diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 2faf43d..0000000 --- a/.gitignore +++ /dev/null @@ -1,37 +0,0 @@ -# Local .terraform directories -**/.terraform/* - -# .tfstate files -*.tfstate -*.tfstate.* - -# Crash log files -crash.log -crash.*.log - -# Exclude all .tfvars files, which are likely to contain sensitive data, such as -# password, private keys, and other secrets. These should not be part of version -# control as they are data points which are potentially sensitive and subject -# to change depending on the environment. -*.tfvars -*.tfvars.json - -# Ignore override files as they are usually used to override resources locally and so -# are not checked in -override.tf -override.tf.json -*_override.tf -*_override.tf.json - -# Ignore transient lock info files created by terraform apply -.terraform.tfstate.lock.info - -# Include override files you do wish to add to version control using negated pattern -# !example_override.tf - -# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* - -# Ignore CLI configuration files -.terraformrc -terraform.rc diff --git a/LICENSE b/LICENSE deleted file mode 100644 index bc293b6..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2025 Sandip Das - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/README.md b/README.md deleted file mode 100644 index 83716a7..0000000 --- a/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# eks-auto-mode-workshop -Read Guide here: https://www.learnxops.com/p/amazon-eks-auto-mode-workshop diff --git a/feature.txt b/feature.txt new file mode 100644 index 0000000..ac4d8e9 --- /dev/null +++ b/feature.txt @@ -0,0 +1 @@ +New feature added! diff --git a/k8s/eks-wp/alb.yaml b/k8s/eks-wp/alb.yaml deleted file mode 100644 index 544793f..0000000 --- a/k8s/eks-wp/alb.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: default - name: wordpress-service -spec: - ports: - - port: 80 - targetPort: 80 - protocol: TCP - selector: - app: wordpress - tier: frontend ---- -apiVersion: eks.amazonaws.com/v1 -kind: IngressClassParams -metadata: - name: eks-auto-alb -spec: - scheme: internet-facing ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: eks-auto-alb -spec: - controller: eks.amazonaws.com/alb - parameters: - apiGroup: eks.amazonaws.com - kind: IngressClassParams - name: eks-auto-alb ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - namespace: default - name: ingress-wordpress-public - annotations: - alb.ingress.kubernetes.io/target-type: ip - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' -spec: - ingressClassName: eks-auto-alb - rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: wordpress-service - port: - number: 80 \ No newline at end of file diff --git a/k8s/eks-wp/hpa.yaml b/k8s/eks-wp/hpa.yaml deleted file mode 100644 index edfec46..0000000 --- a/k8s/eks-wp/hpa.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: autoscaling/v2 -kind: HorizontalPodAutoscaler -metadata: - name: wordpress-hpa -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: wordpress - minReplicas: 2 - maxReplicas: 10 - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 50 # Scale if CPU usage exceeds 50% - - type: Resource - resource: - name: memory - target: - type: Utilization - averageUtilization: 60 # Scale if Memory usage exceeds 60% diff --git a/k8s/eks-wp/kustomization.yaml b/k8s/eks-wp/kustomization.yaml deleted file mode 100644 index 2f61572..0000000 --- a/k8s/eks-wp/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -resources: - - wordpress_secret.yaml - - wp_storage_class.yaml - - wp_pv.yaml - - wp_pvc.yaml - - wordpress-deployment.yaml - - hpa.yaml - - alb.yaml \ No newline at end of file diff --git a/k8s/eks-wp/wordpress-deployment.yaml b/k8s/eks-wp/wordpress-deployment.yaml deleted file mode 100644 index 62e51af..0000000 --- a/k8s/eks-wp/wordpress-deployment.