ENVIRONMENT)" && \
rm ./terraform.tfstate
terraform apply -var "environment=$(ENVIRONMENT)" $(AUTO_APPROVE) && \
rm ./terraform.tfstate)

apply-secrets:
aws iam list-access-keys --user-name <% .Name %>-ci-user > /dev/null || (\
pushd terraform/bootstrap/secrets && \
terraform init && \
terraform apply && \
rm ./terraform.tfstate
terraform apply $(AUTO_APPROVE) && \
rm ./terraform.tfstate)

apply-env:
pushd terraform/environments/$(ENVIRONMENT); \
terraform init && \
terraform apply
terraform apply $(AUTO_APPROVE)

apply-k8s-utils: update-k8s-conf
pushd kubernetes/terraform/environments/$(ENVIRONMENT) && \
terraform init && \
terraform apply
terraform apply $(AUTO_APPROVE)

update-k8s-conf:
aws eks --region <% index .Params `region` %> update-kubeconfig --name <% .Name %>-$(ENVIRONMENT)-<% index .Params `region` %>
Expand Down
2 changes: 1 addition & 1 deletion templates/terraform/bootstrap/secrets/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ resource "aws_iam_access_key" "ci_user" {
module "ci_user_keys" {
source = "../../modules/secret"

name_prefix = "ci-user-aws-keys"
name = "ci-user-aws-keys<% index .Params `randomSeed` %>"
Copy link
Copy Markdown
Contributor

@cjhawkins cjhawkins Jun 23, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a general question... is randomSeed used to create a unique namespace that modules share for secrets, or does it actually get used as a seed in random number generation by the modules?

Copy link
Copy Markdown
Contributor Author

@bmonkman bmonkman Jun 23, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It just gets used as a suffix for the secret name, as secrets have an annoying behaviour where they are not fully deleted, so if you delete a secret and then try to use the same name again it fails. Not a big deal in the real world but it's annoying for testing.

type = "map"
values = map("access_key_id", aws_iam_access_key.ci_user.id, "secret_key", aws_iam_access_key.ci_user.secret)
tags = map("project", local.project)
Expand Down
2 changes: 1 addition & 1 deletion templates/terraform/environments/production/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ module "production" {
ecr_repositories = [] # Should be created by the staging environment

# EKS configuration
eks_cluster_version = "1.15"
eks_cluster_version = "1.16"
eks_worker_instance_type = "t3.medium"
eks_worker_asg_min_size = 2
eks_worker_asg_max_size = 4
Expand Down
2 changes: 1 addition & 1 deletion templates/terraform/environments/staging/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ module "staging" {
ecr_repositories = [ "<% .Name %>" ]

# EKS configuration
eks_cluster_version = "1.15"
eks_cluster_version = "1.16"
eks_worker_instance_type = "t3.medium"
eks_worker_asg_min_size = 1
eks_worker_asg_max_size = 3
Expand Down
2 changes: 1 addition & 1 deletion templates/terraform/modules/eks/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ provider "kubernetes" {

module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "10.0.0"
version = "12.1.0"

cluster_name = var.cluster_name
cluster_version = var.cluster_version
Expand Down
1 change: 1 addition & 0 deletions templates/terraform/modules/secret/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Add the keys to AWS secrets manager
resource "aws_secretsmanager_secret" "secret" {
name_prefix = var.name_prefix
name = var.name
tags = var.tags
}

Expand Down
8 changes: 6 additions & 2 deletions templates/terraform/modules/secret/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
variable "name" {
default = ""
description = "The name of the secret in Secrets Manager (only one of name or name_prefix can be specified)"
}
variable "name_prefix" {
default = "secret-key"
description = "The name prefix of the secret in Secrets Manager"
default = ""
description = "The name prefix of the secret in Secrets Manager - a random suffix will be appended (only one of name or name_prefix can be specified)"
}

variable type {
Expand Down
5 changes: 4 additions & 1 deletion zero-module.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,5 +43,8 @@ parameters:
execute: aws sts get-caller-identity --query "Account" | tr -d '"'
- field: eksWorkerAMI
label: EKS Worker EC2 AMI ID
execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.15/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"'
execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.16/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"'
- field: randomSeed
label: Random seed that will be shared between projects to come up with deterministic resource names
execute: uuidgen