Merge pull request #4 from OneideLuizSchneider/v1.0

V1.0
OneideLuizSchneider · Jul 4, 2022 · 018912a · 018912a
2 parents 05df7cd + 1f84b0f
commit 018912a
Show file tree

Hide file tree

Showing 5 changed files with 78 additions and 57 deletions.
diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml
@@ -1,51 +1,52 @@
-name: CI
-
-# Trigger when a pull request is received
-on:
-  pull_request:
-
-  # Allows you to run this workflow manually from the Actions tab
-  #workflow_dispatch:
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
-jobs:
-  terraform:
-    runs-on: ubuntu-latest
-    env:
-      working-directory: terraform
-      TF_WORKSPACE: my-workspace
-    steps:
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ secrets.AWS_REGION }}
-
-      - name: Check out code
-        uses: actions/checkout@v2
-
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v1
-        with:
-          terraform_version: 0.14.6
-
-      - name: Terraform Fmt
-        id: fmt
-        run: cd terraform && terraform fmt -check -diff
-        continue-on-error: true
-
-      - name: Terraform Init
-        id: init
-        run: cd terraform && terraform init
-        continue-on-error: true
-
-      - name: Terraform Validate
-        id: validate
-        run: cd terraform && terraform validate -no-color
-        continue-on-error: true
-
-      - name: Terraform Plan
-        id: plan
-        run: cd terraform && terraform plan -no-color
-        continue-on-error: true
+#name: CI
+#
+## Trigger when a pull request is received
+#on:
+#  pull_request:
+#
+#  # Allows you to run this workflow manually from the Actions tab
+#  #workflow_dispatch:
+#
+## A workflow run is made up of one or more jobs that can run sequentially or in parallel
+#jobs:
+#  terraform:
+#    runs-on: ubuntu-latest
+#    env:
+#      working-directory: terraform
+#      TF_WORKSPACE: my-workspace
+#    steps:
+#      - name: Configure AWS Credentials
+#        uses: aws-actions/configure-aws-credentials@v1
+#        with:
+#          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+#          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+#          aws-region: ${{ secrets.AWS_REGION }}
+#
+#      - name: Check out code
+#        uses: actions/checkout@v2
+#    
+#      - name: Setup Terraform
+#        uses: hashicorp/setup-terraform@v1
+#        with:
+#          terraform_version: 0.14.6
+#
+#      - name: Terraform Fmt
+#        id: fmt
+#        run: cd terraform && terraform fmt -check -diff
+#        continue-on-error: true
+#
+#      - name: Terraform Init
+#        id: init
+#        run: cd terraform && terraform init
+#        continue-on-error: true
+#
+#      - name: Terraform Validate
+#        id: validate
+#        run: cd terraform && terraform validate -no-color
+#        continue-on-error: true
+#
+#      - name: Terraform Plan
+#        id: plan
+#        run: cd terraform && terraform plan -no-color
+#        continue-on-error: true
+#
diff --git a/terraform/iam-roles-node-groups.tf b/terraform/iam-roles-node-groups.tf
@@ -28,6 +28,16 @@ resource "aws_iam_role_policy_attachment" "node-group-AmazonEC2ContainerRegistry
   role       = aws_iam_role.node-group.name
 }
 
+resource "aws_iam_role_policy_attachment" "node-group-AmazonSSMManagedInstanceCore" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  role       = aws_iam_role.node-group.name
+}
+
+resource "aws_iam_role_policy_attachment" "node-group-CloudWatchAgentServerPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"
+  role       = aws_iam_role.node-group.name
+}
+
 resource "aws_iam_role_policy" "node-group-ClusterAutoscalerPolicy" {
   name = "eks-cluster-auto-scaler"
   role = aws_iam_role.node-group.id

diff --git a/terraform/node-group.tf b/terraform/node-group.tf
@@ -19,7 +19,9 @@ resource "aws_eks_node_group" "private" {
   depends_on = [
     aws_iam_role_policy_attachment.node-group-AmazonEKSWorkerNodePolicy,
     aws_iam_role_policy_attachment.node-group-AmazonEKS_CNI_Policy,
-    aws_iam_role_policy_attachment.node-group-AmazonEC2ContainerRegistryReadOnly
+    aws_iam_role_policy_attachment.node-group-AmazonEC2ContainerRegistryReadOnly,
+    aws_iam_role_policy_attachment.node-group-AmazonSSMManagedInstanceCore,
+    aws_iam_role_policy_attachment.node-group-CloudWatchAgentServerPolicy
   ]
 
   tags = {

diff --git a/terraform/main.tf → terraform/provider.tf b/terraform/main.tf → terraform/provider.tf
@@ -1,5 +1,8 @@
 provider "aws" {
+  version = "~> 3.37"
+
   region  = local.region
   access_key = local.access_key
   secret_key = local.secret_key
+
 }
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -4,12 +4,17 @@ terraform {
 
 variable "env" {
   type = string
-  default = "hml"
+  default = "staging"
+}
+
+variable "cluster_version" {
+  type = string
+  default = "v2"
 }
 
 variable "eks_cluster_name" {
   type = string
-  default = "eks-cluster-v2"
+  default = "eks-cluster-name"
 }
 
 locals{
@@ -21,11 +26,11 @@ locals{
     subnets = ["..."]
     internal_ip_range = "0.0.0.0/0"
 
-    eks_version = "..."
-    cluster_name = var.eks_cluster_name      
+    eks_version = "1.22"
+    cluster_name = "${var.eks_cluster_name}-${var.env}-${var.cluster_version}"     
     cluster_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
     asg_desired_capacity = 1
-    asg_max_size = 3
+    asg_max_size = 2
     asg_min_size = 1
     instance_type = ["..."]
 }