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: wordpress -spec: - replicas: 2 - selector: - matchLabels: - app: wordpress - tier: frontend - template: - metadata: - labels: - app: wordpress - tier: frontend - spec: - serviceAccountName: wordpress-deployment-sa # Ensure IAM role is associated - containers: - - name: wordpress - image: wordpress:php8.1-apache # Updated to PHP 8.1 - env: - - name: WORDPRESS_DB_HOST - value: sandbox-vpc-eks-test-aurora-cluster.cluster-ckx2tshx1lyr.us-west-2.rds.amazonaws.com - - name: WORDPRESS_DB_USER - value: "" - - name: WORDPRESS_DB_PASSWORD - value: "" - command: ["/bin/sh", "-c"] - args: - - export WORDPRESS_DB_USER=$(cat /mnt/secrets-store/db_username); - export WORDPRESS_DB_PASSWORD=$(cat /mnt/secrets-store/db_password); - apache2-foreground; - volumeMounts: - - name: wordpress-persistent-storage - mountPath: /var/www/html - - name: secrets-store - mountPath: "/mnt/secrets-store" - readOnly: true - volumes: - - name: wordpress-persistent-storage - persistentVolumeClaim: - claimName: wordpress-efs-pvc - - name: secrets-store - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: "wordpress-aws-secrets" diff --git a/k8s/eks-wp/wordpress_secret.yaml b/k8s/eks-wp/wordpress_secret.yaml deleted file mode 100644 index 4ba5b79..0000000 --- a/k8s/eks-wp/wordpress_secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: secrets-store.csi.x-k8s.io/v1 -kind: SecretProviderClass -metadata: - name: wordpress-aws-secrets -spec: - provider: aws - parameters: - objects: | - - objectName: "mysql-db-secret" - objectType: "secretsmanager" - jmesPath: - - path: username - objectAlias: db_username - - path: password - objectAlias: db_password - secretObjects: - - secretName: wordpress-db-secret - type: Opaque - data: - - objectName: db_username - key: db_username - - objectName: db_password - key: db_password diff --git a/k8s/eks-wp/wp_pv.yaml b/k8s/eks-wp/wp_pv.yaml deleted file mode 100644 index a4f0946..0000000 --- a/k8s/eks-wp/wp_pv.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: wordpress-efs-pv -spec: - capacity: - storage: 5Gi - volumeMode: Filesystem - accessModes: - - ReadWriteMany - persistentVolumeReclaimPolicy: Retain - storageClassName: efs-sc - csi: - driver: efs.csi.aws.com - volumeHandle: "fs-0ee1b4dbced5069b7::fsap-0cb562bcc23dbe9bd" \ No newline at end of file diff --git a/k8s/eks-wp/wp_pvc.yaml b/k8s/eks-wp/wp_pvc.yaml deleted file mode 100644 index 99d2c79..0000000 --- a/k8s/eks-wp/wp_pvc.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: wordpress-efs-pvc - labels: - app: wordpress -spec: - accessModes: - - ReadWriteMany - storageClassName: efs-sc - resources: - requests: - storage: 5Gi \ No newline at end of file diff --git a/k8s/eks-wp/wp_storage_class.yaml b/k8s/eks-wp/wp_storage_class.yaml deleted file mode 100644 index d37ec23..0000000 --- a/k8s/eks-wp/wp_storage_class.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: efs-sc -provisioner: efs.csi.aws.com \ No newline at end of file diff --git a/k8s/sample_deployment.yaml b/k8s/sample_deployment.yaml deleted file mode 100644 index cf11c30..0000000 --- a/k8s/sample_deployment.