update with more metadata on example

Signed-off-by: Carlos Santana <csantana23@gmail.com>

Author: csantanapr

argocd/iac/terraform/examples/eks/aws-secrets-manager/main.tf

@@ -1,6 +1,7 @@
 provider "aws" {
   region = local.region
 }
+data "aws_caller_identity" "current" {}
 data "aws_availability_zones" "available" {}
 
 provider "bcrypt" {}
@@ -44,9 +45,10 @@ provider "kubernetes" {
 }
 
 locals {
-  name        = "ex-${replace(basename(path.cwd), "_", "-")}"
-  environment = "dev"
-  region      = "us-west-2"
+  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
+  environment     = "dev"
+  region          = "us-west-2"
+  cluster_version = "1.27"
 
   aws_addons = {
     enable_cert_manager = true
@@ -82,12 +84,16 @@ locals {
     #enable_vpa                                   = true
     #enable_foo                                   = true # you can add any addon here, make sure to update the gitops repo with the corresponding application set
   }
-  addons = merge(local.aws_addons, local.oss_addons)
-
-  addons_metadata = merge({
-    aws_vpc_id = module.vpc.vpc_id # Only required when enabling the aws_gateway_api_controller addon
-    },
-    module.eks_blueprints_addons.gitops_metadata
+  addons = merge(local.aws_addons, local.oss_addons, { kubernetes_version = local.cluster_version })
+
+  addons_metadata = merge(
+    module.eks_blueprints_addons.gitops_metadata,
+    {
+      aws_cluster_name = module.eks.cluster_name
+      aws_region       = local.region
+      aws_account_id   = data.aws_caller_identity.current.account_id
+      aws_vpc_id       = module.vpc.vpc_id
+    }
   )
 
   argocd_bootstrap_app_of_apps = {
@@ -205,7 +211,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.27"
+  cluster_version                = local.cluster_version
   cluster_endpoint_public_access = true
 
 

argocd/iac/terraform/examples/eks/complete/main.tf

@@ -1,9 +1,9 @@
 provider "aws" {
   region = local.region
 }
+data "aws_caller_identity" "current" {}
 data "aws_availability_zones" "available" {}
 
-
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
@@ -43,9 +43,10 @@ provider "kubernetes" {
 }
 
 locals {
-  name        = "ex-${replace(basename(path.cwd), "_", "-")}"
-  environment = "dev"
-  region      = "us-west-2"
+  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
+  environment     = "dev"
+  region          = "us-west-2"
+  cluster_version = "1.27"
 
   aws_addons = {
     enable_cert_manager                          = true
@@ -81,12 +82,19 @@ locals {
     enable_vpa                      = true
     enable_foo                      = true # you can add any addon here, make sure to update the gitops repo with the corresponding application set
   }
-  addons = merge(local.aws_addons, local.oss_addons)
-
-  addons_metadata = merge({
-    aws_vpc_id = module.vpc.vpc_id # Only required when enabling the aws_gateway_api_controller addon
+  addons = merge(local.aws_addons, local.oss_addons, { kubernetes_version = local.cluster_version })
+
+  addons_metadata = merge(
+    module.eks_blueprints_addons.gitops_metadata,
+    {
+      aws_cluster_name = module.eks.cluster_name
+      aws_region       = local.region
+      aws_account_id   = data.aws_caller_identity.current.account_id
+      aws_vpc_id       = module.vpc.vpc_id
     },
-    module.eks_blueprints_addons.gitops_metadata
+    try(local.aws_addons.enable_velero, false) ? {
+      velero_backup_s3_bucket_prefix  = try(local.velero_backup_s3_bucket_prefix,"")
+      velero_backup_s3_bucket_name    = try(local.velero_backup_s3_bucket_name,"") } : {} # Required when enabling addon velero
   )
 
   argocd_bootstrap_app_of_apps = {
@@ -101,6 +109,10 @@ locals {
     Blueprint  = local.name
     GithubRepo = "github.com/csantanapr/terraform-gitops-bridge"
   }
+
+  velero_backup_s3_bucket        = try(split(":", module.velero_backup_s3_bucket.s3_bucket_arn), [])
+  velero_backup_s3_bucket_name   = try(local.velero_backup_s3_bucket[5], "")
+  velero_backup_s3_bucket_prefix = "backups"
 }
 
 ################################################################################
@@ -168,7 +180,7 @@ module "eks_blueprints_addons" {
   aws_node_termination_handler_asg_arns = [for asg in module.eks.self_managed_node_groups : asg.autoscaling_group_arn]
   ## An S3 Bucket ARN is required. This can be declared with or without a Suffix.
   velero = {
-    s3_backup_location = "${module.velero_backup_s3_bucket.s3_bucket_arn}/backups"
+    s3_backup_location = "${try(module.velero_backup_s3_bucket.s3_bucket_arn,"")}/${local.velero_backup_s3_bucket_prefix}"
   }
 
   eks_addons = {
@@ -214,9 +226,10 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.26"
+  cluster_version                = local.cluster_version
   cluster_endpoint_public_access = true
 
