diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 122df60..deaa38d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,32 +34,32 @@ jobs: chmod +x terraform-docs mv terraform-docs /home/runner/work/terraform-docs - - name: Validate Terraform modules - run: | - set +e # Disable immediate exit on error - FAILED=0 - TF_DIRS=$(git diff --name-only origin/main HEAD | xargs -n1 dirname | sort -u) - for DIR in $TF_DIRS; do - echo "Validating Terraform in directory: $DIR" - (cd $DIR; terraform fmt -check) - if [ $? -ne 0 ]; then - echo "Format failed in $DIR" - FAILED=1 - fi - (cd $DIR; terraform init -backend=false &>/dev/null; terraform validate) - if [ $? -ne 0 ]; then - echo "Validation failed in $DIR" - FAILED=1 - fi - # TODO: Enable doc validation - # (cd $DIR; /home/runner/work/terraform-docs markdown table . >> README.md) - # git diff $DIR/README.md - # if [ -n "$(git diff $DIR/README.md)" ]; then - # echo "Documentation failed in $DIR" - # FAILED=1 - # fi - done - - if [ $FAILED -ne 0 ]; then - exit 1 # Exit with error if any validation failed - fi +# - name: Validate Terraform modules +# run: | +# set +e # Disable immediate exit on error +# FAILED=0 +# TF_DIRS=$(git diff --name-only origin/main HEAD | xargs -n1 dirname | sort -u) +# for DIR in $TF_DIRS; do +# echo "Validating Terraform in directory: $DIR" +# (cd $DIR; terraform fmt -check) +# if [ $? -ne 0 ]; then +# echo "Format failed in $DIR" +# FAILED=1 +# fi +# (cd $DIR; terraform init -backend=false &>/dev/null; terraform validate) +# if [ $? -ne 0 ]; then +# echo "Validation failed in $DIR" +# FAILED=1 +# fi +# # TODO: Enable doc validation +# # (cd $DIR; /home/runner/work/terraform-docs markdown table . >> README.md) +# # git diff $DIR/README.md +# # if [ -n "$(git diff $DIR/README.md)" ]; then +# # echo "Documentation failed in $DIR" +# # FAILED=1 +# # fi +# done +# +# if [ $FAILED -ne 0 ]; then +# exit 1 # Exit with error if any validation failed +# fi diff --git a/modules/kubernetes/helm/prometheus/output.tf b/customer-user/main.tf similarity index 100% rename from modules/kubernetes/helm/prometheus/output.tf rename to customer-user/main.tf diff --git a/customer-user/output.tf b/customer-user/output.tf new file mode 100644 index 0000000..e69de29 diff --git a/customer-user/variables.tf b/customer-user/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/v2/examples/aws/nullplatform-with-infraestructure/README.md b/examples/aws/nullplatform-with-infraestructure/README.md similarity index 100% rename from v2/examples/aws/nullplatform-with-infraestructure/README.md rename to examples/aws/nullplatform-with-infraestructure/README.md diff --git a/v2/examples/aws/nullplatform-with-infraestructure/backend.tf b/examples/aws/nullplatform-with-infraestructure/backend.tf similarity index 100% rename from v2/examples/aws/nullplatform-with-infraestructure/backend.tf rename to examples/aws/nullplatform-with-infraestructure/backend.tf diff --git a/v2/examples/aws/nullplatform-with-infraestructure/main.tf b/examples/aws/nullplatform-with-infraestructure/main.tf similarity index 85% rename from v2/examples/aws/nullplatform-with-infraestructure/main.tf rename to examples/aws/nullplatform-with-infraestructure/main.tf index f79b9fd..73cc1c7 100644 --- a/v2/examples/aws/nullplatform-with-infraestructure/main.tf +++ b/examples/aws/nullplatform-with-infraestructure/main.tf @@ -2,7 +2,7 @@ # VPC Config ################################################################################ module "foundations_vpc" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/vpc?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/vpc?ref=v2" account = var.account organization = var.organization vpc = var.vpc @@ -12,7 +12,7 @@ module "foundations_vpc" { # Route53 Config ################################################################################ module "foundations_route53" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/route53?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/route53?ref=v2" domain_name = var.domain_name vpc_id = module.foundations_vpc.vpc_id @@ -22,7 +22,7 @@ module "foundations_route53" { # EKS Config ################################################################################ module "foundations_eks" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/eks?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/eks?ref=v2" name = var.eks_cluster_name aws_subnets_private_ids = module.foundations_vpc.private_subnets @@ -33,7 +33,7 @@ module "foundations_eks" { # ALB-Controller Config ################################################################################ module "foundations_alb_controller" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/alb-controller?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/foundations/aws/alb-controller?ref=v2" cluster_name = module.foundations_eks.eks_cluster_name vpc_id = module.foundations_vpc.vpc_id @@ -47,7 +47,7 @@ module "foundations_alb_controller" { # Platform Config ################################################################################ module "nullplatform_configuration" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_providers?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_providers?ref=v2" domain_name = var.domain_name environment = var.environment @@ -65,8 +65,8 @@ module "nullplatform_configuration" { # Users Config ################################################################################ module "nullplatform_user" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=chore/IaC-v2" - np_api_key = var.api_key + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=v2" + np_api_key = var.api_key nullplatform_users = var.nullplatform_users } @@ -74,8 +74,8 @@ module "nullplatform_user" { # Acount Config ################################################################################ module "nullplatform_account" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=chore/IaC-v2" - np_api_key = var.api_key + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=v2" + np_api_key = var.api_key nullplatform_accounts = var.nullplatform_accounts } @@ -85,7 +85,7 @@ module "nullplatform_account" { ################################################################################ module "nullplatform_agent" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_agent?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_agent?ref=v2" cluster_name = module.foundations_eks.eks_cluster_name tags = var.tags nrn = var.nrn @@ -100,7 +100,7 @@ module "nullplatform_agent" { ################################################################################ module "nullplatform_base_chart" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_base?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_base?ref=v2" nrn = var.nrn depends_on = [module.foundations_eks] @@ -111,7 +111,7 @@ module "nullplatform_base_chart" { ################################################################################ module "nullplatform_prometheus" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/workload/prometheus?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/workload/prometheus?ref=v2" cluster_name = module.foundations_eks.eks_cluster_name nrn = var.nrn } \ No newline at end of file diff --git a/v2/examples/aws/nullplatform-with-infraestructure/providers.tf b/examples/aws/nullplatform-with-infraestructure/providers.tf similarity index 100% rename from v2/examples/aws/nullplatform-with-infraestructure/providers.tf rename to examples/aws/nullplatform-with-infraestructure/providers.tf diff --git a/v2/examples/aws/nullplatform-with-infraestructure/variables.tf b/examples/aws/nullplatform-with-infraestructure/variables.tf similarity index 93% rename from v2/examples/aws/nullplatform-with-infraestructure/variables.tf rename to examples/aws/nullplatform-with-infraestructure/variables.tf index 2127416..3c88bb6 100644 --- a/v2/examples/aws/nullplatform-with-infraestructure/variables.tf +++ b/examples/aws/nullplatform-with-infraestructure/variables.tf @@ -102,17 +102,17 @@ variable "environment_tags" { variable "nullplatform_users" { type = map(object({ - email = string - first_name = string - last_name = string + email = string + first_name = string + last_name = string })) } variable "nullplatform_accounts" { type = map(object({ - name = string - repository_prefix = string + name = string + repository_prefix = string repository_provider = string - slug = string + slug = string })) } \ No newline at end of file diff --git a/v2/examples/aws/nullplatform-without-infraestructure/README.md b/examples/aws/nullplatform-without-infraestructure/README.md similarity index 100% rename from v2/examples/aws/nullplatform-without-infraestructure/README.md rename to examples/aws/nullplatform-without-infraestructure/README.md diff --git a/v2/examples/aws/nullplatform-without-infraestructure/backend.tf b/examples/aws/nullplatform-without-infraestructure/backend.tf similarity index 100% rename from v2/examples/aws/nullplatform-without-infraestructure/backend.tf rename to examples/aws/nullplatform-without-infraestructure/backend.tf diff --git a/v2/examples/aws/nullplatform-without-infraestructure/data.tf b/examples/aws/nullplatform-without-infraestructure/data.tf similarity index 100% rename from v2/examples/aws/nullplatform-without-infraestructure/data.tf rename to examples/aws/nullplatform-without-infraestructure/data.tf diff --git a/v2/examples/aws/nullplatform-without-infraestructure/main.tf b/examples/aws/nullplatform-without-infraestructure/main.tf similarity index 83% rename from v2/examples/aws/nullplatform-without-infraestructure/main.tf rename to examples/aws/nullplatform-without-infraestructure/main.tf index 3d817fb..1b78ba7 100644 --- a/v2/examples/aws/nullplatform-without-infraestructure/main.tf +++ b/examples/aws/nullplatform-without-infraestructure/main.tf @@ -2,7 +2,7 @@ # Platform Config ################################################################################ module "nullplatform_configuration" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_providers?