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: default - name: deployment-2048 -spec: - selector: - matchLabels: - app.kubernetes.io/name: app-2048 - replicas: 3 - template: - metadata: - labels: - app.kubernetes.io/name: app-2048 - spec: - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - minDomains: 2 - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: app-2048 - containers: - - image: alexwhen/docker-2048 - imagePullPolicy: Always - name: app-2048 - ports: - - containerPort: 80 ---- -apiVersion: v1 -kind: Service -metadata: - namespace: default - name: service-2048 -spec: - ports: - - port: 80 - targetPort: 80 - protocol: TCP - selector: - app.kubernetes.io/name: app-2048 ---- -apiVersion: eks.amazonaws.com/v1 -kind: IngressClassParams -metadata: - name: eks-auto-alb -spec: - scheme: internet-facing ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - name: eks-auto-alb -spec: - controller: eks.amazonaws.com/alb - parameters: - apiGroup: eks.amazonaws.com - kind: IngressClassParams - name: eks-auto-alb ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - namespace: default - name: ingress-2048-public - annotations: - alb.ingress.kubernetes.io/target-type: ip - alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' -spec: - ingressClassName: eks-auto-alb - rules: - - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: service-2048 - port: - number: 80 \ No newline at end of file diff --git a/k8s/scripts/eks_check.sh b/k8s/scripts/eks_check.sh deleted file mode 100755 index 0ee1e44..0000000 --- a/k8s/scripts/eks_check.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -# Check if kubectl is installed -if ! command -v kubectl &> /dev/null; then - echo "kubectl not found. Please install it first." - exit 1 -fi - -# 1. Verify cluster connectivity -echo "Checking cluster information..." -kubectl cluster-info - -# 2. List all nodes to confirm they are ready -echo "Listing all nodes..." -kubectl get nodes - -# 3. Check the current Kubernetes context -echo "Checking the current kubeconfig context..." -kubectl config current-context - -# 4. List all namespaces to verify access scope -echo "Listing all namespaces..." -kubectl get ns - -# 5. Run a test pod to check deployment capability -echo "Deploying a test pod..." -kubectl run test-pod --image=nginx --restart=Never -echo "Waiting for the test pod to be scheduled..." -sleep 5 # Give Kubernetes time to schedule the pod - -# 6. Verify the test pod status -echo "Checking test pod status..." -kubectl get pods - -echo "EKS cluster verification completed." - -# Cleanup test pod (optional) -echo "Cleaning up test pod..." -kubectl delete pod test-pod --ignore-not-found=true diff --git a/k8s/scripts/install_drivers.sh b/k8s/scripts/install_drivers.sh deleted file mode 100644 index 00fdc32..0000000 --- a/k8s/scripts/install_drivers.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -set -e # Exit immediately if any command fails - -echo "Starting installation of CSI drivers and Metrics Server..." - -# Add and update AWS EFS CSI Driver Helm repository -echo "Adding and updating AWS EFS CSI Driver Helm repository..." -helm repo add aws-efs-csi-driver https://kubernetes-sigs.github.io/aws-efs-csi-driver/ -helm repo update -echo "Installing AWS EFS CSI Driver..." -helm upgrade --install aws-efs-csi-driver --namespace kube-system aws-efs-csi-driver/aws-efs-csi-driver - -# Add and update Secrets Store CSI Driver Helm repository -echo "Adding and updating Secrets Store CSI Driver Helm repository..." -helm repo add secrets-store-csi-driver https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts -helm repo update -echo "Installing Secrets Store CSI Driver..." -helm install -n kube-system csi-secrets-store secrets-store-csi-driver/secrets-store-csi-driver - -# Install AWS Provider for Secrets Store CSI Driver -echo "Applying AWS provider for Secrets Store CSI Driver..." -kubectl apply -f https://raw.githubusercontent.com/aws/secrets-store-csi-driver-provider-aws/main/deployment/aws-provider-installer.yaml - -# Add and update AWS