make MSK and RDS optional configuration

RADAR-base · Oct 30, 2023 · 2f5fec9 · 2f5fec9
1 parent c7a0b70
commit 2f5fec9
Show file tree

Hide file tree

Showing 10 changed files with 276 additions and 215 deletions.
diff --git a/README.md b/README.md
@@ -18,24 +18,49 @@ export TF_VAR_AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
 export TF_VAR_AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN
 ```
 
-## Workspaces
-The definition of resources required for running RADAR-base components is located in the `cluster` directory, while other optional resources are defined in the `config` directory. Please treat each directory as a separate workspace and perform terraform operations individually. The `cluster` resources need to be created and fully available before you proceed with the creation of the `config` ones.
-
 ## Configure your domain name (optional)
 To get DNS and SMTP working, you need to replace `change-me-radar-base-dummy-domain.net` with your registered second-level domain name for variable `domain_name` in `variables.tf`.
 
-## Initialise the infrastructure directory
+## Workspaces
+The definition of resources required for running RADAR-base components is located in the `cluster` directory, while other optional resources are defined in the `config` directory. Please treat each directory as a separate workspace and perform terraform operations individually. The `cluster` resources need to be created and fully available before you proceed with the creation of the `config` ones.
+
+## Create the infrastructure
 ```
-terraform init
+cd cluster
 ```
+```
+# Initialise the working directory
 
-## Review the changes going to be made 
+terraform init
+```
 ```
+# Review the changes going to be made 
+
 terraform plan
 ```
+```
+# Create/update the infrastructure
+
+terraform apply --auto-approve
+```
 
-## Create/update the infrastructure
+## Configure the cluster (optional)
+```
+cd config
+```
+```
+# Initialise the working directory
+
+terraform init
 ```
+```
+# Review the changes going to be made 
+
+terraform plan
+```
+```
+# Create/update the infrastructure
+
 terraform apply --auto-approve
 ```
 

diff --git a/cluster/eks.tf b/cluster/eks.tf
@@ -38,9 +38,9 @@ module "external_dns_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.0"
 
-  role_name                     = "${var.environment}-radar-base-external-dns-irsa"
-  attach_external_dns_policy    = true
-  external_dns_hosted_zone_arns = ["arn:aws:route53:::hostedzone/${aws_route53_zone.primary.id}"]
+  role_name                  = "${var.environment}-radar-base-external-dns-irsa"
+  attach_external_dns_policy = true
+  # external_dns_hosted_zone_arns = ["arn:aws:route53:::hostedzone/${aws_route53_zone.primary.id}"]
 
   oidc_providers = {
     ex = {
@@ -56,9 +56,9 @@ module "cert_manager_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
   version = "~> 5.0"
 
-  role_name                     = "${var.environment}-radar-base-cert-manager-irsa"
-  attach_cert_manager_policy    = true
-  cert_manager_hosted_zone_arns = ["arn:aws:route53:::hostedzone/${aws_route53_zone.primary.id}"]
+  role_name                  = "${var.environment}-radar-base-cert-manager-irsa"
+  attach_cert_manager_policy = true
+  # cert_manager_hosted_zone_arns = ["arn:aws:route53:::hostedzone/${aws_route53_zone.primary.id}"]
 
   oidc_providers = {
     main = {

diff --git a/cluster/provider.tf b/cluster/provider.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "< 5.0.0"
+      version = "~> 5.0"
     }
     postgresql = {
       source  = "cyrilgdn/postgresql"

