gitops-tf-scripts/cluster-eks.tf at main · kpiyush17/gitops-tf-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
locals {
  cluster_files = fileset("${path.module}/config", "cluster-eks-*.yaml")
  clusters = {
    for k in local.cluster_files :
    trimsuffix(k, ".yaml") => yamldecode(file("config/${k}"))
  }

  # rbac_yaml    = yamldecode(file("rbac.yaml"))
  # rbac_all_crb = lookup(local.rbac_yaml.all_clusters, "clusterRoleBindings", [])
  # rbac_all_rb  = lookup(local.rbac_yaml.all_clusters, "namespaces", [])
  # rbac_all_crb = lookup(local.rbac_yaml.all_clusters, "clusterRoleBindings", [])
  # rbac_all_rb  = lookup(local.rbac_yaml.all_clusters, "namespaces", [])
  #
  # rbac_map = {
  #   for k, v in local.rbac_yaml.clusters :
  #   k => {
  #     clusterRoleBindings = concat(local.rbac_all_crb, lookup(v, "clusterRoleBindings", []))
  #     namespaces        = concat(local.rbac_all_rb, lookup(v, "namespaces", []))
  #   }
  # }
}

variable "profileregistrationtemplate" {
  type = string
  default = <<EOT
apiVersion: ehl.ees/v1
kind: ProfileInstallation
metadata:
  name: {{PROFILE_NAME}}
spec:
  name: {{PROFILE_NAME}}
---
EOT
}

################################  Clusters   ####################################################

# Create the VMware cluster
resource "spectrocloud_cluster_eks" "this" {
  for_each = local.clusters
  name     = each.value.name

  cluster_profile {
    id = local.profile_ids[each.value.profiles.infra]

    pack {
      name   = "spectro-rbac"
      tag    = "1.0.0"
      values = <<-EOT
        charts:
          spectro-rbac:
            ${indent(4, replace(yamlencode(each.value.rbac), "/((?:^|\n)[\\s-]*)\"([\\w-]+)\":/", "$1$2:"))}
      EOT
    }

#    pack {
#      name   = data.spectrocloud_pack.byom.name
#      tag    = data.spectrocloud_pack.byom.version
#      values = <<-EOT
#        manifests:
#          byo-manifest:
#            contents: |
#            ${indent(4, trim(yamlencode(join("", values({for k in each.value.active-profile-registration : k => replace(var.profileregistrationtemplate, "{{PROFILE_NAME}}", k)}))), "|"))}
#
#      EOT
#    }
  }

  cluster_profile {
    id = local.profile_ids[each.value.profiles.ehl]
  }

  cloud_account_id = local.account_ids[each.value.cloud_account]

  cloud_config {
    # ssh_key_name = var.cluster_ssh_public_key_name
    region              = each.value.cloud_config.aws_region
    vpc_id              = each.value.cloud_config.aws_vpc_id
    az_subnets          = each.value.cloud_config.eks_subnets
    azs                 = []
    public_access_cidrs = []
  }

  backup_policy {
    schedule                  = each.value.backup_policy.schedule
    backup_location_id        = local.bsl_ids[each.value.backup_policy.backup_location]
    prefix                    = each.value.backup_policy.prefix
    expiry_in_hour            = 7200
    include_disks             = true
    include_cluster_resources = true
  }

  scan_policy {
    configuration_scan_schedule = each.value.scan_policy.configuration_scan_schedule
    penetration_scan_schedule   = each.value.scan_policy.penetration_scan_schedule
    conformance_scan_schedule   = each.value.scan_policy.conformance_scan_schedule
  }

  # pack {
  #   name = "kubernetes"
  #   tag  = var.cluster_packs["k8s"].tag
  #   values = templatefile(var.cluster_packs["k8s"].file, {
  #     certSAN: "api-${local.fqdn}",
  #     issuerURL: "dex.${local.fqdn}",
  #     etcd_encryption_key: random_id.etcd_encryption_key.b64_std
  #   })
  # }

  dynamic "machine_pool" {
    for_each = each.value.node_groups
    content {
      name          = machine_pool.value.name
      count         = machine_pool.value.count
      instance_type = machine_pool.value.instance_type
      az_subnets    = machine_pool.value.worker_subnets
      disk_size_gb  = machine_pool.value.disk_size_gb
      azs           = []
    }
  }
  dynamic "fargate_profile" {
    for_each = each.value.fargate_profiles
    content {
      name            = fargate_profile.value.name
      subnets         = fargate_profile.value.subnets
      additional_tags = fargate_profile.value.additional_tags
      dynamic "selector" {
        for_each = fargate_profile.value.selectors
        content {
          namespace = selector.value.namespace
          labels    = selector.value.labels
        }
      }
    }
  }
}