csi s3 in add list

opszero · Jul 30, 2024 · 9d213b9 · 9d213b9
1 parent f3cc618
commit 9d213b9
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 60 deletions.
diff --git a/examples/eks/main.tf b/examples/eks/main.tf
@@ -37,8 +37,19 @@ module "opszero-eks" {
 
   cluster_version  = "1.27"
   environment_name = local.environment_name
+  iam_users = {
+    "[email protected]" = {
+      rbac_groups = [
+        "system:masters"
+      ]
+    },
+    "bitbucket-deployer" = {
+      rbac_groups = [
+        "system:masters"
+      ]
+    },
 
-
+  }
   cidr_block = "10.3.0.0/16"
   cidr_block_public_subnet = [
     "10.3.0.0/18",
@@ -48,16 +59,7 @@ module "opszero-eks" {
     "10.3.128.0/18",
     "10.3.192.0/18",
   ]
-asg_nodes = {
-  "test" = {
-    nodes_desired_capacity  = 2
-    nodes_max_size          = 5
-    nodes_min_size          = 1
-    node_disk_encrypted     = true
-    node_disk_size          = 32
-    nodes_in_public_subnet  = false
-  }
-}
+
   node_groups = {
     "t3a-medium-spot" = {
       # Have to use a custom launch template to get encrypted root volumes.
@@ -92,7 +94,7 @@ asg_nodes = {
   efs_enabled           = false
   #csi
   s3_csi_driver_enabled = false
-  csi_bucket_name       = "test-6647373dd" #name of s3
+  csi_bucket_names       = ["test-6647373dd"] #name of s3
 }
 
 module "helm-common" {

diff --git a/iam.tf b/iam.tf
@@ -400,9 +400,7 @@ resource "aws_iam_policy" "s3_policy" {
         Action = [
           "s3:ListBucket"
         ],
-        Resource = [
-          "arn:aws:s3:::${var.csi_bucket_name}"
-        ],
+        Resource = [for bucket in var.csi_bucket_names : "arn:aws:s3:::$bucket"]
       },
       {
         Sid    = "MountpointFullObjectAccess",
@@ -413,9 +411,7 @@ resource "aws_iam_policy" "s3_policy" {
           "s3:AbortMultipartUpload",
           "s3:DeleteObject",
         ],
-        Resource = [
-          "arn:aws:s3:::${var.csi_bucket_name}/*"
-        ],
+        Resource = [for bucket in var.csi_bucket_names : "arn:aws:s3:::$bucket/*"]
       },
     ],
   })

diff --git a/node.tf b/node.tf
@@ -12,62 +12,47 @@ set -o xtrace
 USERDATA
 }
 
+resource "aws_launch_configuration" "asg_nodes" {
+  for_each = var.asg_nodes
 
-
-
-
-resource "aws_launch_template" "asg_encrypted_launch_template" {
-  for_each = var.asg_nodes != null ? { for k, v in var.asg_nodes : k => v if lookup(v, "node_disk_encrypted", false) == true } : {}
-
-  name_prefix = "${var.environment_name}-${each.key}"
-  image_id    = data.aws_ssm_parameter.eks_ami.value
-  user_data   = base64encode(local.node-userdata)
+  iam_instance_profile = aws_iam_instance_profile.node.name
+  image_id             = data.aws_ssm_parameter.eks_ami.value
+  instance_type        = each.value.instance_type
+  name_prefix          = "${var.environment_name}-nodes-${each.key}"
+  spot_price           = each.value.spot_price
+  security_groups = [
+    aws_eks_cluster.cluster.vpc_config[0].cluster_security_group_id,
+    aws_security_group.node.id
+  ]
+  user_data_base64            = base64encode(local.node-userdata)
+  associate_public_ip_address = each.value.nodes_in_public_subnet
 
   metadata_options {
     http_endpoint = "enabled"
     http_tokens   = "required"
   }
 
-  monitoring {
-    enabled = true
+  root_block_device {
+    volume_size = each.value.node_disk_size
+    encrypted   = true
   }
 
