Skip to content

Commit e1040cd

Browse files
gtoonstragtoonstra
committed
[ENG-3067]: Deploy new pools for ARC
1 parent bd7d629 commit e1040cd

File tree

2 files changed

+228
-126
lines changed

2 files changed

+228
-126
lines changed

main.tf

Lines changed: 169 additions & 85 deletions
Original file line numberDiff line numberDiff line change
@@ -86,9 +86,9 @@ locals {
8686
subnet_ids = [local.vpc_private_subnets[var.private_subnet_index]]
8787
disk_size = var.default_node_disk_size
8888
tags = {
89-
"k8s.io/cluster-autoscaler/enabled" = "true"
90-
"k8s.io/cluster-autoscaler/${var.deployment_name}" = "owned"
91-
"k8s.io/cluster-autoscaler/node-template/label/role" = "${var.deployment_name}"
89+
"k8s.io/cluster-autoscaler/enabled" = "true"
90+
"k8s.io/cluster-autoscaler/${var.deployment_name}" = "owned"
91+
"k8s.io/cluster-autoscaler/node-template/label/role" = "${var.deployment_name}"
9292
}
9393
block_device_mappings = {
9494
xvda = {
@@ -107,15 +107,15 @@ locals {
107107
http_put_response_hop_limit = 2
108108
http_tokens = "required"
109109
}
110-
}, var.managed_node_grp1)
110+
}, var.managed_node_grp1)
111111
second_node_pool = merge(
112112
{
113113
subnet_ids = [local.vpc_private_subnets[var.private_subnet_index]]
114114
disk_size = var.default_node_disk_size
115115
tags = {
116-
"k8s.io/cluster-autoscaler/enabled" = "true"
117-
"k8s.io/cluster-autoscaler/${var.deployment_name}" = "owned"
118-
"k8s.io/cluster-autoscaler/node-template/label/role" = "${var.deployment_name}"
116+
"k8s.io/cluster-autoscaler/enabled" = "true"
117+
"k8s.io/cluster-autoscaler/${var.deployment_name}" = "owned"
118+
"k8s.io/cluster-autoscaler/node-template/label/role" = "${var.deployment_name}"
119119
}
120120
block_device_mappings = {
121121
xvda = {
@@ -134,15 +134,15 @@ locals {
134134
http_put_response_hop_limit = 2
135135
http_tokens = "required"
136136
}
137-
}, var.managed_node_grp2)
137+
}, var.managed_node_grp2)
138138
third_node_pool = merge(
139139
{
140140
subnet_ids = [local.vpc_private_subnets[var.private_subnet_index]]
141141
disk_size = var.default_node_disk_size
142142
tags = {
143-
"k8s.io/cluster-autoscaler/enabled" = "true"
144-
"k8s.io/cluster-autoscaler/${var.deployment_name}" = "owned"
145-
"k8s.io/cluster-autoscaler/node-template/label/role" = "${var.deployment_name}"
143+
"k8s.io/cluster-autoscaler/enabled" = "true"
144+
"k8s.io/cluster-autoscaler/${var.deployment_name}" = "owned"
145+
"k8s.io/cluster-autoscaler/node-template/label/role" = "${var.deployment_name}"
146146
}
147147
block_device_mappings = {
148148
xvda = {
@@ -161,11 +161,95 @@ locals {
161161
http_put_response_hop_limit = 2
162162
http_tokens = "required"
163163
}
164-
}, var.managed_node_grp3)
164+
}, var.managed_node_grp3)
165+
fourth_node_pool = merge(
166+
{
167+
subnet_ids = [local.vpc_private_subnets[var.private_subnet_index]]
168+
disk_size = var.default_node_disk_size
169+
tags = {
170+
"k8s.io/cluster-autoscaler/enabled" = "true"
171+
"k8s.io/cluster-autoscaler/${var.deployment_name}" = "owned"