+
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -241,7 +254,6 @@ module "eks" {
       desired_size = 3
     }
   }
-
   # EKS Addons
   cluster_addons = {
     vpc-cni = {
@@ -259,11 +271,9 @@ module "eks" {
       })
     }
   }
-
   tags = local.tags
 }
 
-
 ################################################################################
 # Supporting Resources
 ################################################################################
@@ -297,6 +307,8 @@ module "velero_backup_s3_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
   version = "~> 3.0"
 
+  create_bucket = try(local.aws_addons.enable_velero, false)
+
   bucket_prefix = "${local.name}-"
 
   # Allow deletion of non-empty bucket

argocd/iac/terraform/examples/eks/hello-world/main.tf

@@ -43,9 +43,9 @@ provider "kubernetes" {
 }
 
 locals {
-  name        = "ex-${replace(basename(path.cwd), "_", "-")}"
-  environment = "dev"
-  region      = "us-west-2"
+  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
+  environment     = "dev"
+  region          = "us-west-2"
   cluster_version = "1.27"
 
   aws_addons = {
@@ -54,16 +54,16 @@ locals {
     #enable_aws_fsx_csi_driver                    = true
     #enable_aws_cloudwatch_metrics                = true
     #enable_aws_privateca_issuer                  = true
-    enable_cluster_autoscaler                    = true
+    #enable_cluster_autoscaler                    = true
     #enable_external_dns                          = true
     #enable_external_secrets                      = true
     #enable_aws_load_balancer_controller          = true
     #enable_fargate_fluentbit                     = true
     #enable_aws_for_fluentbit                     = true
     #enable_aws_node_termination_handler          = true
-    enable_karpenter                             = true
-    enable_velero                                = true
-    enable_aws_gateway_api_controller            = true
+    #enable_karpenter                             = true
+    #enable_velero                                = true
+    #enable_aws_gateway_api_controller            = true
     #enable_aws_ebs_csi_resources                 = true # generate gp2 and gp3 storage classes for ebs-csi
     #enable_aws_secrets_store_csi_driver_provider = true
   }
@@ -76,25 +76,22 @@ locals {
     #enable_ingress_nginx                         = true
     #enable_kyverno                               = true
     #enable_kube_prometheus_stack                 = true
-    enable_metrics_server                         = true
+    enable_metrics_server = true
     #enable_prometheus_adapter                    = true
     #enable_secrets_store_csi_driver              = true
     #enable_vpa                                   = true
     #enable_foo                                   = true # you can add any addon here, make sure to update the gitops repo with the corresponding application set
   }
-  addons = merge(local.aws_addons, local.oss_addons, {kubernetes_version = local.cluster_version})
+  addons = merge(local.aws_addons, local.oss_addons, { kubernetes_version = local.cluster_version })
 
   addons_metadata = merge(
     module.eks_blueprints_addons.gitops_metadata,
     {
-    aws_cluster_name = module.eks.cluster_name
-    aws_region       = local.region
-    aws_account_id   = data.aws_caller_identity.current.account_id
-    aws_vpc_id       = module.vpc.vpc_id # Required when enabling addon aws_gateway_api_controller
-    },
-    try(local.aws_addons.enable_velero, false) ? {
-      velero_backup_s3_bucket_prefix  = try(local.velero_backup_s3_bucket_prefix,"")
-      velero_backup_s3_bucket_name    = try(local.velero_backup_s3_bucket_name,"") } : {} # Required when enabling addon velero
+      aws_cluster_name = module.eks.cluster_name
+      aws_region       = local.region
+      aws_account_id   = data.aws_caller_identity.current.account_id
+      aws_vpc_id       = module.vpc.vpc_id
+    }
   )
 
   argocd_bootstrap_app_of_apps = {
@@ -109,10 +106,6 @@ locals {
     Blueprint  = local.name
     GithubRepo = "github.com/csantanapr/terraform-gitops-bridge"
   }
-
-  velero_backup_s3_bucket        = try(split(":", module.velero_backup_s3_bucket.s3_bucket_arn), [])
-  velero_backup_s3_bucket_name   = try(local.velero_backup_s3_bucket[5], "")
-  velero_backup_s3_bucket_prefix = "backups"
 }
 