Secrets Manager provider Helm repository -echo "Adding and updating AWS Secrets Manager provider Helm repository..." -helm repo add aws-secrets-manager https://aws.github.io/secrets-store-csi-driver-provider-aws -helm repo update -echo "Installing AWS Secrets Manager provider..." -helm install -n kube-system secrets-provider-aws aws-secrets-manager/secrets-store-csi-driver-provider-aws - -# Add and update Metrics Server Helm repository -echo "Adding and updating Metrics Server Helm repository..." -helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/ -helm repo update -echo "Installing Metrics Server..." -helm install metrics-server metrics-server/metrics-server \ - --namespace kube-system \ - --set args={--kubelet-insecure-tls} - -echo "Installation completed successfully!" \ No newline at end of file diff --git a/k8s/scripts/setup_eks_iam_sa.sh b/k8s/scripts/setup_eks_iam_sa.sh deleted file mode 100755 index e4e02bc..0000000 --- a/k8s/scripts/setup_eks_iam_sa.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -# Exit on error -set -e - -# Ensure cluster name and region are passed as arguments -if [ "$#" -ne 2 ]; then - echo "Usage: $0 " - exit 1 -fi - -CLUSTER_NAME="$1" -REGION="$2" - -# Check if the cluster exists -echo "Checking if EKS cluster '$CLUSTER_NAME' exists in region '$REGION'..." -if ! aws eks describe-cluster --name "$CLUSTER_NAME" --region "$REGION" --query "cluster.status" --output text 2>/dev/null | grep -q "ACTIVE"; then - echo "Error: Cluster '$CLUSTER_NAME' does not exist or is not active in region '$REGION'." - exit 1 -fi - -echo "Cluster '$CLUSTER_NAME' exists and is active." - -# Create IAM Policy -POLICY_NAME="wordpress-deployment-demo-updated-policy" -echo "Creating IAM policy '$POLICY_NAME'..." -POLICY_ARN=$(aws iam create-policy \ - --region "$REGION" \ - --policy-name "$POLICY_NAME" \ - --policy-document '{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": ["secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret"], - "Resource": ["arn:aws:secretsmanager:'"$REGION"':*:secret:mysql-db-secret-*"] - } - ] - }' --query "Policy.Arn" --output text) - -echo "IAM policy created with ARN: $POLICY_ARN" - -# Associate IAM OIDC provider (only run if not already associated) -if ! eksctl utils describe-iam-identity-mappings --cluster "$CLUSTER_NAME" --region "$REGION" | grep -q "arn:aws:iam::"; then - echo "Associating IAM OIDC provider..." - eksctl utils associate-iam-oidc-provider --region="$REGION" --cluster="$CLUSTER_NAME" --approve - echo "OIDC provider associated." -else - echo "OIDC provider already associated." -fi - -# Create IAM Service Account -SA_NAME="wordpress-deployment-demo-sa-updated" -echo "Creating IAM Service Account '$SA_NAME'..." -eksctl create iamserviceaccount \ - --name "$SA_NAME" \ - --region "$REGION" \ - --cluster "$CLUSTER_NAME" \ - --attach-policy-arn "$POLICY_ARN" \ - --approve \ - --override-existing-serviceaccounts - -echo "IAM Service Account '$SA_NAME' created successfully." \ No newline at end of file diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl deleted file mode 100644 index a87aeba..0000000 --- a/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,61 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/gavinbunney/kubectl" { - version = "1.14.0" - constraints = "~> 1.14.0" - hashes = [ - "h1:ItrWfCZMzM2JmvDncihBMalNLutsAk7kyyxVRaipftY=", - "zh:0350f3122ff711984bbc36f6093c1fe19043173fad5a904bce27f86afe3cc858", - "zh:07ca36c7aa7533e8325b38232c77c04d6ef1081cb0bac9d56e8ccd51f12f2030", - "zh:0c351afd91d9e994a71fe64bbd1662d0024006b3493bb61d46c23ea3e42a7cf5", - "zh:39f1a0aa1d589a7e815b62b5aa11041040903b061672c4cfc7de38622866cbc4", - "zh:428d3a321043b78e23c91a8d641f2d08d6b97f74c195c654f04d2c455e017de5", - "zh:4baf5b1de2dfe9968cc0f57fd4be5a741deb5b34ee0989519267697af5f3eee5", - "zh:6131a927f9dffa014ab5ca5364ac965fe9b19830d2bbf916a5b2865b956fdfcf", - "zh:c62e0c9fd052cbf68c5c2612af4f6408c61c7e37b615dc347918d2442dd05e93", - "zh:f0beffd7ce78f49ead612e4b1aefb7cb6a461d040428f514f4f9cc4e5698ac65", - ] -} - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.89.0" - constraints = ">= 5.46.0" - hashes = [ - "h1:rFvk42jJEKiSUhK1cbERfNgYm4mD+8tq0ZcxCwpXSJs=", - "zh:0e55784d6effc33b9098ffab7fb77a242e0223a59cdcf964caa0be94d14684af", - "zh:23c64f3eaeffcafb007c89db3dfca94c8adf06b120af55abddaca55a6c6c924c", - "zh:338f620133cb607ce980f1725a0a78f61cbd42f4c601808ec1ee01a6c16c9811", - "zh:6ab0499172f17484d7b39924cf06782789df1473d31ebae0c7f3294f6e7a1227", - "zh:6dcde3e29e538cdf80971cbdce3b285056fd0e31dd64b02d2dcdf4c02f21d0a9", - "zh:75c9b594d77c9125bfb1aaf3fbd77a49e392841d53029b5726eb71d64de1233e", - "zh:7b334c23091e7b4c142e378416586292197c40a31a5bdb3b29c4f9afddd286f0", - "zh:991bbba72e5eb6eb351f466d68080992f5b0495f862a6723f386d1b4c965aa7d", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9bd2f12eef4a5dceafc211ab3b9a63f0e3e224007a60c1bbb842f76e0377033d", - "zh:b1ac1eb3b3e1a79fa5e5ad3364615f23b9ee0b093ceeb809fd386a4d40e7abb4", - "zh:cea91f43151b30c428c441b97c3b98bf1e5fb72ef72f6971308e3895e23437f4", - "zh:d3f000a1696a43d8186a516aace7d476d1fd76443627980504133477e19c8ecb", - "zh:d6f526fbbb3e51b3acc3b9640a158f7acc4a089632fca8ec6db430b450673f25", - "zh:e0c542950f96c93e761d50602e449fef8447f1389a6d5242a0a7dc9b06826d0b", - ] -} - -provider "registry.terraform.io/hashicorp/random" { - version = "3.7.1" - hashes = [ - "h1:t152MY0tQH4a8fLzTtEWx70ITd3azVOrFDn/pQblbto=", - "zh:3193b89b43bf5805493e290374cdda5132578de6535f8009547c8b5d7a351585", - "zh:3218320de4be943e5812ed3de995946056db86eb8d03aa3f074e0c7316599bef", - "zh:419861805a37fa443e7d63b69fb3279926ccf98a79d256c422d5d82f0f387d1d", - "zh:4df9bd9d839b8fc11a3b8098a604b9b46e2235eb65ef15f4432bde0e175f9ca6", - "zh:5814be3f9c9cc39d2955d6f083bae793050d75c572e70ca11ccceb5517ced6b1", - "zh:63c6548a06de1231c8ee5570e42ca09c4b3db336578ded39b938f2156f06dd2e", - "zh:697e434c6bdee0502cc3deb098263b8dcd63948e8a96d61722811628dce2eba1", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a0b8e44927e6327852bbfdc9d408d802569367f1e22a95bcdd7181b1c3b07601", - "zh:b7d3af018683ef22794eea9c218bc72d7c35a2b3ede9233b69653b3c782ee436", - "zh:d63b911d618a6fe446c65bfc21e793a7663e934b2fef833d42d3ccd38dd8d68d", - "zh:fa985cd0b11e6d651f47cff3055f0a9fd085ec190b6dbe99bf5448174434cdea", - ] -} diff --git a/terraform/aurora_mysql.tf b/terraform/aurora_mysql.tf deleted file mode 100644 index f514c48..0000000 --- a/terraform/aurora_mysql.tf +++ /dev/null @@ -1,140 +0,0 @@ -# Security Group for Aurora - Allows MySQL Access from EKS Nodes -resource "aws_security_group" "aurora_sg" { - name = "${var.cluster_name}-aurora-sg" - description = "Security group for Aurora MySQL allowing access from EKS" - vpc_id = module.vpc_eks.vpc_id - - ingress { - from_port = 3306 - to_port = 3306 - protocol = "tcp" - cidr_blocks = [var.vpc_cidr] # Only allow EKS VPC access - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = { - Name = "${var.cluster_name}-aurora-sg" - } -} - -# Store Database Credentials in AWS Secrets Manager -resource "aws_secretsmanager_secret" "db_secret" { - name = "mysql-db-secret" -} - -resource "aws_secretsmanager_secret_version" "db_secret_version" { - secret_id = aws_secretsmanager_secret.db_secret.id - secret_string = jsonencode({ - username = "admin" - password = random_password.db_password.result - }) -} - -# Generate a random password for the database -resource "random_password" "db_password" { - length = 16 - special = true - override_special = "!