172+
"k8s.io/cluster-autoscaler/node-template/label/role" = "${var.deployment_name}"
173+
}
174+
block_device_mappings = {
175+
xvda = {
176+
device_name = "/dev/xvda"
177+
ebs = {
178+
volume_size = var.default_node_disk_size
179+
volume_type = "gp3"
180+
iops = 3000
181+
throughput = 125
182+
encrypted = true
183+
delete_on_termination = true
184+
}
185+
}
186+
}
187+
metadata_options = {
188+
http_put_response_hop_limit = 2
189+
http_tokens = "required"
190+
}
191+
}, var.managed_node_grp4)
192+
fifth_node_pool = merge(
193+
{
194+
subnet_ids = [local.vpc_private_subnets[var.private_subnet_index]]
195+
disk_size = var.default_node_disk_size
196+
tags = {
197+
"k8s.io/cluster-autoscaler/enabled" = "true"
198+
"k8s.io/cluster-autoscaler/${var.deployment_name}" = "owned"
199+
"k8s.io/cluster-autoscaler/node-template/label/role" = "${var.deployment_name}"
200+
}
201+
block_device_mappings = {
202+
xvda = {
203+
device_name = "/dev/xvda"
204+
ebs = {
205+
volume_size = var.default_node_disk_size
206+
volume_type = "gp3"
207+
iops = 3000
208+
throughput = 125
209+
encrypted = true
210+
delete_on_termination = true
211+
}
212+
}
213+
}
214+
metadata_options = {
215+
http_put_response_hop_limit = 2
216+
http_tokens = "required"
217+
}
218+
}, var.managed_node_grp5)
219+
sixth_node_pool = merge(
220+
{
221+
subnet_ids = [local.vpc_private_subnets[var.private_subnet_index]]
222+
disk_size = var.default_node_disk_size
223+
tags = {
224+
"k8s.io/cluster-autoscaler/enabled" = "true"
225+
"k8s.io/cluster-autoscaler/${var.deployment_name}" = "owned"
226+
"k8s.io/cluster-autoscaler/node-template/label/role" = "${var.deployment_name}"
227+
}
228+
block_device_mappings = {
229+
xvda = {
230+
device_name = "/dev/xvda"
231+
ebs = {
232+
volume_size = var.default_node_disk_size
233+
volume_type = "gp3"
234+
iops = 3000
235+
throughput = 125
236+
encrypted = true
237+
delete_on_termination = true
238+
}
239+
}
240+
}
241+
metadata_options = {
242+
http_put_response_hop_limit = 2
243+
http_tokens = "required"
244+
}
245+
}, var.managed_node_grp6)
165246
managed_node_groups = merge(
166-
{"${var.deployment_name}-k8s": local.default_node_pool},
167-
var.managed_node_grp2 != null ? {"${var.deployment_name}-k8s-two" : local.second_node_pool} : {},
168-
var.managed_node_grp3 != null ? {"${var.deployment_name}-k8s-three" : local.third_node_pool} : {}
247+
{ "${var.deployment_name}-k8s" : local.default_node_pool },
248+
var.managed_node_grp2 != null ? { "${var.deployment_name}-k8s-two" : local.second_node_pool } : {},
249+
var.managed_node_grp3 != null ? { "${var.deployment_name}-k8s-three" : local.third_node_pool } : {},
250+
var.managed_node_grp4 != null ? { "${var.deployment_name}-k8s-four" : local.fourth_node_pool } : {},
251+
var.managed_node_grp5 != null ? { "${var.deployment_name}-k8s-five" : local.fifth_node_pool } : {},
252+
var.managed_node_grp6 != null ? { "${var.deployment_name}-k8s-six" : local.sixth_node_pool } : {}
169253
)
170254
}
171255

