presentium · Lutonite · Aug 7, 2024 · Aug 7, 2024 · Aug 7, 2024
@@ -31,15 +31,7 @@ jobs:
         run: |-
           echo "${{ secrets.INFRASTRUCTURE_TFVARS }}" | base64 -d > infrastructure/secrets.auto.tfvars
 
-      - uses: dorny/paths-filter@v3
-        id: changes
-        with:
-          filters: |-
-            context:
-              - 'infrastructure/**'
-
       - name: terraform apply
         uses: ./.github/actions/terraform-apply
-        if: steps.changes.outputs.context == 'true'
         with:
           path: infrastructure
@@ -15,8 +15,7 @@ module "eks" {
 
   cluster_name = local.project_name
 
-  rds_database_name = local.project_name
-
+  rds_database_name  = module.rds.cluster_name
   iam_admin_role_arn = module.iam.eks_admin_role_arn
 
   vpc_id         = module.vpc.vpc_id
@@ -61,5 +60,5 @@ module "argocd" {
     aws = aws
   }
 
-  cluster_name = local.project_name
+  eks_cluster_name = module.eks.cluster_name
 }
@@ -1 +1 @@
-variable "cluster_name" {}
+variable "eks_cluster_name" {}
@@ -13,7 +13,7 @@ resource "null_resource" "argocd_apply_once" {
 
   provisioner "local-exec" {
     command = <<-EOT
-      aws eks update-kubeconfig --region ${data.aws_region.current.name} --name ${var.cluster_name} &&
+      aws eks update-kubeconfig --region ${data.aws_region.current.name} --name ${var.eks_cluster_name} &&
       kustomize build ${path.module} --enable-helm | kubectl apply -f -
     EOT
   }

@@ -1,6 +1,2 @@
-data "aws_eks_cluster_auth" "this" {
-  name = module.eks.cluster_name
-}
-
 data "aws_region" "current" {}
 data "aws_caller_identity" "current" {}
@@ -3,17 +3,16 @@ output "custer_endpoint" {
   value       = module.eks.cluster_endpoint
 }
 
+output "cluster_name" {
+  description = "EKS cluster name"
+  value       = module.eks.cluster_name
+}
+
 output "cluster_ca_certificate" {
   description = "EKS Kubernetes API CA certificate"
   value       = module.eks.cluster_certificate_authority_data
 }
 
-output "cluster_token" {
-  description = "EKS Kubernetes API token"
-  value       = data.aws_eks_cluster_auth.this.token
-  sensitive   = true
-}
-
 output "sops_irsa_arn" {
   description = "IAM role ARN for SOPS KMS"
   value       = module.sops_kms_irsa.iam_role_arn

@@ -67,14 +67,27 @@ module "eks" {
       principal_arn     = var.iam_admin_role_arn
 
       policy_associations = {
-        example = {
-          policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSViewPolicy"
+        admin = {
+          policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
           access_scope = {
             type = "cluster"
           }
         }
       }
-    }
+    },
+    cicd = {
+      kubernetes_groups = ["system:masters"]
+      principal_arn     = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/cicd"
+
+      policy_associations = {
+        edit = {
+          policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSEditPolicy"
+          access_scope = {
+            type = "cluster"
+          }
+        }
+      }
+    },
   }
 
   tags = { "karpenter.sh/discovery" = local.cluster_name }

@@ -21,8 +21,8 @@ data "aws_iam_policy_document" "assume_role_policy" {
     effect  = "Allow"
     actions = ["sts:AssumeRole"]
     principals {
-      identifiers = [for user in keys(local.users) : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:user/${user}"]
       type        = "AWS"
+      identifiers = [for user in keys(local.users) : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:user/${user}"]
     }
   }
 }

@@ -0,0 +1,4 @@
+output "cluster_name" {
+  description = "RDS cluster name"
+  value       = module.database.cluster_database_name
+}
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		variable "cluster_name" {}
		variable "eks_cluster_name" {}