@#%^&*()-_=+[]{}<>:?" -} - -# Aurora MySQL Cluster Parameter Group -resource "aws_rds_cluster_parameter_group" "aurora_pg" { - name = "${var.cluster_name}-aurora-pg" - family = "aurora-mysql8.0" - description = "Aurora MySQL Cluster Parameter Group" - - parameter { - name = "character_set_server" - value = "utf8mb4" - } - - parameter { - name = "collation_server" - value = "utf8mb4_general_ci" - } -} - -resource "aws_db_subnet_group" "aurora_subnet_group" { - name = "${var.cluster_name}-aurora-subnet-group" - subnet_ids = module.vpc_eks.private_subnets # ✅ Uses EKS VPC subnets - - tags = { - Name = "${var.cluster_name}-aurora-subnet-group" - } -} - -# Aurora MySQL Serverless Cluster -resource "aws_rds_cluster" "aurora" { - cluster_identifier = "${var.cluster_name}-aurora-cluster" - engine = "aurora-mysql" - engine_mode = "provisioned" # Use "serverless" for Serverless v1 - engine_version = "8.0.mysql_aurora.3.05.2" # Aurora MySQL 8 - database_name = "wordpressdb" - master_username = jsondecode(aws_secretsmanager_secret_version.db_secret_version.secret_string)["username"] - master_password = jsondecode(aws_secretsmanager_secret_version.db_secret_version.secret_string)["password"] - db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.aurora_pg.name - vpc_security_group_ids = [aws_security_group.aurora_sg.id] - db_subnet_group_name = aws_db_subnet_group.aurora_subnet_group.name - storage_encrypted = true - deletion_protection = false - serverlessv2_scaling_configuration { - min_capacity = 0.5 - max_capacity = 2.0 - } - - skip_final_snapshot = true - - tags = { - Name = "${var.cluster_name}-aurora" - } -} - -# Aurora MySQL Instance (Serverless) -resource "aws_rds_cluster_instance" "aurora_instance" { - count = 2 - identifier = "${var.cluster_name}-aurora-instance-${count.index}" - cluster_identifier = aws_rds_cluster.aurora.id - instance_class = "db.serverless" - engine = aws_rds_cluster.aurora.engine -} - -# IAM Role for EKS to Access Secret Manager -resource "aws_iam_role" "eks_secret_access" { - name = "${var.cluster_name}-eks-secret-access" - - assume_role_policy = jsonencode({ - Version = "2012-10-17" - Statement = [{ - Effect = "Allow" - Principal = { - Service = "eks.amazonaws.com" - } - Action = "sts:AssumeRole" - }] - }) -} - -resource "aws_iam_policy" "secret_access_policy" { - name = "${var.cluster_name}-secret-access" - description = "Allows access to Aurora MySQL secrets" - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [{ - Effect = "Allow" - Action = ["secretsmanager:GetSecretValue"] - Resource = aws_secretsmanager_secret.db_secret.arn - }] - }) -} - -resource "aws_iam_role_policy_attachment" "eks_secret_access_attach" { - policy_arn = aws_iam_policy.secret_access_policy.arn - role = aws_iam_role.eks_secret_access.name -} diff --git a/terraform/back_end/production.tf b/terraform/back_end/production.tf deleted file mode 100644 index ffe7752..0000000 --- a/terraform/back_end/production.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - backend "s3" { - bucket = "mycompany-terraform-state" # S3 bucket for states (pre-created) - key = "projectX/dev/terraform.tfstate" # Path/key for this env’s state file - region = "us-west-2" # AWS region of the bucket - encrypt = true - dynamodb_table = "mycompany-terraform-locks" # DynamoDB table for locks (pre-created) - } -} diff --git a/terraform/efs.tf b/terraform/efs.tf deleted file mode 100644 index 36f1ec2..0000000 --- a/terraform/efs.tf +++ /dev/null @@ -1,69 +0,0 @@ -resource "aws_efs_file_system" "wordpress_efs" { - creation_token = "${var.cluster_name}-wordpress-efs" - performance_mode = "generalPurpose" - throughput_mode = "bursting" - - lifecycle_policy { - transition_to_ia = "AFTER_30_DAYS" # Enable Intelligent-Tiering - } - - lifecycle_policy { - transition_to_primary_storage_class = "AFTER_1_ACCESS" - } - - tags = { - Name = "${var.cluster_name}-wordpress-efs" - } -} - -# Security Group for EFS -resource "aws_security_group" "efs_sg" { - name = "${var.cluster_name}-efs-security-group" - description = "Allow EKS Nodes to Access EFS" - vpc_id = module.vpc_eks.vpc_id - - ingress { - from_port = 2049 - to_port = 2049 - protocol = "tcp" - cidr_blocks = [var.vpc_cidr] # Allow EKS Nodes - } - - tags = { - Name = "${var.cluster_name}-efs-security-group" - } -} - -# Create Mount Targets in Private Subnets -resource "aws_efs_mount_target" "efs_mount" { - count = length(module.vpc_eks.private_subnets) - - file_system_id = aws_efs_file_system.wordpress_efs.id - subnet_id = module.vpc_eks.private_subnets[count.index] - security_groups = [aws_security_group.efs_sg.id] -} - -# Create an EFS Access Point -resource "aws_efs_access_point" "wordpress_ap" { - file_system_id = aws_efs_file_system.wordpress_efs.id - - root_directory { - path = "/wordpress" - creation_info { - owner_uid = 1000 - owner_gid = 1000 - permissions = "755" - } - } - - posix_user { - uid = 1000 - gid = 1000 - } - - tags = { - Name = "${var.cluster_name}-wordpress-efs-ap" - } -} - - diff --git a/terraform/iam.tf b/terraform/iam.tf deleted file mode 100644 index 2f589f1..0000000 --- a/terraform/iam.tf +++ /dev/null @@ -1,55 +0,0 @@ -resource "aws_iam_role" "cluster" { - name = "${var.cluster_name}-eks-cluster-role" - - assume_role_policy = data.aws_iam_policy_document.cluster_role_assume_role_policy.json -} - -resource "aws_iam_role_policy_attachments_exclusive" "cluster" { - role_name = aws_iam_role.cluster.name - policy_arns = [ - "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", - "arn:aws:iam::aws:policy/AmazonEKSComputePolicy", - "arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy", - "arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy", - "arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy", - "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", - "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController" - ] -} - -data "aws_iam_policy_document" "cluster_role_assume_role_policy" { - statement { - actions = ["sts:AssumeRole", "sts:TagSession"] - - principals { - type = "Service" - identifiers = ["eks.amazonaws.com"] - } - } -} - -resource "aws_iam_role" "node" { - name = "${var.cluster_name}-eks-cluster-node" - assume_role_policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Action = ["sts:AssumeRole"] - Effect = "Allow" - Principal = { - Service = "ec2.amazonaws.com" - } - }, - ] - }) -} - -resource "aws_iam_role_policy_attachment" "node_AmazonEKSWorkerNodeMinimalPolicy" { - policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy" - role = aws_iam_role.node.name -} - -resource "aws_iam_role_policy_attachment" "node_AmazonEC2ContainerRegistryPullOnly" { - policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly" - role = aws_iam_role.node.name -} \ No newline at end of file diff --git a/terraform/main.tf b/terraform/main.tf deleted file mode 100644 index 60d767f..0000000 --- a/terraform/main.tf +++ /dev/null @@ -1,45 +0,0 @@ - - - -resource "aws_eks_cluster" "cluster" { - name = var.cluster_name - role_arn = aws_iam_role.cluster.arn - version = var.cluster_version - - vpc_config { - subnet_ids = module.vpc_eks.private_subnets - security_group_ids = [] - endpoint_private_access = "true" - endpoint_public_access = "true" - } - - access_config { - authentication_mode = "API" - bootstrap_cluster_creator_admin_permissions = true - } - - bootstrap_self_managed_addons = false - - zonal_shift_config { - enabled = true - } - - compute_config { - enabled = true - node_pools = var.eks_auto_node_pool - node_role_arn = aws_iam_role.node.arn - } - - kubernetes_network_config { - elastic_load_balancing { - enabled = true - } - } - - storage_config { - block_storage { - enabled = true - } - } -} - diff --git a/terraform/outputs.tf b/terraform/outputs.tf deleted file mode 100644 index 1a36c47..0000000 --- a/terraform/outputs.tf +++ /dev/null @@ -1,20 +0,0 @@ -# Output the EFS ID -output "efs_id" { - value = aws_efs_file_system.wordpress_efs.id -} - -output "efs_access_point_id" { - value = aws_efs_access_point.wordpress_ap.id -} - -output "efs_volume_handle" { - value = "${aws_efs_file_system.wordpress_efs.id}::${aws_efs_access_point.wordpress_ap.id}" -} - -output "aurora_endpoint" { - value = aws_rds_cluster.aurora.endpoint -} - -output "db_secret_arn" { - value = aws_secretsmanager_secret.db_secret.arn -} \ No newline at end of file diff --git a/terraform/provider.tf b/terraform/provider.tf deleted file mode 100644 index b37f0eb..0000000 --- a/terraform/provider.tf +++ /dev/null @@ -1,10 +0,0 @@ -provider "aws" { - region = var.aws_region -} - -terraform { - required_providers { - - } - required_version = ">= 1.3.0" -} \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf deleted file mode 100644 index 1c33473..0000000 --- a/terraform/variables.tf +++ /dev/null @@ -1,47 +0,0 @@ -variable "aws_region" { - description = "AWS Region" - type = string - default = "us-west-2" -} - -variable "cluster_name" { - description = "EKS cluster name" - type = string - default = "sandbox-vpc-eks-test" -} - -variable "cluster_version" { - description = "EKS cluster kubernetes version" - type = string - default = "1.32" -} - -variable "eks_auto_node_pool" { - description = "EKS Auto Mode Cluster Node Pool list" - type = list(string) - default = ["general-purpose", "system"] -} - -variable "vpc_cidr" { - description = "VPC CIDR block" - type = string - default = "10.20.0.0/19" -} - -variable "azs" { - description = "Availability zones" - type = list(string) - default = ["us-west-2a", "us-west-2b", "us-west-2c"] -} - -variable "private_subnets" { - description = "Private subnet CIDRs" - type = list(string) - default = ["10.20.0.0/21", "10.20.8.0/21", "10.20.16.0/21"] -} - -variable "public_subnets" { - description = "Public subnet CIDRs" - type = list(string) - default = ["10.20.24.0/23", "10.20.26.0/23", "10.20.28.0/23"] -} \ No newline at end of file diff --git a/terraform/vpc.tf b/terraform/vpc.tf deleted file mode 100644 index 818c2f4..0000000 --- a/terraform/vpc.tf +++ /dev/null @@ -1,41 +0,0 @@ -module "vpc_eks" { - source = "terraform-aws-modules/vpc/aws" - version = "5.18.1" - - name = "${var.cluster_name}-vpc" - - cidr = var.vpc_cidr - - azs = var.azs - private_subnets = var.private_subnets - public_subnets = var.public_subnets - - enable_nat_gateway = true - single_nat_gateway = true - one_nat_gateway_per_az = false - - - enable_vpn_gateway = true - - enable_dns_hostnames = true - enable_dns_support = true - - propagate_private_route_tables_vgw = true - propagate_public_route_tables_vgw = true - - private_subnet_tags = { - "kubernetes.io/role/internal-elb" = "1", - "mapPublicIpOnLaunch" = "FALSE" - "karpenter.sh/discovery" = var.cluster_name - "kubernetes.io/role/cni" = "1" - } - - public_subnet_tags = { - "kubernetes.io/role/elb" = "1", - "mapPublicIpOnLaunch" = "TRUE" - } - - tags = { - "kubernetes.io/cluster/${var.cluster_name}" = "shared" - } -} \ No newline at end of file