@@ -180,14 +264,14 @@ module "clickhouse_backup" {
180264
}
181265

182266
locals {
183-
clickhouse_backup_bucket_arn = module.clickhouse_backup.clickhouse_s3_bucket_arn
267+
clickhouse_backup_bucket_arn = module.clickhouse_backup.clickhouse_s3_bucket_arn
184268
}
185269

186270
module "eks" {
187271
source = "./modules/eks"
188272

189-
deployment_name = var.deployment_name
190-
k8s_vpc = local.vpc_id
273+
deployment_name = var.deployment_name
274+
k8s_vpc = local.vpc_id
191275
# https://aws.github.io/aws-eks-best-practices/networking/subnets/
192276
k8s_subnets = local.vpc_private_subnets
193277
k8s_control_subnets = []
@@ -200,65 +284,65 @@ module "eks" {
200284
managed_node_grps = local.managed_node_groups
201285
k8s_api_access_roles = var.k8s_api_access_roles
202286

203-
tags = var.tags
204-
backend_app_port = var.backend_app_port
205-
rds_port = var.rds_port
206-
k8s_public_access_cidrs = var.k8s_public_access_cidrs
287+
tags = var.tags
288+
backend_app_port = var.backend_app_port
289+
rds_port = var.rds_port
290+
k8s_public_access_cidrs = var.k8s_public_access_cidrs
207291

208-
k8s_access_bedrock = var.k8s_access_bedrock
209-
clickhouse_backup_bucket_arn = local.clickhouse_backup_bucket_arn
210-
service_account_prefix = var.service_account_prefix
292+
k8s_access_bedrock = var.k8s_access_bedrock
293+
clickhouse_backup_bucket_arn = local.clickhouse_backup_bucket_arn
294+
service_account_prefix = var.service_account_prefix
211295
}
212296

213297
locals {
214-
cluster_name = module.eks.cluster_name
215-
control_plane_sg_id = module.eks.control_plane_security_group_id
298+
cluster_name = module.eks.cluster_name
299+
control_plane_sg_id = module.eks.control_plane_security_group_id
216300
}
217301

218302
module "database" {
219303
source = "./modules/database"
220304

221-
deployment_name = var.deployment_name
222-
rds_identifier = var.rds_identifier
223-
provider_region = var.provider_region
224-
vpc_private_subnets = local.vpc_private_subnets
225-
rds_username = var.rds_username
226-
rds_password_override = var.rds_password_override
227-
rds_instance = var.rds_instance
228-
rds_allocated_storage = var.rds_allocated_storage
229-
rds_max_allocated_storage = var.rds_max_allocated_storage
230-
rds_backups_replication_target_region = var.rds_backups_replication_target_region
231-
rds_backups_replication_retention_period = var.rds_backups_replication_retention_period
232-
rds_backup_window = var.rds_backup_window
233-
rds_maintenance_window = var.rds_maintenance_window
234-
create_rds_kms_key = var.create_rds_kms_key
235-
rds_kms_key_alias = var.rds_kms_key_alias
236-
use_default_rds_kms_key = var.use_default_rds_kms_key
237-
database_name = var.database_name
238-
db_subnet_group_name = var.db_subnet_group_name
239-
db_parameter_group_name = var.db_parameter_group_name
240-
rds_ro_username = var.rds_ro_username
241-
rds_version = var.rds_version
242-
rds_port = var.rds_port
243-
rds_param_group_family = var.rds_param_group_family
244-
apply_major_upgrade = var.apply_major_upgrade
245-
db_instance_tags = var.db_instance_tags
246-
db_parameter_group_tags = var.db_parameter_group_tags
247-
db_subnet_group_tags = var.db_subnet_group_tags
248-
rds_extra_tags = var.rds_extra_tags
249-
security_group_id = local.db_security_group_id
250-
db_extra_parameters = var.db_extra_parameters
251-
rds_multi_az = var.rds_multi_az
252-
rds_copy_tags_to_snapshot = var.rds_copy_tags_to_snapshot
253-
rds_performance_insights_enabled = var.rds_performance_insights_enabled
254-
rds_performance_insights_retention_period= var.rds_performance_insights_retention_period
255-
rds_monitoring_role_arn = var.rds_monitoring_role_arn
256-
rds_auto_minor_version_upgrade = var.rds_auto_minor_version_upgrade
257-
rds_monitoring_interval = var.rds_monitoring_interval
305+
deployment_name = var.deployment_name
306+
rds_identifier = var.rds_identifier
307+
provider_region = var.provider_region
308+
vpc_private_subnets = local.vpc_private_subnets
309+
rds_username = var.rds_username
310+
rds_password_override = var.rds_password_override
311+
rds_instance = var.rds_instance
312+
rds_allocated_storage = var.rds_allocated_storage
313+
rds_max_allocated_storage = var.rds_max_allocated_storage
314+
rds_backups_replication_target_region = var.rds_backups_replication_target_region
315+
rds_backups_replication_retention_period = var.rds_backups_replication_retention_period
316+
rds_backup_window = var.rds_backup_window
317+
rds_maintenance_window = var.rds_maintenance_window
318+
create_rds_kms_key = var.create_rds_kms_key
319+
rds_kms_key_alias = var.rds_kms_key_alias
320+
use_default_rds_kms_key = var.use_default_rds_kms_key
321+
database_name = var.database_name
322+
db_subnet_group_name = var.db_subnet_group_name
323+
db_parameter_group_name = var.db_parameter_group_name
324+
rds_ro_username = var.rds_ro_username
325+
rds_version = var.rds_version
326+
rds_port = var.rds_port
327+
rds_param_group_family = var.rds_param_group_family
328+
apply_major_upgrade = var.apply_major_upgrade
329+
db_instance_tags = var.db_instance_tags
330+
db_parameter_group_tags = var.db_parameter_group_tags
331+
db_subnet_group_tags = var.db_subnet_group_tags
332+
rds_extra_tags = var.rds_extra_tags
333+
security_group_id = local.db_security_group_id
334+
db_extra_parameters = var.db_extra_parameters
335+
rds_multi_az = var.rds_multi_az
336+
rds_copy_tags_to_snapshot = var.rds_copy_tags_to_snapshot
337+
rds_performance_insights_enabled = var.rds_performance_insights_enabled
338+
rds_performance_insights_retention_period = var.rds_performance_insights_retention_period
339+
rds_monitoring_role_arn = var.rds_monitoring_role_arn
340+
rds_auto_minor_version_upgrade = var.rds_auto_minor_version_upgrade
341+
rds_monitoring_interval = var.rds_monitoring_interval
258342
}
259343