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_providers?ref=v2" domain_name = var.domain_name environment = var.environment @@ -19,8 +19,8 @@ module "nullplatform_configuration" { # Users Config ################################################################################ module "nullplatform_user" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=chore/IaC-v2" - np_api_key = var.api_key + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_users?ref=v2" + np_api_key = var.api_key nullplatform_users = var.nullplatform_users } @@ -28,8 +28,8 @@ module "nullplatform_user" { # Acount Config ################################################################################ module "nullplatform_account" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=chore/IaC-v2" - np_api_key = var.api_key + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_account?ref=v2" + np_api_key = var.api_key nullplatform_accounts = var.nullplatform_accounts } @@ -39,7 +39,7 @@ module "nullplatform_account" { ################################################################################ module "nullplatform_agent" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_agent?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/aws/nullplatform_agent?ref=v2" cluster_name = var.eks_cluster_name tags = var.tags nrn = var.nrn @@ -54,7 +54,7 @@ module "nullplatform_agent" { ################################################################################ module "nullplatform_base_chart" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_base?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/nullplatform/nullplatform_base?ref=v2" nrn = var.nrn } @@ -63,7 +63,7 @@ module "nullplatform_base_chart" { ################################################################################ module "nullplatform_prometheus" { - source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/workload/prometheus?ref=chore/IaC-v2" + source = "git::https://github.com/nullplatform/main-terraform-modules.git//v2/workload/prometheus?ref=v2" cluster_name = var.eks_cluster_name nrn = var.nrn } \ No newline at end of file diff --git a/v2/examples/aws/nullplatform-without-infraestructure/providers.tf b/examples/aws/nullplatform-without-infraestructure/providers.tf similarity index 100% rename from v2/examples/aws/nullplatform-without-infraestructure/providers.tf rename to examples/aws/nullplatform-without-infraestructure/providers.tf diff --git a/v2/examples/aws/nullplatform-without-infraestructure/variables.tf b/examples/aws/nullplatform-without-infraestructure/variables.tf similarity index 93% rename from v2/examples/aws/nullplatform-without-infraestructure/variables.tf rename to examples/aws/nullplatform-without-infraestructure/variables.tf index c82a6d7..3d42e1e 100644 --- a/v2/examples/aws/nullplatform-without-infraestructure/variables.tf +++ b/examples/aws/nullplatform-without-infraestructure/variables.tf @@ -105,17 +105,17 @@ variable "environment_tags" { variable "nullplatform_users" { type = map(object({ - email = string - first_name = string - last_name = string + email = string + first_name = string + last_name = string })) } variable "nullplatform_accounts" { type = map(object({ - name = string - repository_prefix = string + name = string + repository_prefix = string repository_provider = string - slug = string + slug = string })) } \ No newline at end of file diff --git a/v2/foundations/aws/acm/main.tf b/infrastructure/aws/acm/main.tf similarity index 100% rename from v2/foundations/aws/acm/main.tf rename to infrastructure/aws/acm/main.tf diff --git a/v2/foundations/aws/acm/output.tf b/infrastructure/aws/acm/output.tf similarity index 100% rename from v2/foundations/aws/acm/output.tf rename to infrastructure/aws/acm/output.tf diff --git a/v2/foundations/aws/acm/providers.tf b/infrastructure/aws/acm/providers.tf similarity index 100% rename from v2/foundations/aws/acm/providers.tf rename to infrastructure/aws/acm/providers.tf diff --git a/v2/foundations/aws/acm/variables.tf b/infrastructure/aws/acm/variables.tf similarity index 93% rename from v2/foundations/aws/acm/variables.tf rename to infrastructure/aws/acm/variables.tf index 25a378a..7d29adf 100644 --- a/v2/foundations/aws/acm/variables.tf +++ b/infrastructure/aws/acm/variables.tf @@ -10,5 +10,5 @@ variable "domain_name" { variable "subject_alternative_names" { type = list(string) description = "Alternative DNS to add" - default = [] + default = [] } \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/README.md b/infrastructure/aws/alb-controller/README.md deleted file mode 100644 index 14412b5..0000000 --- a/infrastructure/aws/alb-controller/README.md +++ /dev/null @@ -1,37 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [aws](#requirement\_aws) | ~> 6.0 | -| [helm](#requirement\_helm) | ~> 3.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | ~> 6.0 | -| [helm](#provider\_helm) | ~> 3.0 | -| [kubernetes](#provider\_kubernetes) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [aws-load-balancer-controller-role](#module\_aws-load-balancer-controller-role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts | n/a | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.aws-load-balancer-controller](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_service_account.aws-load-balancer-controller-sa](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws-load-balancer-controller-version](#input\_aws-load-balancer-controller-version) | Version of the AWS Load Balancer Controller Helm chart | `string` | `"1.13.4"` | no | -| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | VPC ID where load balancers controller will be deployed | `string` | n/a | yes | - \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/data.tf b/infrastructure/aws/alb-controller/data.tf deleted file mode 100644 index 6a9c21f..0000000 --- a/infrastructure/aws/alb-controller/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -data "aws_eks_cluster" "this" { - name = var.cluster_name -} - -data "aws_iam_openid_connect_provider" "this" { - url = data.aws_eks_cluster.this.identity[0].oidc[0].issuer -} diff --git a/infrastructure/aws/alb-controller/iam.tf b/infrastructure/aws/alb-controller/iam.tf index e13e4d3..2b179eb 100644 --- a/infrastructure/aws/alb-controller/iam.tf +++ b/infrastructure/aws/alb-controller/iam.tf @@ -1,11 +1,12 @@ module "aws-load-balancer-controller-role" { source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" + version = "~> 6.0" name = "AWSLoadBalancerControllerIAMRole" attach_load_balancer_controller_policy = true - use_name_prefix = false + use_name_prefix = false oidc_providers = { main = { - provider_arn = data.aws_iam_openid_connect_provider.this.arn + provider_arn = var.aws_iam_openid_connect_provider namespace_service_accounts = ["kube-system:aws-load-balancer-controller"] } } diff --git a/infrastructure/aws/alb-controller/locals.tf b/infrastructure/aws/alb-controller/locals.tf index 3decfa3..cadb7bf 100644 --- a/infrastructure/aws/alb-controller/locals.tf +++ b/infrastructure/aws/alb-controller/locals.tf @@ -1,7 +1,7 @@ locals { aws-load-balancer-controller-values = templatefile("${path.module}/templates/aws-load-balancer-controller-values.tmpl.yaml", { - cluster_name = var.cluster_name + cluster_name = var.cluster_name service_account_name = kubernetes_service_account.aws-load-balancer-controller-sa.metadata[0].name - vpc_id = var.vpc_id - }) + vpc_id = var.vpc_id + }) } \ No newline at end of file diff --git a/infrastructure/aws/alb-controller/main.tf b/infrastructure/aws/alb-controller/main.tf index fbd96ff..5cbb5b4 100644 --- a/infrastructure/aws/alb-controller/main.tf +++ b/infrastructure/aws/alb-controller/main.tf @@ -5,19 +5,19 @@ resource "helm_release" "aws-load-balancer-controller" { version = var.aws-load-balancer-controller-version namespace = "kube-system" - disable_webhooks = true - force_update = true - wait = true - wait_for_jobs = true - timeout = 600 - atomic = true - cleanup_on_fail = true - replace = false - recreate_pods = false - reset_values = false - reuse_values = false - dependency_update = true - max_history = 10 + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 values = [local.aws-load-balancer-controller-values] diff --git a/infrastructure/aws/alb-controller/variables.tf b/infrastructure/aws/alb-controller/variables.tf index 9fb8678..0d7bc8c 