EKS managed kubernetes

add blue/green deployment and argocd

- use new eks module
- declarative deployments with argocd
- blue green envs
- prod env
- refactor userdata and remove hardcoded 
- network module and variables fix

eks/bootstrap/addons.yaml

@@ -0,0 +1,32 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: bootstrap-addons
+  namespace: argocd
+spec:
+  syncPolicy:
+    preserveResourcesOnDeletion: true
+  generators:
+    - clusters:
+        selector:
+          matchExpressions:
+            - key: akuity.io/argo-cd-cluster-name
+              operator: NotIn
+              values: [in-cluster]
+  template:
+    metadata:
+      name: 'bootstrap-addons'
+    spec:
+      project: default
+      source:
+        repoURL: '{{metadata.annotations.addons_repo_url}}'
+        path: '{{metadata.annotations.addons_repo_path}}'
+        targetRevision: '{{metadata.annotations.addons_repo_revision}}'
+        directory:
+          recurse: true
+          exclude: exclude/*
+      destination:
+        namespace: 'argocd'
+        name: '{{name}}'
+      syncPolicy:
+        automated: {}

eks/bootstrap/workloads.yaml

@@ -0,0 +1,67 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: bootstrap-workloads
+  namespace: argocd
+spec:
+  goTemplate: true
+  syncPolicy:
+    preserveResourcesOnDeletion: true
+  generators:
+    - matrix:
+        generators:
+          - clusters:
+              selector:
+                matchExpressions:
+                  - key: akuity.io/argo-cd-cluster-name
+                    operator: NotIn
+                    values:
+                      - in-cluster
+          - git:
+              repoURL: '{{.metadata.annotations.gitops_workloads_url}}'
+              revision: '{{.metadata.annotations.gitops_workloads_revision}}'
+              directories:
+                - path: '{{.metadata.annotations.gitops_workloads_path}}/*'
+  template:
+    metadata:
+      name: 'bootstrap-workloads-{{.name}}'
+    spec:
+      project: default
+      sources:
+        - repoURL: '{{.metadata.annotations.gitops_workloads_url}}'
+          targetRevision: '{{.metadata.annotations.gitops_workloads_revision}}'
+          ref: values
+          path: '{{.metadata.annotations.gitops_workloads_path}}'
+          helm:
+            releaseName: 'bootstrap-workloads-{{.name}}'
+            ignoreMissingValueFiles: true
+            values: |
+              "account": "{{.metadata.annotations.aws_account_id}}"
+              "clusterName": "{{.metadata.annotations.cluster_name}}"
+              "labels":
+                "env": "{{.metadata.annotations.env}}"
+              "region": "{{.metadata.annotations.aws_region}}"
+              "repoUrl": "{{.metadata.annotations.gitops_workloads_url}}"
+              "spec":
+                "source":
+                  "repoURL": "{{.metadata.annotations.gitops_workloads_url}}"
+                  "targetRevision": "{{.metadata.annotations.gitops_workloads_revision}}"
+                "blueprint": "terraform"
+                "clusterName": "{{.metadata.annotations.cluster_name}}"
+                "env": "{{.metadata.annotations.env}}"
+                "ingress":
+                  "route53_weight": {{default "0" .metadata.annotations.route53_weight}}
+                  "argocd_route53_weight": {{default "0" .metadata.annotations.argocd_route53_weight}}
+                  "ecsfrontend_route53_weight": {{default "0" .metadata.annotations.ecsfrontend_route53_weight}}
+                  "host": {{ default "" .metadata.annotations.eks_cluster_domain }}
+                  "type": "{{.metadata.annotations.ingress_type}}"
+                "karpenterInstanceProfile": "{{.metadata.annotations.karpenter_node_instance_profile_name}}"
+                "target_group_arn": {{ default "" .metadata.annotations.target_group_arn }}
+                "external_lb_url": {{ if index .metadata.annotations "external_lb_dns" }} http://{{ .metadata.annotations.external_lb_dns }}{{ else }}{{ end }}
+      destination:
+        name: '{{.name}}'
+      syncPolicy:
+        automated: {}
+        syncOptions:
+          - CreateNamespace=true
+          - ServerSideApply=true # Big CRDs.

eks/eks-blue/main.tf

@@ -0,0 +1,35 @@
+module "eks_cluster" {
+  source = "../modules/eks_cluster"
+
+  aws_region      = var.aws_region
+  service_name    = "blue"
+  cluster_version = "1.28"
+
+  argocd_route53_weight      = "100"
+  route53_weight             = "100"
+  ecsfrontend_route53_weight = "100"
+
+  environment_name    = var.environment_name
+  hosted_zone_name    = var.hosted_zone_name
+  eks_admin_role_name = var.eks_admin_role_name
+
+  aws_secret_manager_git_private_ssh_key_name = var.aws_secret_manager_git_private_ssh_key_name
+  argocd_secret_manager_name_suffix           = var.argocd_secret_manager_name_suffix
+  ingress_type                                = var.ingress_type
+
+  gitops_addons_org      = var.gitops_addons_org
+  gitops_addons_repo     = var.gitops_addons_repo
+  gitops_addons_basepath = var.gitops_addons_basepath
+  gitops_addons_path     = var.gitops_addons_path
+  gitops_addons_revision = var.gitops_addons_revision
+
+  gitops_workloads_org      = var.gitops_workloads_org
+  gitops_workloads_repo     = var.gitops_workloads_repo
+  gitops_workloads_revision = var.gitops_workloads_revision
+  gitops_workloads_path     = var.gitops_workloads_path
+
+  ########################### Node Group Values ###########################
+  # https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/examples/eks_managed_node_group/main.tf
+  ##########################################################################
+
+}