diff --git a/cluster/variables.tf b/cluster/variables.tf
@@ -35,7 +35,7 @@ variable "common_tags" {
 
 variable "eks_cluster_version" {
   type    = string
-  default = "1.26"
+  default = "1.27"
 }
 
 variable "eks_addon_version" {
@@ -50,7 +50,7 @@ variable "eks_addon_version" {
 
 variable "instance_types" {
   type    = list(any)
-  default = ["m5a.large", "m5.large", "m5a.xlarge", "m5.xlarge"]
+  default = ["m5a.large", "m5d.large", "m5a.large", "m5ad.large", "m4.large"]
 }
 
 variable "instance_capacity_type" {
@@ -67,7 +67,7 @@ variable "dmz_node_size" {
   type = map(number)
   default = {
     "desired" = 1
-    "min"     = 1
+    "min"     = 0
     "max"     = 2
   }
 }
@@ -76,7 +76,7 @@ variable "worker_node_size" {
   type = map(number)
   default = {
     "desired" = 2
-    "min"     = 1
+    "min"     = 0
     "max"     = 10
   }
 }
@@ -95,21 +95,3 @@ variable "domain_name" {
   type    = string
   default = "change-me-radar-base-dummy-domain.net"
 }
-
-variable "management_portal_postgres_password" {
-  type      = string
-  default   = "change_me"
-  sensitive = true
-}
-
-variable "radar_appserver_postgres_password" {
-  type      = string
-  default   = "change_me"
-  sensitive = true
-}
-
-variable "radar_rest_sources_backend_postgres_password" {
-  type      = string
-  default   = "change_me"
-  sensitive = true
-}
diff --git a/cluster/vpc.tf b/cluster/vpc.tf
@@ -1,6 +1,6 @@
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "3.19.0"
+  version = "~> 5.0"
 
   name = "${var.environment}-${var.eks_cluster_base_name}-vpc"
   cidr = "10.0.0.0/16"
@@ -10,11 +10,13 @@ module "vpc" {
     "${var.AWS_REGION}b",
     "${var.AWS_REGION}c",
   ]
+
   private_subnets = [
     "10.0.0.0/19",
     "10.0.32.0/19",
     "10.0.64.0/19",
   ]
+
   public_subnets = [
     "10.0.96.0/19",
     "10.0.128.0/19",
@@ -25,20 +27,23 @@ module "vpc" {
     "kubernetes.io/role/elb" = "1"
     "subnet-type"            = "public"
   }
+
   private_subnet_tags = {
     "kubernetes.io/role/internal-elb" = "1"
     "subnet-type"                     = "private"
     "karpenter.sh/discovery"          = "${var.environment}-${var.eks_cluster_base_name}"
   }
 
-  enable_nat_gateway     = true
-  single_nat_gateway     = true
-  one_nat_gateway_per_az = false
+  enable_nat_gateway      = true
+  single_nat_gateway      = true
+  one_nat_gateway_per_az  = false
+  map_public_ip_on_launch = true
 
   enable_dns_hostnames = true
   enable_dns_support   = true
 
-  tags = merge(tomap({ "Name" : "${var.environment}-${var.eks_cluster_base_name}-vpc" }), var.common_tags)
+  default_security_group_tags = merge(tomap({ "Name" : "${var.environment}-${var.eks_cluster_base_name}-vpc-default-sg" }), var.common_tags)
+  tags                        = merge(tomap({ "Name" : "${var.environment}-${var.eks_cluster_base_name}-vpc" }), var.common_tags)
 }
 
 output "radar_base_vpc_public_subnets" {

diff --git a/config/data.tf b/config/data.tf
@@ -0,0 +1,36 @@
+variable "kafka_version" {
+  type    = string
+  default = "3.2.0"
+}
+
+data "aws_vpc" "main" {
+  filter {
+    name   = "tag:Name"
+    values = ["${var.cluster_name}-vpc"]
+  }
+}
+
+data "aws_subnets" "private" {
+  filter {
+    name   = "tag:Name"
+    values = ["${var.cluster_name}-vpc"]
+  }
+  filter {
+    name   = "tag:subnet-type"
+    values = ["private"]
+  }
+}
+
+data "aws_security_group" "node" {
+  filter {
+    name   = "tag:Name"
+    values = ["${var.cluster_name}-node"]
+  }
+}
+
+data "aws_security_group" "vpc_default" {
+  filter {
+    name   = "tag:Name"
+    values = ["${var.cluster_name}-vpc-default-sg"]
+  }
+}