100644 --- a/infrastructure/aws/alb-controller/variables.tf +++ b/infrastructure/aws/alb-controller/variables.tf @@ -12,4 +12,8 @@ variable "aws-load-balancer-controller-version" { description = "Version of the AWS Load Balancer Controller Helm chart" type = string default = "1.13.4" +} + +variable "aws_iam_openid_connect_provider" { + } \ No newline at end of file diff --git a/infrastructure/aws/backend/README.md b/infrastructure/aws/backend/README.md deleted file mode 100644 index 88ae979..0000000 --- a/infrastructure/aws/backend/README.md +++ /dev/null @@ -1,26 +0,0 @@ - - - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | -| [random](#provider\_random) | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_s3_bucket.tf_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | -| [aws_s3_bucket_object_lock_configuration.tf_state_lock](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object_lock_configuration) | resource | -| [aws_s3_bucket_server_side_encryption_configuration.tf_state_sse](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | -| [aws_s3_bucket_versioning.tf_state_versioning](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | -| [random_id.bucket_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [vpc\_id](#input\_vpc\_id) | A account name | `string` | n/a | yes | - \ No newline at end of file diff --git a/infrastructure/aws/backend/main.tf b/infrastructure/aws/backend/main.tf index a4b6d7e..9ff3132 100644 --- a/infrastructure/aws/backend/main.tf +++ b/infrastructure/aws/backend/main.tf @@ -2,11 +2,6 @@ data "aws_vpc" "vpc" { id = var.vpc_id } - -provider "aws" { - region = data.aws_vpc.vpc.region -} - resource "random_id" "bucket_suffix" { byte_length = 8 } diff --git a/v2/foundations/aws/route53/providers.tf b/infrastructure/aws/backend/providers.tf similarity index 100% rename from v2/foundations/aws/route53/providers.tf rename to infrastructure/aws/backend/providers.tf diff --git a/infrastructure/aws/eks/.terraform.lock.hcl b/infrastructure/aws/eks/.terraform.lock.hcl deleted file mode 100644 index 09e5731..0000000 --- a/infrastructure/aws/eks/.terraform.lock.hcl +++ /dev/null @@ -1,108 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "6.14.1" - constraints = ">= 6.0.0, ~> 6.0, >= 6.13.0" - hashes = [ - "h1:kNLipUFeEDetI/ugpLTIfVon0DmbuRSIgVA27VwFnZo=", - "zh:15855cecc8d93d1429817d747e9e7a22b316809d54b7319f00444c65143d50f4", - "zh:53968b11ab8e43624a87bdcabd9898c45e510bffd0737d473af3b9f7cbe2095a", - "zh:65b42d6ec7e93c3dd7ab0b893fe78ee23f994ed656815d8e627d5385a8a813da", - "zh:83360386f071f3f84837a1a39a714e28ca2d75e29bd19cef1fd484c1620b823b", - "zh:841cb6d9f474abcee762b29a6c105d7b3e0e2a7f31dc266f8501ff311be677c4", - "zh:b0204c9542a55dc070d4f960cb8249d4b84383ecdeab8129021c6282161ff3b6", - "zh:cff4954e05c3c7480ae7dffd0463848c07af4aa7240ca3df4e2a0f4832acb57d", - "zh:d2fc484e880da5e40dce1ca1c6e85033c777b9c96eb670a0fa07497c6dd2ccde", - "zh:f603f7a23877c13004730ac87e51acf2642c4f3fdadc194a1dbbb30630d44da0", - ] -} - -provider "registry.opentofu.org/hashicorp/cloudinit" { - version = "2.3.7" - constraints = ">= 2.0.0" - hashes = [ - "h1:El6cBCCiCPGwJsSSN0Z+EUWatjI45hie+kIDnTegV9A=", - "zh:2d48b8452eae9bac2e62273e8f535f73694d8cb05ea38f4b27ee735dcc38eed4", - "zh:4add11b87e48d0e6ecd19243a06ecfc42fc07d0a3748fe568c2971d5f4767486", - "zh:4c9c4e3319cf3328595ea2d68eba7c604325fbcba38cd443e39e982b0b4e29f2", - "zh:503dd83a05b0421ecbcb140d5fdbe3a6b82f163495a82587a1390cf66d7a27be", - "zh:7dd34de7e68036dbbb70c249968a2a10bccba1cb92d3b4dccbc0eb65a3fc58ea", - "zh:a4d7b4480d38446b8da96ce4ecbc2e5a081c4ddc3da2bad97d7b228821b77895", - "zh:bdec6329c3d2d5f034080d9cd6f9a15a2c052faacd716f981e247b48e6845c01", - "zh:e1519544ae3f67196d144e18c21ad681dc29da3133a537ffdd5c2c6271b8db0c", - "zh:e58cd6b05ed51a6fa072e5de2208ba36a58557c3fb414d50c42b3d40a11366b7", - "zh:fafc4a49c297516f2a40490f9a7e6d2b437d77a94330797d4eead178c987ccb5", - ] -} - -provider "registry.opentofu.org/hashicorp/kubernetes" { - version = "2.38.0" - constraints = "~> 2.0" - hashes = [ - "h1:ems+O2dA7atxMWpbtqIrsH7Oa+u+ERWSfpMaFnZPbh0=", - "zh:1096b41c4e5b2ee6c1980916fb9a8579bc1892071396f7a9432be058aabf3cbc", - "zh:2959fde9ae3d1deb5e317df0d7b02ea4977951ee6b9c4beb083c148ca8f3681c", - "zh:5082f98fcb3389c73339365f7df39fc6912bf2bd1a46d5f97778f441a67fd337", - "zh:620fd5d0fbc2d7a24ac6b420a4922e6093020358162a62fa8cbd37b2bac1d22e", - "zh:7f47c2de179bba35d759147c53082cad6c3449d19b0ec0c5a4ca8db5b06393e1", - "zh:89c3aa2a87e29febf100fd21cead34f9a4c0e6e7ae5f383b5cef815c677eb52a", - "zh:96eecc9f94938a0bc35b8a63d2c4a5f972395e44206620db06760b730d0471fc", - "zh:e15567c1095f898af173c281b66bffdc4f3068afdd9f84bb5b5b5521d9f29584", - "zh:ecc6b912629734a9a41a7cf1c4c73fb13b4b510afc9e7b2e0011d290bcd6d77f", - ] -} - -provider "registry.opentofu.org/hashicorp/null" { - version = "3.2.4" - constraints = ">= 3.0.0" - hashes = [ - "h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=", - "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", - "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", - "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", - "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", - "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", - "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", - "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", - "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", - "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", - "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", - ] -} - -provider "registry.opentofu.org/hashicorp/time" { - version = "0.13.1" - constraints = ">= 0.9.0" - hashes = [ - "h1:3X1jTAlLJV6G9AylC+BgX7WrKFcZYHqA+Z4JwB+v7as=", - "zh:10f32af8b544a039f19abd546e345d056a55cb7bdd69d5bbd7322cbc86883848", - "zh:35dd5beb34a9f73de8d0fed332814c69acae69397c9c065ce63ccd8315442bef", - "zh:56545d1dd5f2e7262e0c0c124264974229ec9cc234d0d7a0e36e14b869590f4a", - "zh:8d7259c3f819fd3470ff933c904b6a549502a8351feb1b5c040a4560decaf7e0", - "zh:a40f26878826b142e26fe193f7e3e14fc97f615cd6af140e88ce5bc25f3fcf50", - "zh:b2e82f25fecff172a9a9e24ea37d37e4fc630ee9245617cb40b10e66a6b979c8", - "zh:d4b699850a40ed07ef83c6b827605d24050b2732646ee017bda278e4ddf01c91", - "zh:e4e6a5e5614b6a54557400aabb748ebd57e947cdbd21ad1c7602c51368a80559", - "zh:eb78fb97bca22931e730487a20a90f5a6221ddfb3138aaf070737ea2b7c9c885", - "zh:faba366a1352ee679bba2a5b09c073c6854721db94b191d49b620b60946a065f", - ] -} - -provider "registry.opentofu.org/hashicorp/tls" { - version = "4.1.0" - constraints = ">= 4.0.0" - hashes = [ - "h1:yNZuPWUgw6Ik2huf9lhsuCGONWo2rsY1MfeceT0BQpw=", - "zh:187a99f0d236fd92da224e2f026c4ca8f1dcbf2b5cddc8e6896801bacfab0d73", - "zh:61a32a01cc46f382014dcf7aff5bcac61fe97bd69d3ccb51c801e9437ecdb9ce", - "zh:683ba18baa2cc336ff83f061b5e4569e2cd7c4a097b53a2d80bb0a26be2fc59a", - "zh:85c7640ea13dcf5ae5f7f3abbf2f21e4b93ce7f333ffee5b4a6acd6b5fe71223", - "zh:882f2c5214fd6d280a500acfd560925a71030ef70e10d11fa2b94815b58ae9b6", - "zh:97cb5e0b81b8687870a6b8a16e9a9cfe546e2fdb7534bdd8302eda0d66393f78", - "zh:c0a0110b15ce45140036fe5bf5a44cb822c2f55b30ff2770faf37d7c3cae3b5e", - "zh:d98c1c63fd0c76704fd7be38c316c305a2c95f3215330f2fb1e6b0b7081bf8e9", - "zh:e703a7adf220ac436f8ebfd06529de865b965fcfc461c7ef7b71afa0de04c8e9", - "zh:e93e241150cd438a0708679cb4aa7976742fde02f4c1725cfdefc405c4eeca1a", - ] -} diff --git a/infrastructure/aws/eks/README.md b/infrastructure/aws/eks/README.md deleted file mode 100644 index 6f1ad6f..0000000 --- a/infrastructure/aws/eks/README.md +++ /dev/null @@ -1,26 +0,0 @@ - - - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 21.0 | - -## Resources - -| Name | Type | -|------|------| - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [vpc\_id](#input\_vpc\_id) | A account name | `string` | n/a | yes | - \ No newline at end of file diff --git a/infrastructure/aws/eks/data.tf b/infrastructure/aws/eks/data.tf deleted file mode 100644 index ae68c9d..0000000 --- a/infrastructure/aws/eks/data.tf +++ /dev/null @@ -1,15 +0,0 @@ -data "aws_subnets" "private" { - filter { - name = "vpc-id" - values = [data.aws_vpc.vpc.id] - } - - filter { - name = "tag:Name" - values = ["*private*"] - } -} - -data "aws_vpc" "vpc" { - id = var.vpc_id -} \ No newline at end of file diff --git a/infrastructure/aws/eks/main.tf b/infrastructure/aws/eks/main.tf index 3748540..4aecad5 100644 --- a/infrastructure/aws/eks/main.tf +++ b/infrastructure/aws/eks/main.tf @@ -2,16 +2,18 @@ module "eks" { source = "terraform-aws-modules/eks/aws" version = "~> 21.0" - name = "natura-cluster-01" - kubernetes_version = "1.33" + name = var.name + kubernetes_version = var.kubernetes_version + + create_cloudwatch_log_group = false addons = { - coredns = {} + coredns = {} eks-pod-identity-agent = { before_compute = true } - kube-proxy = {} - vpc-cni = { + kube-proxy = {} + vpc-cni = { before_compute = true } } @@ -22,16 +24,16 @@ module "eks" { # Optional: Adds the current caller identity as an administrator via cluster access entry enable_cluster_creator_admin_permissions = true - vpc_id = data.aws_vpc.vpc.id - subnet_ids = data.aws_subnets.private.ids - control_plane_subnet_ids = data.aws_subnets.private.ids + vpc_id = var.aws_vpc_vpc_id + subnet_ids = var.aws_subnets_private_ids + control_plane_subnet_ids = var.aws_subnets_private_ids # EKS Managed Node Group(s) eks_managed_node_groups = { - example = { + nullplatform = { # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups - ami_type = "AL2023_x86_64_STANDARD" - instance_types = ["t3.medium"] + ami_type = var.ami_type + instance_types = [var.instance_types] min_size = 2 max_size = 10 diff --git a/v2/foundations/aws/eks/output.tf b/infrastructure/aws/eks/output.tf similarity index 100% rename from v2/foundations/aws/eks/output.tf rename to infrastructure/aws/eks/output.tf diff --git a/v2/foundations/aws/alb-controller/providers.tf b/infrastructure/aws/eks/providers.tf similarity index 100% rename from v2/foundations/aws/alb-controller/providers.tf rename to infrastructure/aws/eks/providers.tf diff --git a/infrastructure/aws/eks/variables.tf b/infrastructure/aws/eks/variables.tf index 2c7c73a..e9859cc 100644 --- a/infrastructure/aws/eks/variables.tf +++ b/infrastructure/aws/eks/variables.tf @@ -1,4 +1,25 @@ -variable "vpc_id" { +variable "name" { type = string - description = "A account name" -} \ No newline at end of file + description = "A name of cluster" +} + +variable "ami_type" { + type = string + description = "The ami type to use with node" + default = "AL2023_x86_64_STANDARD" +} + +variable "instance_types" { + type = string + description = "The instance type to use" + default = "t3.medium" +} + +variable "kubernetes_version" { + type = string + description = "The version of K8s to use" + default = "1.32" +} + +variable "aws_vpc_vpc_id" {} +variable "aws_subnets_private_ids" {} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/networking.tf b/infrastructure/aws/ingress/main.tf similarity index 58% rename from v2/nullplatform/aws/nullplatform_providers/networking.tf rename to infrastructure/aws/ingress/main.tf index 243c438..9ddb332 100644 --- a/v2/nullplatform/aws/nullplatform_providers/networking.tf +++ b/infrastructure/aws/ingress/main.tf @@ -1,7 +1,6 @@ - resource "kubernetes_ingress_v1" "internal" { metadata { - name = "initial-ingress-setup-internal" + name = "initial-ingress-setup-internal" namespace = "nullplatform" annotations = merge({ @@ -13,13 +12,13 @@ resource "kubernetes_ingress_v1" "internal" { messageBody = "404 scope not found or has not been deployed yet" } }) - "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internal" - "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" - "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internal" - "alb.ingress.kubernetes.io/scheme" = "internal" - "alb.ingress.kubernetes.io/ssl-redirect" = "443" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn + "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internal" + "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" + "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internal" + "alb.ingress.kubernetes.io/scheme" = "internal" + "alb.ingress.kubernetes.io/ssl-redirect" = "443" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn }) } @@ -49,7 +48,7 @@ resource "kubernetes_ingress_v1" "internal" { resource "kubernetes_ingress_v1" "public" { metadata { - name = "initial-ingress-setup-public" + name = "initial-ingress-setup-public" namespace = "nullplatform" annotations = merge({ @@ -61,13 +60,13 @@ resource "kubernetes_ingress_v1" "public" { messageBody = "404 scope not found or has not been deployed yet" } }) - "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internet-facing" - "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" - "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internet-facing" - "alb.ingress.kubernetes.io/scheme" = "internet-facing" - "alb.ingress.kubernetes.io/ssl-redirect" = "443" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn + "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internet-facing" + "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" + "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internet-facing" + "alb.ingress.kubernetes.io/scheme" = "internet-facing" + "alb.ingress.kubernetes.io/ssl-redirect" = "443" + "alb.ingress.kubernetes.io/target-type" = "ip" + "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn }) } diff --git a/infrastructure/aws/ingress/variables.tf b/infrastructure/aws/ingress/variables.tf new file mode 100644 index 0000000..48498d8 --- /dev/null +++ b/infrastructure/aws/ingress/variables.tf @@ -0,0 +1,4 @@ +variable "certificate_arn" { + description = "ARN of the SSL/TLS certificate for the network configuration" + type = string +} \ No newline at end of file diff --git a/infrastructure/aws/route53/README.md b/infrastructure/aws/route53/README.md deleted file mode 100644 index d62952d..0000000 --- a/infrastructure/aws/route53/README.md +++ /dev/null @@ -1,32 +0,0 @@ - - - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_route53_zone.private_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | -| [aws_route53_zone.public_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain\_name](#input\_domain\_name) | n/a | `any` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | n/a | `any` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [private\_zone\_id](#output\_private\_zone\_id) | The ID of the Private Route 53 Hosted Zone | -| [private\_zone\_name](#output\_private\_zone\_name) | The domain name of the Private Route 53 Hosted Zone | -| [public\_zone\_id](#output\_public\_zone\_id) | The ID of the Public Route 53 Hosted Zone | -| [public\_zone\_name](#output\_public\_zone\_name) | The domain name of the Public Route 53 Hosted Zone | - \ No newline at end of file diff --git a/infrastructure/aws/route53/main.tf b/infrastructure/aws/route53/main.tf index 711ca7c..8d1b463 100644 --- a/infrastructure/aws/route53/main.tf +++ b/infrastructure/aws/route53/main.tf @@ -1,10 +1,17 @@ resource "aws_route53_zone" "public_zone" { - name = var.domain_name + name = var.domain_name } resource "aws_route53_zone" "private_zone" { - name = var.domain_name + name = var.domain_name vpc { vpc_id = var.vpc_id } } + +module "aws_route53_acm" { + source = "../acm" + domain_name = var.domain_name + zone_id = aws_route53_zone.public_zone.id + subject_alternative_names = [] +} diff --git a/v2/foundations/aws/vpc/providers.tf b/infrastructure/aws/route53/providers.tf similarity index 100% rename from v2/foundations/aws/vpc/providers.tf rename to infrastructure/aws/route53/providers.tf diff --git a/infrastructure/aws/route53/varaibles.tf b/infrastructure/aws/route53/varaibles.tf index 06fb377..ab15774 100644 --- a/infrastructure/aws/route53/varaibles.tf +++ b/infrastructure/aws/route53/varaibles.tf @@ -1,2 +1,8 @@ -variable "vpc_id" {} -variable "domain_name" {} \ No newline at end of file +variable "vpc_id" { + type = string + description = "The VPC id" +} +variable "domain_name" { + type = string + description = "The domains to project" +} \ No newline at end of file diff --git a/infrastructure/aws/vpc/README.md b/infrastructure/aws/vpc/README.md deleted file mode 100644 index ba83de6..0000000 --- a/infrastructure/aws/vpc/README.md +++ /dev/null @@ -1,17 +0,0 @@ - - - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [environment](#input\_environment) | The environment name | `string` | n/a | yes | -| [organization](#input\_organization) | A organization name | `string` | n/a | yes | -| [vpc](#input\_vpc) | A VPC with public and private subnets | `any` | n/a | yes | - \ No newline at end of file diff --git a/infrastructure/aws/vpc/main.tf b/infrastructure/aws/vpc/main.tf index 719c08c..25aefde 100644 --- a/infrastructure/aws/vpc/main.tf +++ b/infrastructure/aws/vpc/main.tf @@ -1,14 +1,15 @@ module "vpc" { source = "terraform-aws-modules/vpc/aws" + version = "~> 6.0" - name = "${var.organization}-${var.environment}" - cidr = var.vpc["cidr"] + name = "${var.organization}-${var.account}" + cidr = var.vpc.cidr_block enable_dns_hostnames = true - azs = var.vpc["azs"] - private_subnets = var.vpc["private_subnets"] - public_subnets = var.vpc["public_subnets"] + azs = var.vpc.azs + private_subnets = var.vpc.private_subnets + public_subnets = var.vpc.public_subnets enable_nat_gateway = true single_nat_gateway = true diff --git a/v2/foundations/aws/vpc/output.tf b/infrastructure/aws/vpc/output.tf similarity index 100% rename from v2/foundations/aws/vpc/output.tf rename to infrastructure/aws/vpc/output.tf diff --git a/v2/foundations/aws/backend/providers.tf b/infrastructure/aws/vpc/providers.tf similarity index 59% rename from v2/foundations/aws/backend/providers.tf rename to infrastructure/aws/vpc/providers.tf index 4eaaf21..8b01857 100644 --- a/v2/foundations/aws/backend/providers.tf +++ b/infrastructure/aws/vpc/providers.tf @@ -4,9 +4,5 @@ terraform { source = "hashicorp/aws" version = "~> 6.0" } - helm = { - source = "hashicorp/helm" - version = "~> 3.0" - } } } \ No newline at end of file diff --git a/infrastructure/aws/vpc/variables.tf b/infrastructure/aws/vpc/variables.tf index 1fec053..326fae6 100644 --- a/infrastructure/aws/vpc/variables.tf +++ b/infrastructure/aws/vpc/variables.tf @@ -1,20 +1,19 @@ variable "vpc" { - description = "A VPC with public and private subnets" + description = "Configuración de la VPC" + type = object({ + cidr_block = string + azs = list(string) + private_subnets = list(string) + public_subnets = list(string) + }) } -# Parámetros VPC -# vpc = { -# azs = ["us-west-2a", "us-west-2b", "us-west-2c"] -# cidr = "172.16.0.0/16" -# public_subnets = ["172.16.1.0/24", "172.16.2.0/24", "172.16.3.0/24"] -# private_subnets = ["172.16.10.0/24", "172.16.11.0/24", "172.16.12.0/24"] -# } variable "organization" { type = string description = "A organization name" } -variable "environment" { +variable "account" { type = string - description = "The environment name" + description = "The account name" } \ No newline at end of file diff --git a/workloads/cert-manager/locals.tf b/infrastructure/commons/cert-manager/locals.tf similarity index 94% rename from workloads/cert-manager/locals.tf rename to infrastructure/commons/cert-manager/locals.tf index e222583..1ed0019 100644 --- a/workloads/cert-manager/locals.tf +++ b/infrastructure/commons/cert-manager/locals.tf @@ -20,6 +20,6 @@ locals { # Cloudflare cloudflare_enabled = var.cloudflare_enabled cloudflare_secret_name = var.cloudflare_secret_name - cloudflare_token = var.cloudflare_token + cloudflare_token = var.cloudflare_token }) } \ No newline at end of file diff --git a/workloads/cert-manager/main.tf b/infrastructure/commons/cert-manager/main.tf similarity index 100% rename from workloads/cert-manager/main.tf rename to infrastructure/commons/cert-manager/main.tf diff --git a/workloads/cert-manager/provider.tf b/infrastructure/commons/cert-manager/provider.tf similarity index 100% rename from workloads/cert-manager/provider.tf rename to infrastructure/commons/cert-manager/provider.tf diff --git a/workloads/cert-manager/templates/cert_manager_values.tmpl.yaml b/infrastructure/commons/cert-manager/templates/cert_manager_values.tmpl.yaml similarity index 100% rename from workloads/cert-manager/templates/cert_manager_values.tmpl.yaml rename to infrastructure/commons/cert-manager/templates/cert_manager_values.tmpl.yaml diff --git a/workloads/cert-manager/variables.tf b/infrastructure/commons/cert-manager/variables.tf similarity index 100% rename from workloads/cert-manager/variables.tf rename to infrastructure/commons/cert-manager/variables.tf diff --git a/workloads/external-dns/locals.tf b/infrastructure/commons/external-dns/locals.tf similarity index 100% rename from workloads/external-dns/locals.tf rename to infrastructure/commons/external-dns/locals.tf diff --git a/workloads/external-dns/main.tf b/infrastructure/commons/external-dns/main.tf similarity index 100% rename from workloads/external-dns/main.tf rename to infrastructure/commons/external-dns/main.tf diff --git a/workloads/external-dns/provider.tf b/infrastructure/commons/external-dns/provider.tf similarity index 100% rename from workloads/external-dns/provider.tf rename to infrastructure/commons/external-dns/provider.tf diff --git a/workloads/external-dns/secret.tf b/infrastructure/commons/external-dns/secret.tf similarity index 100% rename from workloads/external-dns/secret.tf rename to infrastructure/commons/external-dns/secret.tf diff --git a/workloads/external-dns/templates/external_dns_values.tmpl.yaml b/infrastructure/commons/external-dns/templates/external_dns_values.tmpl.yaml similarity index 100% rename from workloads/external-dns/templates/external_dns_values.tmpl.yaml rename to infrastructure/commons/external-dns/templates/external_dns_values.tmpl.yaml diff --git a/workloads/external-dns/variables.tf b/infrastructure/commons/external-dns/variables.tf similarity index 100% rename from workloads/external-dns/variables.tf rename to infrastructure/commons/external-dns/variables.tf diff --git a/workloads/istio/locals.tf b/infrastructure/commons/istio/locals.tf similarity index 100% rename from workloads/istio/locals.tf rename to infrastructure/commons/istio/locals.tf diff --git a/workloads/istio/main.tf b/infrastructure/commons/istio/main.tf similarity index 83% rename from workloads/istio/main.tf rename to infrastructure/commons/istio/main.tf index d6cbf34..8fc3a0a 100644 --- a/workloads/istio/main.tf +++ b/infrastructure/commons/istio/main.tf @@ -5,7 +5,7 @@ resource "helm_release" "istio_base" { chart = "base" namespace = local.namespace create_namespace = true - version = var.istio_base_version + version = var.istio_base_version } resource "helm_release" "istiod" { @@ -14,7 +14,7 @@ resource "helm_release" "istiod" { repository = local.repository chart = "istiod" namespace = local.namespace - version = var.istiod_version + version = var.istiod_version } # Setup Istio Gateway using Helm @@ -24,6 +24,6 @@ resource "helm_release" "istio_ingressgateway" { repository = local.repository chart = "gateway" namespace = local.namespace - version = var.istio_ingressgateway_version + version = var.istio_ingressgateway_version } diff --git a/workloads/istio/provider.tf b/infrastructure/commons/istio/provider.tf similarity index 100% rename from workloads/istio/provider.tf rename to infrastructure/commons/istio/provider.tf diff --git a/workloads/istio/variables.tf b/infrastructure/commons/istio/variables.tf similarity index 68% rename from workloads/istio/variables.tf rename to infrastructure/commons/istio/variables.tf index e4656e1..ab69024 100644 --- a/workloads/istio/variables.tf +++ b/infrastructure/commons/istio/variables.tf @@ -1,19 +1,19 @@ variable "istio_base_version" { - type = string - default = "1.27.1" - + type = string + default = "1.27.1" + } variable "istio_ingressgateway_version" { - type = string - default = "1.27.1" - + type = string + default = "1.27.1" + } variable "istiod_version" { - type = string - default = "1.27.1" - + type = string + default = "1.27.1" + } variable "kubeconfig_path" { diff --git a/modules/README.md b/modules/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/aws/acm/README.md b/modules/aws/acm/README.md deleted file mode 100644 index f7a1027..0000000 --- a/modules/aws/acm/README.md +++ /dev/null @@ -1,37 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_acm_certificate.cert](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate) | resource | -| [aws_acm_certificate_validation.cert_validation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation) | resource | -| [aws_route53_record.cert_validation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [account](#input\_account) | nullplatform default account slug | `string` | n/a | yes | -| [domain\_name](#input\_domain\_name) | n/a | `string` | n/a | yes | -| [organization](#input\_organization) | nullplatform organization slug | `string` | n/a | yes | -| [zone\_id](#input\_zone\_id) | Route53 Zone ID where certificate will be validated | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [acm\_certificate\_arn](#output\_acm\_certificate\_arn) | The ARN of the ACM certificate | -| [acm\_certificate\_domain\_name](#output\_acm\_certificate\_domain\_name) | The domain name for which the ACM certificate is issued | diff --git a/modules/aws/acm/backend.tf b/modules/aws/acm/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/acm/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/acm/main.tf b/modules/aws/acm/main.tf deleted file mode 100644 index 920c701..0000000 --- a/modules/aws/acm/main.tf +++ /dev/null @@ -1,42 +0,0 @@ -resource "aws_acm_certificate" "cert" { - provider = aws - domain_name = "*.${var.domain_name}" - validation_method = "DNS" - - subject_alternative_names = [ - "*.${var.account}.${var.domain_name}" - ] - - lifecycle { - create_before_destroy = true - } - - tags = { - organization = var.organization - account = var.account - name = "${var.domain_name} Certificate" - } -} - -# DNS validation records -resource "aws_route53_record" "cert_validation" { - provider = aws - for_each = { - for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => { - name = dvo.resource_record_name - type = dvo.resource_record_type - value = dvo.resource_record_value - } - } - zone_id = var.zone_id - name = each.value.name - type = each.value.type - ttl = 300 - records = [each.value.value] -} - -resource "aws_acm_certificate_validation" "cert_validation" { - provider = aws - certificate_arn = aws_acm_certificate.cert.arn - validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn] -} diff --git a/modules/aws/acm/output.tf b/modules/aws/acm/output.tf deleted file mode 100644 index 2824778..0000000 --- a/modules/aws/acm/output.