 ################################################################################
@@ -166,12 +159,8 @@ module "eks_blueprints_addons" {
   enable_aws_for_fluentbit            = try(local.aws_addons.enable_aws_for_fluentbit, false)
   enable_aws_node_termination_handler = try(local.aws_addons.enable_aws_node_termination_handler, false)
   enable_karpenter                    = try(local.aws_addons.enable_karpenter, false)
-  enable_aws_gateway_api_controller   = try(local.aws_addons.enable_aws_gateway_api_controller, false)
   enable_velero                       = try(local.aws_addons.enable_velero, false)
-  ## An S3 Bucket ARN is required. This can be declared with or without a Suffix.
-  velero = {
-    s3_backup_location = "${try(module.velero_backup_s3_bucket.s3_bucket_arn,"")}/${local.velero_backup_s3_bucket_prefix}"
-  }
+  enable_aws_gateway_api_controller   = try(local.aws_addons.enable_aws_gateway_api_controller, false)
 
   tags = local.tags
 }
@@ -248,48 +237,3 @@ module "vpc" {
 
   tags = local.tags
 }
-
-################################################################################
-# Velero
-################################################################################
-module "velero_backup_s3_bucket" {
-  source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "~> 3.0"
-
-  create_bucket = try(local.aws_addons.enable_velero, false)
-
-  bucket_prefix = "${local.name}-"
-
-  # Allow deletion of non-empty bucket
-  # NOTE: This is enabled for example usage only, you should not enable this for production workloads
-  force_destroy = true
-
-  attach_deny_insecure_transport_policy = true
-  attach_require_latest_tls_policy      = true
-
-  acl = "private"
-
-  block_public_acls       = true
-  block_public_policy     = true
-  ignore_public_acls      = true
-  restrict_public_buckets = true
-
-  control_object_ownership = true
-  object_ownership         = "BucketOwnerPreferred"
-
-  versioning = {
-    status     = true
-    mfa_delete = false
-  }
-
-  server_side_encryption_configuration = {
-    rule = {
-      apply_server_side_encryption_by_default = {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
-
-  tags = local.tags
-}
-

argocd/iac/terraform/examples/eks/ingress-alb/main.tf

@@ -1,9 +1,9 @@
 provider "aws" {
   region = local.region
 }
+data "aws_caller_identity" "current" {}
 data "aws_availability_zones" "available" {}
 
-
 provider "helm" {
   kubernetes {
     host                   = module.eks.cluster_endpoint
@@ -42,17 +42,11 @@ provider "kubernetes" {
   }
 }
 
-# To get the hosted zone to be use in argocd domain
-data "aws_route53_zone" "domain_name" {
-  count        = local.enable_ingress ? 1 : 0
-  name         = local.domain_name
-  private_zone = local.domain_private_zone
-}
-
 locals {
-  name        = "ex-${replace(basename(path.cwd), "_", "-")}"
-  environment = "dev"
-  region      = "us-west-2"
+  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
+  environment     = "dev"
+  region          = "us-west-2"
+  cluster_version = "1.27"
 
   enable_ingress      = true
   domain_private_zone = false
@@ -100,12 +94,16 @@ locals {
     #enable_vpa                                   = true
     #enable_foo                                   = true # you can add any addon here, make sure to update the gitops repo with the corresponding application set
   }
-  addons = merge(local.aws_addons, local.oss_addons)
+  addons = merge(local.aws_addons, local.oss_addons, { kubernetes_version = local.cluster_version })
 
-  addons_metadata = merge({
-    aws_vpc_id = module.vpc.vpc_id # Only required when enabling the aws_gateway_api_controller addon
-    },
+  addons_metadata = merge(
     module.eks_blueprints_addons.gitops_metadata,
+    {
+      aws_cluster_name = module.eks.cluster_name
+      aws_region       = local.region
+      aws_account_id   = data.aws_caller_identity.current.account_id
+      aws_vpc_id       = module.vpc.vpc_id
+    },
     {
       argocd_hosts                = "[${local.argocd_host}]"
       external_dns_domain_filters = "[${local.domain_name}]"
@@ -196,7 +194,7 @@ module "eks" {
   version = "~> 19.13"
 
   cluster_name                   = local.name
-  cluster_version                = "1.27"
+  cluster_version                = local.cluster_version
   cluster_endpoint_public_access = true
 
 
@@ -260,6 +258,17 @@ module "vpc" {
   tags = local.tags
 }
 
+################################################################################
+# Route 53
+################################################################################
+# To get the hosted zone to be use in argocd domain
+data "aws_route53_zone" "domain_name" {
+  count        = local.enable_ingress ? 1 : 0
+  name         = local.domain_name
+  private_zone = local.domain_private_zone
+}
+
+
 ################################################################################
 # ACM Certificate
 ################################################################################