eks/eks-blue/outputs.tf

@@ -0,0 +1,30 @@
+output "eks_cluster_id" {
+  description = "The name of the EKS cluster."
+  value       = module.eks_cluster.eks_cluster_id
+}
+
+output "configure_kubectl" {
+  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
+  value       = module.eks_cluster.configure_kubectl
+}
+
+output "eks_platform_teams_configure_kubectl" {
+  description = "Configure kubectl for Platform Team: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
+  value       = module.eks_cluster.eks_platform_teams_configure_kubectl
+}
+
+output "eks_dev_teams_configure_kubectl" {
+  description = "Configure kubectl for each Dev Application Teams: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
+  value       = module.eks_cluster.eks_dev_teams_configure_kubectl
+}
+
+output "access_argocd" {
+  description = "ArgoCD Access"
+  value       = module.eks_cluster.access_argocd
+}
+
+output "gitops_metadata" {
+  description = "export gitops_metadata"
+  value       = module.eks_cluster.gitops_metadata
+  sensitive   = true
+}

eks/eks-blue/providers.tf

@@ -0,0 +1,50 @@
+terraform {
+  required_version = ">= 1.5.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.9.0"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.aws_region
+}
+
+provider "kubernetes" {
+  host                   = module.eks_cluster.eks_cluster_endpoint
+  cluster_ca_certificate = base64decode(module.eks_cluster.cluster_certificate_authority_data)
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    args        = ["eks", "get-token", "--cluster-name", module.eks_cluster.eks_cluster_id]
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = module.eks_cluster.eks_cluster_endpoint
+    cluster_ca_certificate = base64decode(module.eks_cluster.cluster_certificate_authority_data)
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      args        = ["eks", "get-token", "--cluster-name", module.eks_cluster.eks_cluster_id]
+    }
+  }
+}

eks/eks-blue/variables.tf

@@ -0,0 +1,149 @@
+variable "aws_region" {
+  description = "AWS Region"
+  type        = string
+  default     = "us-east-1"
+}
+
+variable "environment_name" {
+  description = "The name of Environment Infrastructure stack, feel free to rename it. Used for cluster and VPC names."
+  type        = string
+  default     = "subspace-prod"
+}
+
+variable "ingress_type" {
+  type        = string
+  description = "Type of ingress to uses (alb | nginx | ...). this parameter will be sent to arocd via gitops bridge"
+  default     = "alb"
+}
+
+variable "hosted_zone_name" {
+  type        = string
+  description = "Route53 domain for the cluster."
+  default     = ""
+}
+
+variable "eks_admin_role_name" {
+  type        = string
+  description = "Additional IAM role to be admin in the cluster"
+  default     = ""
+}
+
+variable "aws_secret_manager_git_private_ssh_key_name" {
+  type        = string
+  description = "Secret Manager secret name for hosting Github SSH-Key to Access private repository"
+  default     = "github-subspace-ssh-key"
+}
+
+variable "argocd_secret_manager_name_suffix" {
+  type        = string
+  description = "Name of secret manager secret for ArgoCD Admin UI Password"
+  default     = "argocd-admin-secret"
+}
+
+variable "gitops_addons_org" {
+  type        = string
+  description = "Git repository org/user contains for addons"
+  default     = "git@github.com:subspce"
+}
+variable "gitops_addons_repo" {
+  type        = string
+  description = "Git repository contains for addons"
+  default     = "infra"
+}
+variable "gitops_addons_basepath" {
+  type        = string
+  description = "Git repository base path for addons"
+  default     = "argocd/"
+}
+variable "gitops_addons_path" {
+  type        = string
+  description = "Git repository path for addons"
+  default     = "argocd/bootstrap/control-plane/addons"
+}
+variable "gitops_addons_revision" {
+  type        = string
+  description = "Git repository revision/branch/ref for addons"
+  default     = "HEAD"
+}
+
+variable "gitops_workloads_org" {
+  type        = string
+  description = "Git repository org/user contains for workloads"
+  default     = "git@github.com:subspace"
+}
+
+variable "gitops_workloads_repo" {
+  type        = string
+  description = "Git repository contains for workloads"
+  default     = "infra"
+}
+
+variable "gitops_workloads_path" {
+  type        = string
+  description = "Git repo path in workload_repo_url for the ArgoCD workload deployment"
+  default     = "envs/argo-cd/"
+}
+
+variable "gitops_workloads_revision" {
+  type        = string
+  description = "Git repo revision in workload_repo_url for the ArgoCD workload deployment"
+  default     = "main"
+}
+
+variable "resource_quota" {
+  description = "Resource quota settings for the Kubernetes namespace"
+  type = object({
+    hard = map(string)
+  })
+  default = {
+    hard = {
+      "requests.cpu"    = "100",
+      "requests.memory" = "20Gi",
+      "limits.cpu"      = "400",
+      "limits.memory"   = "32Gi",
+      "pods"            = "100",
+      "secrets"         = "10",
+      "services"        = "20"
+    }
+  }
+}
+
+variable "limit_range" {
+  description = "Limit range settings for Kubernetes"
+  type = object({
+    limit = list(object({
+      type    = string
+      max     = optional(map(string))
+      min     = optional(map(string))
+      default = optional(map(string))
+    }))
+  })
+  default = {
+    limit = [
+      {
+        type = "Pod"
+        max = {
+          cpu    = "2"
+          memory = "1Gi"
+        }
+        min = {
+          cpu    = "10m"
+          memory = "4Mi"
+        }
+      },
+      {
+        type = "PersistentVolumeClaim"
+        min = {
+          storage = "20G"
+        }
+      },
+      {
+        type = "Container"
+        default = {
+          cpu    = "50m"
+          memory = "24Mi"
+        }
+      }
+    ]
+  }
+}