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "acm_certificate_arn" { - description = "The ARN of the ACM certificate" - value = aws_acm_certificate.cert.arn -} - -output "acm_certificate_domain_name" { - description = "The domain name for which the ACM certificate is issued" - value = aws_acm_certificate.cert.domain_name -} diff --git a/modules/aws/acm/variables.tf b/modules/aws/acm/variables.tf deleted file mode 100644 index 988c7a8..0000000 --- a/modules/aws/acm/variables.tf +++ /dev/null @@ -1,18 +0,0 @@ -variable "zone_id" { - description = "Route53 Zone ID where certificate will be validated" - type = string -} - -variable "domain_name" { - type = string -} - -variable "organization" { - type = string - description = "nullplatform organization slug" -} - -variable "account" { - type = string - description = "nullplatform default account slug" -} diff --git a/modules/aws/alb/.terraform.lock.hcl b/modules/aws/alb/.terraform.lock.hcl deleted file mode 100644 index 3904efc..0000000 --- a/modules/aws/alb/.terraform.lock.hcl +++ /dev/null @@ -1,19 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.87.0" - hashes = [ - "h1:EDxEPPJt3z1s7LPaTfW4skOwStwIKUa4pRvY1U7fb9U=", - "zh:0ff0c91bcb9432ea0ae34f0f05e2bcb27d13e416b055b27dd1839277e7828dab", - "zh:170c075f97104cb40d88e701f3c9eae4dab08f078f6242d23792059db0a9d290", - "zh:49fdaac4023d445827577c036931e4bce1d8cbe9b41356beafe350a2259abd38", - "zh:5ed588793045b865d9bd7a867d25b2d1a815bcd3c318f46268dcdeb518345191", - "zh:6716747fedd73acdacaf6374ad9ca633a211a530da249086f6fb6af3fe9155fa", - "zh:8dae238b36bb4888baa6053b056c5c35382aa946dbbe00022ad9f59d461ba7c6", - "zh:9dcad763c2e7e6b0999044eebbca347a3fcc3e28778fa99f74cc25316d4ea723", - "zh:a86ca3a4f3ce991c7ab9906989ed9f352a3b9b34febb7a82b39fc2b6f12a58f5", - "zh:b964f15192fc89c12510f81bb6980bac19ae39138cdee727b5320757bcefff89", - "zh:cca503c8a46df411dcc482b3d352b522de44fcadfec35611bb7658bcdd785c43", - ] -} diff --git a/modules/aws/alb/balancer.tf b/modules/aws/alb/balancer.tf deleted file mode 100644 index 07b4e2c..0000000 --- a/modules/aws/alb/balancer.tf +++ /dev/null @@ -1,73 +0,0 @@ -resource "aws_lb" "null-main-balancer" { - name = substr("null-main-balancer-${var.suffix}", 0, 32) - internal = false - load_balancer_type = "application" - security_groups = [aws_security_group.null-main-balancer.id] - subnets = var.public_subnet_ids -} - - -resource "aws_lb_target_group" "default_target_group" { - name = "default-${var.suffix}-tg" - port = 80 - protocol = "HTTP" - vpc_id = var.vpc_id - health_check { - path = "/health" - protocol = "HTTP" - } -} - -resource "aws_lb_listener" "null-main-listener-http" { - load_balancer_arn = aws_lb.null-main-balancer.arn - port = "80" - protocol = "HTTP" - - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.default_target_group.arn - } -} - -resource "aws_lb_listener" "null-main-listener-https" { - load_balancer_arn = aws_lb.null-main-balancer.arn - port = "443" - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" - certificate_arn = var.certificate_arn - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.default_target_group.arn - } -} - -resource "aws_lb" "null-main-balancer-internal" { - name = substr("null-main-balancer-internal-${var.suffix}", 0, 32) - internal = true - load_balancer_type = "application" - security_groups = [aws_security_group.null-main-balancer.id] - subnets = var.private_subnet_ids -} -resource "aws_lb_listener" "null-main-internal-listener-https" { - load_balancer_arn = aws_lb.null-main-balancer-internal.arn - port = "443" - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" - certificate_arn = var.certificate_arn - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.default_target_group_internal.arn - } -} - -resource "aws_lb_target_group" "default_target_group_internal" { - name = "default-internal-${var.suffix}-tg" - port = 80 - protocol = "HTTP" - vpc_id = var.vpc_id - health_check { - path = "/health" - protocol = "HTTP" - } -} - diff --git a/modules/aws/alb/outputs.tf b/modules/aws/alb/outputs.tf deleted file mode 100644 index a700b2a..0000000 --- a/modules/aws/alb/outputs.tf +++ /dev/null @@ -1,21 +0,0 @@ -output "security_group_ids" { - description = "A list of SGs to attach to ec2 or lambda" - value = [aws_security_group.http-instance.id] -} -output "private_load_balancer_arn" { - description = "The private LB arn" - value = aws_lb.null-main-balancer-internal.arn -} -output "private_load_balancer_listener_arn" { - description = "The private LB Listener arn" - value = aws_lb_listener.null-main-internal-listener-https.arn -} -output "public_load_balancer_arn" { - description = "The public LB arn" - value = aws_lb.null-main-balancer.arn - -} -output "public_load_balancer_listener_arn" { - description = "The public LB listener arn" - value = aws_lb_listener.null-main-listener-https.arn -} diff --git a/modules/aws/alb/security-groups.tf b/modules/aws/alb/security-groups.tf deleted file mode 100644 index 99c909d..0000000 --- a/modules/aws/alb/security-groups.tf +++ /dev/null @@ -1,75 +0,0 @@ -resource "aws_security_group" "null-main-balancer" { - vpc_id = var.vpc_id - - tags = { - Name = "load_balancer" - } -} - -resource "aws_vpc_security_group_ingress_rule" "allow_lb_https" { - security_group_id = aws_security_group.null-main-balancer.id - cidr_ipv4 = "0.0.0.0/0" - from_port = 443 - ip_protocol = "tcp" - to_port = 443 -} - -resource "aws_vpc_security_group_ingress_rule" "allow_lb_http" { - security_group_id = aws_security_group.null-main-balancer.id - cidr_ipv4 = "0.0.0.0/0" - from_port = 80 - ip_protocol = "tcp" - to_port = 80 -} - -resource "aws_vpc_security_group_egress_rule" "allow_lb_all" { - security_group_id = aws_security_group.null-main-balancer.id - - cidr_ipv4 = "0.0.0.0/0" - from_port = -1 - ip_protocol = -1 - to_port = -1 -} - -resource "aws_security_group" "http-instance" { - vpc_id = var.vpc_id - - //If you do not add this rule, you can not reach the NGIX - tags = { - Name = "http-instance" - } -} - -resource "aws_vpc_security_group_ingress_rule" "allow_instance_http" { - security_group_id = aws_security_group.http-instance.id - referenced_security_group_id = aws_security_group.null-main-balancer.id - from_port = 80 - ip_protocol = "tcp" - to_port = 80 -} - -resource "aws_vpc_security_group_ingress_rule" "allow_instance_http_default_null" { - security_group_id = aws_security_group.http-instance.id - cidr_ipv4 = var.vpc_cidr - from_port = 8080 - ip_protocol = "tcp" - to_port = 8080 -} - -resource "aws_vpc_security_group_ingress_rule" "allow_instance_ssh" { - security_group_id = aws_security_group.http-instance.id - cidr_ipv4 = var.vpc_cidr - from_port = 22 - ip_protocol = "tcp" - to_port = 22 -} - -resource "aws_vpc_security_group_egress_rule" "allow_instance_all" { - security_group_id = aws_security_group.http-instance.id - - cidr_ipv4 = "0.0.0.0/0" - from_port = -1 - ip_protocol = -1 - to_port = -1 -} - diff --git a/modules/aws/alb/variables.tf b/modules/aws/alb/variables.tf deleted file mode 100644 index eab05f1..0000000 --- a/modules/aws/alb/variables.tf +++ /dev/null @@ -1,30 +0,0 @@ -variable "certificate_arn" { - type = string - description = "The certificate arn to use with the LB" -} - -variable "vpc_id" { - type = string - description = "The VPC id where the load balancer will be deployed" -} - -variable "vpc_cidr" { - type = string - description = "The VPC cidr used for the whole setup" -} - -variable "public_subnet_ids" { - type = list(string) - description = "List of public subnet ids to associate to the LB" -} - -variable "private_subnet_ids" { - type = list(string) - description = "List of public subnet ids to associate to the LB" -} - -variable "suffix" { - type = string - description = "A suffix for the bucket name" -} - diff --git a/modules/aws/bucket/README.md b/modules/aws/bucket/README.md deleted file mode 100644 index 69ba628..0000000 --- a/modules/aws/bucket/README.md +++ /dev/null @@ -1,33 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_s3_bucket.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [name](#input\_name) | the bucket name | `string` | n/a | yes | -| [namespace](#input\_namespace) | nullplatform namespace slug | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [bucket\_arn](#output\_bucket\_arn) | bucket arn | -| [bucket\_id](#output\_bucket\_id) | bucket id | diff --git a/modules/aws/bucket/main.tf b/modules/aws/bucket/main.tf deleted file mode 100644 index d5c9628..0000000 --- a/modules/aws/bucket/main.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "aws_s3_bucket" "bucket" { - bucket = var.name - - force_destroy = true -} diff --git a/modules/aws/bucket/output.tf b/modules/aws/bucket/output.tf deleted file mode 100644 index aee4e69..0000000 --- a/modules/aws/bucket/output.