260344
module "private_access" {
261-
count = var.deploy_private_access ? 1 : 0
345+
count = var.deploy_private_access ? 1 : 0
262346
source = "./modules/private_access"
263347

264348
allowed_principals = var.allowed_principals
@@ -281,7 +365,7 @@ resource "aws_ebs_volume" "clickhouse_data" {
281365

282366
tags = merge({
283367
Name = "${var.deployment_name}-clickhouse-data"
284-
}, var.ebs_extra_tags)
368+
}, var.ebs_extra_tags)
285369
}
286370

287371
resource "aws_ebs_volume" "clickhouse_logs" {
@@ -311,34 +395,34 @@ resource "aws_ebs_volume" "redis_data" {
311395
}
312396

313397
resource "random_password" "clickhouse_password" {
314-
length = 16
315-
min_upper = 2
316-
min_lower = 2
317-
min_numeric = 2
318-
special = false
398+
length = 16
399+
min_upper = 2
400+
min_lower = 2
401+
min_numeric = 2
402+
special = false
319403
}
320404

321405
resource "random_password" "redis_password" {
322-
length = 12
323-
special = false
406+
length = 12
407+
special = false
324408
}
325409

326410
module "github_reverse_proxy" {
327411
count = var.deploy_github_reverse_proxy ? 1 : 0
328412

329413
source = "./modules/github_reverse_proxy"
330414

331-
deployment_name = var.deployment_name
332-
environment = var.environment
333-
region = var.provider_region
334-
vpc_cidr = local.vpc_cidr
335-
vpc_id = local.vpc_id
336-
vpc_private_subnets = local.vpc_private_subnets
337-
github_cidrs = var.github_cidrs
338-
datadog_api_key = var.datadog_api_key
339-
use_private_egress = var.lb_internal
340-
341-
private_system_endpoint = module.load_balancer.load_balancer_dns
415+
deployment_name = var.deployment_name
416+
environment = var.environment
417+
region = var.provider_region
418+
vpc_cidr = local.vpc_cidr
419+
vpc_id = local.vpc_id
420+
vpc_private_subnets = local.vpc_private_subnets
421+
github_cidrs = var.github_cidrs
422+
datadog_api_key = var.datadog_api_key
423+
use_private_egress = var.lb_internal
424+
425+
private_system_endpoint = module.load_balancer.load_balancer_dns
342426
}
343427

344428
module "vpc_peering" {
@@ -368,7 +452,7 @@ resource "null_resource" "deployment_check" {
368452
}
369453

370454
provisioner "local-exec" {
371-
command = <<-EOT
455+
command = <<-EOT
372456
# Get the load balancer IPs value
373457
LB_IPS="${module.load_balancer.load_balancer_ips}"
374458

0 commit comments

Comments
 (0)