-  block_device_mappings {
-    device_name = "/dev/xvda"
-    no_device   = true
-    ebs {
-      delete_on_termination = true
-      volume_size           = 2
-      volume_type           = "gp3"
-      encrypted             = true
-    }
-  }
-
-  block_device_mappings {
-    device_name = "/dev/xvdb"
-    no_device   = true
-    ebs {
-      delete_on_termination = true
-      volume_size           = lookup(each.value, "node_disk_size", 32)
-      volume_type           = "gp3"
-      encrypted             = true
-    }
+  lifecycle {
+    create_before_destroy = true
   }
 }
 
 resource "aws_autoscaling_group" "asg_nodes" {
   for_each = var.asg_nodes
 
   desired_capacity      = each.value.nodes_desired_capacity
-  launch_template {
-    id    = aws_launch_template.asg_encrypted_launch_template[each.key].id
-    version = aws_launch_template.asg_encrypted_launch_template[each.key].latest_version
-  }
+  launch_configuration  = aws_launch_configuration.asg_nodes[each.key].id
   max_size              = each.value.nodes_max_size
   min_size              = each.value.nodes_min_size
   name                  = "${var.environment_name}-nodes-${each.key}"
+  max_instance_lifetime = each.value.max_instance_lifetime
 
-  vpc_zone_identifier = aws_subnet.public.*.id
+  vpc_zone_identifier = length(each.value.subnet_ids) == 0 ? (each.value.nodes_in_public_subnet ? aws_subnet.public.*.id : aws_subnet.private.*.id) : each.value.subnet_ids
 
   enabled_metrics = lookup(each.value, "node_enabled_metrics", [
     "GroupDesiredCapacity",
@@ -115,4 +100,4 @@ resource "aws_autoscaling_group" "asg_nodes" {
     value               = var.environment_name
     propagate_at_launch = true
   }
-}
+}
diff --git a/node_groups.tf b/node_groups.tf
@@ -42,7 +42,7 @@ resource "aws_launch_template" "encrypted_launch_template" {
     no_device   = true
     ebs {
       delete_on_termination = true
-      volume_size           = 2
+      volume_size           = 32
       volume_type           = "gp3"
       encrypted             = true
     }

diff --git a/variables.tf b/variables.tf
@@ -306,7 +306,46 @@ variable "metrics_server_version" {
 
 variable "asg_nodes" {
   description = "Map of ASG node configurations"
-  default = {}
+  type = map(object({
+    instance_type          = string
+    max_instance_lifetime  = number
+    nodes_desired_capacity = number
+    nodes_max_size         = number
+    nodes_min_size         = number
+    nodes_in_public_subnet = bool
+    node_disk_size         = number
+    node_enabled_metrics   = list(string)
+    spot_price             = string
+    subnet_ids             = list(string)
+  }))
+  default = {
+    #   nodegreen = {
+    #     instance_type           = "t2.micro"
+    #     max_instance_lifetime   = 7200
+    #     nodes_desired_capacity  = 2
+    #     nodes_max_size          = 3
+    #     nodes_min_size          = 1
+    #     nodes_in_public_subnet  = true
+    #     node_disk_size          = 20
+    #     node_enabled_metrics    = [
+    #       "GroupDesiredCapacity",
+    #       "GroupInServiceCapacity",
+    #       "GroupInServiceInstances",
+    #       "GroupMaxSize",
+    #       "GroupMinSize",
+    #       "GroupPendingCapacity",
+    #       "GroupPendingInstances",
+    #       "GroupStandbyCapacity",
+    #       "GroupStandbyInstances",
+    #       "GroupTerminatingCapacity",
+    #       "GroupTerminatingInstances",
+    #       "GroupTotalCapacity",
+    #       "GroupTotalInstances"
+    #     ]
+    #     spot_price              = "0.05"
+    #     subnet_ids              = []
+    #   }
+  }
 }
 
 variable "node_groups" {
@@ -410,8 +449,8 @@ variable "s3_csi_driver_enabled" {
   default     = false
 }
 
-variable "csi_bucket_name" {
+variable "csi_bucket_names" {
   description = "The name of the S3 bucket for the CSI driver"
-  type        = string
-  default     = ""
+  type        = list(string)
+  default     = [""]
 }