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "bucket_arn" { - description = "bucket arn" - value = aws_s3_bucket.bucket.arn -} - -output "bucket_id" { - description = "bucket id" - value = aws_s3_bucket.bucket.id -} diff --git a/modules/aws/bucket/variables.tf b/modules/aws/bucket/variables.tf deleted file mode 100644 index a49b4ef..0000000 --- a/modules/aws/bucket/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "name" { - type = string - description = "the bucket name" -} diff --git a/modules/aws/data/iam/eks/trusting/.terraform.lock.hcl b/modules/aws/data/iam/eks/trusting/.terraform.lock.hcl deleted file mode 100644 index e176bcb..0000000 --- a/modules/aws/data/iam/eks/trusting/.terraform.lock.hcl +++ /dev/null @@ -1,19 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.99.1" - hashes = [ - "h1:0jNckFqimGrHhRB88880ovIpmoE20xhjRb94GBdgjwo=", - "zh:13a07422f776dd97214dfa89d6a88340b99613cbb869013c756c1a68fd8cdd9d", - "zh:1841d422278afa25d42a8d3ea9197ad08cf092769bd2aa89056d25d4c2629df8", - "zh:269016c7ba09d76e42fbcf15de28f2de0595ff9a7304a0500011a4493d7a1551", - "zh:2b842c3d0f30e048c05a37752b9c07d316656f3caf79841d08a4f1b057555eb2", - "zh:6559eedc095f70a51460dc702613a9033734ba536c1de1ed86a735a3c8131e40", - "zh:6d43b2676630344db3a7d6ba8330d20993492168f124e19e040a0aa914ec832e", - "zh:7f5d5cb0c1a492080b668f456de50f5b91fc67018c05f12483added3faf703f6", - "zh:c3bb8094bf26565150229f1ca6014d41d1283b8a2b06a15b45cd5a6b4ce82e28", - "zh:e45bc994d0c6e1c0a0b70e8378f2f933e924f05c91061ed2a97ceaf282e08a25", - "zh:ee725d6fbc1dbaa5017e9eab6fa0aa7e107a4ed73a4a8e2acab6b5d3d54cd0e4", - ] -} diff --git a/modules/aws/data/iam/eks/trusting/README.md b/modules/aws/data/iam/eks/trusting/README.md deleted file mode 100644 index 55ecf56..0000000 --- a/modules/aws/data/iam/eks/trusting/README.md +++ /dev/null @@ -1,34 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.99.1 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | -| [aws_iam_openid_connect_provider.eks](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | Name of the Kubernetes cluster | `string` | n/a | yes | -| [namespace](#input\_namespace) | Kubernetes namespace for the Service account | `string` | n/a | yes | -| [service\_account\_name](#input\_service\_account\_name) | Service account name | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [trusting](#output\_trusting) | n/a | diff --git a/modules/aws/data/iam/eks/trusting/data.tf b/modules/aws/data/iam/eks/trusting/data.tf deleted file mode 100644 index 845880a..0000000 --- a/modules/aws/data/iam/eks/trusting/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -data "aws_iam_openid_connect_provider" "eks" { - url = data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer -} \ No newline at end of file diff --git a/modules/aws/data/iam/eks/trusting/output.tf b/modules/aws/data/iam/eks/trusting/output.tf deleted file mode 100644 index 2c4ff89..0000000 --- a/modules/aws/data/iam/eks/trusting/output.tf +++ /dev/null @@ -1,20 +0,0 @@ -output "trusting" { - value = { - Version = "2012-10-17" - Statement = [ - { - Action = "sts:AssumeRoleWithWebIdentity" - Effect = "Allow" - Principal = { - Federated = data.aws_iam_openid_connect_provider.eks.arn - } - Condition = { - StringEquals = { - "${replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}:sub" = "system:serviceaccount:${var.namespace}:${var.service_account_name}" - "${replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "")}:aud" = "sts.amazonaws.com" - } - } - } - ] - } -} \ No newline at end of file diff --git a/modules/aws/data/iam/eks/trusting/variables.tf b/modules/aws/data/iam/eks/trusting/variables.tf deleted file mode 100644 index 0cbf0a0..0000000 --- a/modules/aws/data/iam/eks/trusting/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "cluster_name" { - description = "Name of the Kubernetes cluster" - type = string -} - -variable "namespace" { - description = "Kubernetes namespace for the Service account" - type = string -} - -variable "service_account_name" { - description = "Service account name" - type = string -} \ No newline at end of file diff --git a/modules/aws/eks/.terraform.lock.hcl b/modules/aws/eks/.terraform.lock.hcl deleted file mode 100644 index dbfbdd1..0000000 --- a/modules/aws/eks/.terraform.lock.hcl +++ /dev/null @@ -1,125 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.99.1" - constraints = ">= 4.0.0, >= 4.33.0, >= 4.57.0, >= 5.95.0, < 6.0.0" - hashes = [ - "h1:xgPyZArCfKVMy8sThzhb0IernbFy0fJGm897ztejZAQ=", - "zh:00b0a61c6d295300f0aa7a79a7d40e9f836164f1fff816d38324c148cd846887", - "zh:1ee9d5ccb67378704642db62113ac6c0d56d69408a9c1afb9a8e14b095fc0733", - "zh:2035977ed418dcb18290785c1eeb79b7133b39f718c470346e043ac48887ffc7", - "zh:67e3ca1bf7061900f81cf958d5c771a2fd6048c2b185bec7b27978349b173a90", - "zh:87fadbe5de7347ede72ad879ff8d8d9334103cd9aa4a321bb086bfac91654944", - "zh:901d170c457c2bff244a2282d9de595bdb3ebecc33a2034c5ce8aafbcff66db9", - "zh:92c07d6cf530679565b87934f9f98604652d787968cce6a3d24c148479b7e34b", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a7d4803b4c5ff17f029f8b270c91480442ece27cec7922c38548bcfea2ac2d26", - "zh:afda848da7993a07d29018ec25ab6feda652e01d4b22721da570ce4fcc005292", - "zh:baaf16c98b81bad070e0908f057a97108ecd6e8c9f754d7a79b18df4c8453279", - "zh:c3dd496c5014427599d6b6b1c14c7ebb09a15df78918ae0be935e7bfa83b894c", - "zh:e2b84c1d40b3f2c4b1d74bf170b9e932983b61bac0e6dab2e36f5057ddcc997f", - "zh:e49c92cb29c53b4573ed4d9c946486e6bcfc1b63f1aee0c79cc7626f3d9add03", - "zh:efae8e339c4b13f546e0f96c42eb95bf8347de22e941594849b12688574bf380", - ] -} - -provider "registry.terraform.io/hashicorp/cloudinit" { - version = "2.3.7" - constraints = ">= 2.0.0" - hashes = [ - "h1:M9TpQxKAE/hyOwytdX9MUNZw30HoD/OXqYIug5fkqH8=", - "zh:06f1c54e919425c3139f8aeb8fcf9bceca7e560d48c9f0c1e3bb0a8ad9d9da1e", - "zh:0e1e4cf6fd98b019e764c28586a386dc136129fef50af8c7165a067e7e4a31d5", - "zh:1871f4337c7c57287d4d67396f633d224b8938708b772abfc664d1f80bd67edd", - "zh:2b9269d91b742a71b2248439d5e9824f0447e6d261bfb86a8a88528609b136d1", - "zh:3d8ae039af21426072c66d6a59a467d51f2d9189b8198616888c1b7fc42addc7", - "zh:3ef4e2db5bcf3e2d915921adced43929214e0946a6fb11793085d9a48995ae01", - "zh:42ae54381147437c83cbb8790cc68935d71b6357728a154109d3220b1beb4dc9", - "zh:4496b362605ae4cbc9ef7995d102351e2fe311897586ffc7a4a262ccca0c782a", - "zh:652a2401257a12706d32842f66dac05a735693abcb3e6517d6b5e2573729ba13", - "zh:7406c30806f5979eaed5f50c548eced2ea18ea121e01801d2f0d4d87a04f6a14", - "zh:7848429fd5a5bcf35f6fee8487df0fb64b09ec071330f3ff240c0343fe2a5224", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.37.1" - constraints = ">= 2.10.0" - hashes = [ - "h1:+37jC6JlkPyPvDHudK3qaj7ZVJ0Zy9zc9+oq8h1WayA=", - "zh:0ed097413c7fc804479e325966886b405dc0b75ad2b4f54ce4df1d8e4802b397", - "zh:17dcf4a685a00d2d048671124e8a1a8e836b58ecd2ef628a1c666fe0ced2e598", - "zh:36891284e5bced57c438f12d0b27856b0d4b70b562bd200b01919a6a89545be9", - "zh:3e49d86b508e641ba122d1b0af24cdc4d8ffa2ec1b30022436fb1d7c6ba696ea", - "zh:40be623e116708bdcb0fac32989db43720f031c5fe9a4dc63395078185d24403", - "zh:44fc0ac3bc39e289b67f9dde7ee9fef29eb8192197e5e68fee69098573021722", - "zh:957aa451573bcde5d57f6f8338ea3139010c7f61fefe8f6a140a8c267f056511", - "zh:c55fd85b7e8acaac17e30670ac3574b88b3530820dd004bcd2a5daa8624a46e9", - "zh:c743f06843a1f5ecde2b8ef639f4d3db654a334ef248dee57261c719ea843f3a", - "zh:c93cc71c64b838d89522ac5fb60f68e0e1e7f2fc39db6b0ead7afd78795e79ed", - "zh:eda1163c2266905adc54bc78cc3e7b606a164fbc6b59be607db933b302015ccd", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.4" - constraints = ">= 3.0.0" - hashes = [ - "h1:L5V05xwp/Gto1leRryuesxjMfgZwjb7oool4WS1UEFQ=", - "zh:59f6b52ab4ff35739647f9509ee6d93d7c032985d9f8c6237d1f8a59471bbbe2", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:795c897119ff082133150121d39ff26cb5f89a730a2c8c26f3a9c1abf81a9c43", - "zh:7b9c7b16f118fbc2b05a983817b8ce2f86df125857966ad356353baf4bff5c0a", - "zh:85e33ab43e0e1726e5f97a874b8e24820b6565ff8076523cc2922ba671492991", - "zh:9d32ac3619cfc93eb3c4f423492a8e0f79db05fec58e449dee9b2d5873d5f69f", - "zh:9e15c3c9dd8e0d1e3731841d44c34571b6c97f5b95e8296a45318b94e5287a6e", - "zh:b4c2ab35d1b7696c30b64bf2c0f3a62329107bd1a9121ce70683dec58af19615", - "zh:c43723e8cc65bcdf5e0c92581dcbbdcbdcf18b8d2037406a5f2033b1e22de442", - "zh:ceb5495d9c31bfb299d246ab333f08c7fb0d67a4f82681fbf47f2a21c3e11ab5", - "zh:e171026b3659305c558d9804062762d168f50ba02b88b231d20ec99578a6233f", - "zh:ed0fe2acdb61330b01841fa790be00ec6beaac91d41f311fb8254f74eb6a711f", - ] -} - -provider "registry.terraform.io/hashicorp/time" { - version = "0.13.1" - constraints = ">= 0.9.0" - hashes = [ - "h1:ZT5ppCNIModqk3iOkVt5my8b8yBHmDpl663JtXAIRqM=", - "zh:02cb9aab1002f0f2a94a4f85acec8893297dc75915f7404c165983f720a54b74", - "zh:04429b2b31a492d19e5ecf999b116d396dac0b24bba0d0fb19ecaefe193fdb8f", - "zh:26f8e51bb7c275c404ba6028c1b530312066009194db721a8427a7bc5cdbc83a", - "zh:772ff8dbdbef968651ab3ae76d04afd355c32f8a868d03244db3f8496e462690", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:898db5d2b6bd6ca5457dccb52eedbc7c5b1a71e4a4658381bcbb38cedbbda328", - "zh:8de913bf09a3fa7bedc29fec18c47c571d0c7a3d0644322c46f3aa648cf30cd8", - "zh:9402102c86a87bdfe7e501ffbb9c685c32bbcefcfcf897fd7d53df414c36877b", - "zh:b18b9bb1726bb8cfbefc0a29cf3657c82578001f514bcf4c079839b6776c47f0", - "zh:b9d31fdc4faecb909d7c5ce41d2479dd0536862a963df434be4b16e8e4edc94d", - "zh:c951e9f39cca3446c060bd63933ebb89cedde9523904813973fbc3d11863ba75", - "zh:e5b773c0d07e962291be0e9b413c7a22c044b8c7b58c76e8aa91d1659990dfb5", - ] -} - -provider "registry.terraform.io/hashicorp/tls" { - version = "4.1.0" - constraints = ">= 3.0.0" - hashes = [ - "h1:zEv9tY1KR5vaLSyp2lkrucNJ+Vq3c+sTFK9GyQGLtFs=", - "zh:14c35d89307988c835a7f8e26f1b83ce771e5f9b41e407f86a644c0152089ac2", - "zh:2fb9fe7a8b5afdbd3e903acb6776ef1be3f2e587fb236a8c60f11a9fa165faa8", - "zh:35808142ef850c0c60dd93dc06b95c747720ed2c40c89031781165f0c2baa2fc", - "zh:35b5dc95bc75f0b3b9c5ce54d4d7600c1ebc96fbb8dfca174536e8bf103c8cdc", - "zh:38aa27c6a6c98f1712aa5cc30011884dc4b128b4073a4a27883374bfa3ec9fac", - "zh:51fb247e3a2e88f0047cb97bb9df7c228254a3b3021c5534e4563b4007e6f882", - "zh:62b981ce491e38d892ba6364d1d0cdaadcee37cc218590e07b310b1dfa34be2d", - "zh:bc8e47efc611924a79f947ce072a9ad698f311d4a60d0b4dfff6758c912b7298", - "zh:c149508bd131765d1bc085c75a870abb314ff5a6d7f5ac1035a8892d686b6297", - "zh:d38d40783503d278b63858978d40e07ac48123a2925e1a6b47e62179c046f87a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fb07f708e3316615f6d218cec198504984c0ce7000b9f1eebff7516e384f4b54", - ] -} diff --git a/modules/aws/eks/README.md b/modules/aws/eks/README.md deleted file mode 100644 index 8401f7e..0000000 --- a/modules/aws/eks/README.md +++ /dev/null @@ -1,48 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [eks](#module\_eks) | terraform-aws-modules/eks/aws | ~> 19.0 | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_policy.nullplatform_metrics_eks_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | The name of the EKS cluster | `string` | n/a | yes | -| [private\_subnets](#input\_private\_subnets) | VPC Private Subnets which EKS cluster is deployed in | `list(any)` | n/a | yes | -| [scope\_manager\_role](#input\_scope\_manager\_role) | Add admin role to the aws-auth configmap | `string` | n/a | yes | -| [telemetry\_manager\_role](#input\_telemetry\_manager\_role) | Add admin role to the aws-auth configmap | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | VPC ID which EKS cluster is deployed in | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [cluster\_arn](#output\_cluster\_arn) | The Amazon Resource Name (ARN) of the cluster | -| [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster | -| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server | -| [cluster\_id](#output\_cluster\_id) | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts | -| [cluster\_name](#output\_cluster\_name) | The name of the EKS cluster | -| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider | -| [cluster\_platform\_version](#output\_cluster\_platform\_version) | Platform version for the cluster | -| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console | -| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` | -| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate | -| [oidc\_provider](#output\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | -| [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | diff --git a/modules/aws/eks/backend.tf b/modules/aws/eks/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/eks/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/eks/iam.tf b/modules/aws/eks/iam.tf deleted file mode 100644 index c80c10b..0000000 --- a/modules/aws/eks/iam.tf +++ /dev/null @@ -1,144 +0,0 @@ -resource "aws_iam_policy" "nullplatform_metrics_eks_policy" { - provider = aws - name = "nullplatform-eks-cw-api-policy" - description = "Policy for managing CloudWatch metrics and logs from Kubernetes" - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Effect = "Allow", - Action = [ - "ec2:DescribeInstances", - "cloudwatch:GetMetricData", - "cloudwatch:ListMetrics", - "logs:Describe*", - "logs:Get*", - "logs:List*", - "logs:StartQuery", - "logs:StopQuery", - "logs:TestMetricFilter", - "logs:FilterLogEvents" - ], - Resource = "*" - } - ] - }) -} - -resource "aws_iam_policy" "ebs_csi_policy" { - name = "ebs-csi-policy" - description = "Policy for EBS CSI driver" - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "ec2:CreateSnapshot", - "ec2:AttachVolume", - "ec2:DetachVolume", - "ec2:ModifyVolume", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeSnapshots", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" - ] - Resource = "*" - }, - { - Effect = "Allow" - Action = [ - "ec2:CreateTags" - ] - Resource = [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*" - ] - Condition = { - StringEquals = { - "ec2:CreateAction" = [ - "CreateVolume", - "CreateSnapshot" - ] - } - } - }, - { - Effect = "Allow" - Action = [ - "ec2:DeleteTags" - ] - Resource = [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*" - ] - }, - { - Effect = "Allow" - Action = [ - "ec2:CreateVolume" - ] - Resource = "*" - Condition = { - StringLike = { - "aws:RequestTag/ebs.csi.aws.com/cluster" : "true" - } - } - }, - { - Effect = "Allow" - Action = [ - "ec2:CreateVolume" - ] - Resource = "*" - Condition = { - StringLike = { - "aws:RequestTag/CSIVolumeName" : "*" - } - } - }, - { - Effect = "Allow" - Action = [ - "ec2:DeleteVolume" - ] - Resource = "*" - Condition = { - StringLike = { - "ec2:ResourceTag/CSIVolumeName" : "*" - } - } - }, - { - Effect = "Allow" - Action = [ - "ec2:DeleteVolume" - ] - Resource = "*" - Condition = { - StringLike = { - "ec2:ResourceTag/ebs.csi.aws.com/cluster" : "true" - } - } - } - ] - }) -} - -module "ebs_csi_irsa" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.0" - - role_name_prefix = "ebs-csi-" - attach_ebs_csi_policy = true - - oidc_providers = { - main = { - provider_arn = module.eks.oidc_provider_arn - namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"] - } - } - role_permissions_boundary_arn = var.iam_role_permissions_boundary -} diff --git a/modules/aws/eks/main.tf b/modules/aws/eks/main.tf deleted file mode 100644 index 7825d50..0000000 --- a/modules/aws/eks/main.tf +++ /dev/null @@ -1,73 +0,0 @@ -module "eks" { - source = "terraform-aws-modules/eks/aws" - version = "~> 19.0" - - cluster_name = var.cluster_name - cluster_version = "1.31" - - providers = { - aws = aws - } - - cluster_endpoint_public_access = true - - create_kms_key = false - create_cloudwatch_log_group = false - cluster_encryption_config = {} - - cluster_addons = { - coredns = { - most_recent = true - } - kube-proxy = { - most_recent = true - } - vpc-cni = { - most_recent = true - } - aws-ebs-csi-driver = { - most_recent = true - service_account_role_arn = module.ebs_csi_irsa.iam_role_arn - } - } - - vpc_id = var.vpc_id - subnet_ids = var.private_subnets - control_plane_subnet_ids = var.private_subnets - - eks_managed_node_group_defaults = { - instance_types = ["m5.xlarge", "m5.large", "t3.medium"] - iam_role_additional_policies = { - AmazonEBSCSIDriverPolicy = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy", - CloudwatchLogs = aws_iam_policy.nullplatform_metrics_eks_policy.arn - } - } - - eks_managed_node_groups = { - default = { - min_size = 1 - max_size = 10 - desired_size = 2 - iam_role_permissions_boundary = var.iam_role_permissions_boundary - } - - } - - manage_aws_auth_configmap = true - - aws_auth_roles = [ - { - rolearn = var.scope_manager_role - username = "scope_manager_role" - groups = ["system:masters"] - }, - { - rolearn = var.telemetry_manager_role - username = "telemetry_manager_role" - groups = ["eks:k8s-metrics", "np:pod-reader", "system:masters"] - } - ] - iam_role_permissions_boundary = var.iam_role_permissions_boundary -} - - diff --git a/modules/aws/eks/outputs.tf b/modules/aws/eks/outputs.tf deleted file mode 100644 index 51520cc..0000000 --- a/modules/aws/eks/outputs.tf +++ /dev/null @@ -1,60 +0,0 @@ -output "cluster_arn" { - description = "The Amazon Resource Name (ARN) of the cluster" - value = module.eks.cluster_arn -} - -output "cluster_certificate_authority_data" { - description = "Base64 encoded certificate data required to communicate with the cluster" - value = module.eks.cluster_certificate_authority_data -} - -output "cluster_endpoint" { - description = "Endpoint for your Kubernetes API server" - value = module.eks.cluster_endpoint -} - -output "cluster_id" { - description = "The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts" - value = module.eks.cluster_id -} - -output "cluster_name" { - description = "The name of the EKS cluster" - value = module.eks.cluster_name -} - -output "cluster_oidc_issuer_url" { - description = "The URL on the EKS cluster for the OpenID Connect identity provider" - value = module.eks.cluster_oidc_issuer_url -} - -output "cluster_platform_version" { - description = "Platform version for the cluster" - value = module.eks.cluster_platform_version -} - -output "cluster_status" { - description = "Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`" - value = module.eks.cluster_status -} - -output "cluster_security_group_id" { - description = "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console" - value = module.eks.cluster_security_group_id -} - -output "oidc_provider" { - description = "The OpenID Connect identity provider (issuer URL without leading `https://`)" - value = module.eks.oidc_provider -} - -output "oidc_provider_arn" { - description = "The ARN of the OIDC Provider if `enable_irsa = true`" - value = module.eks.oidc_provider_arn -} - -output "cluster_tls_certificate_sha1_fingerprint" { - description = "The SHA1 fingerprint of the public key of the cluster's certificate" - value = module.eks.cluster_tls_certificate_sha1_fingerprint -} - diff --git a/modules/aws/eks/variables.tf b/modules/aws/eks/variables.tf deleted file mode 100644 index e1ffb39..0000000 --- a/modules/aws/eks/variables.tf +++ /dev/null @@ -1,30 +0,0 @@ -variable "vpc_id" { - description = "VPC ID which EKS cluster is deployed in" - type = string -} - -variable "private_subnets" { - description = "VPC Private Subnets which EKS cluster is deployed in" - type = list(any) -} - -variable "cluster_name" { - type = string - description = "The name of the EKS cluster" -} - -variable "scope_manager_role" { - type = string - description = "Add admin role to the aws-auth configmap" -} - -variable "telemetry_manager_role" { - type = string - description = "Add admin role to the aws-auth configmap" -} - -variable "iam_role_permissions_boundary" { - description = "ARN of the policy that is used to set the permissions boundary for the IAM role" - type = string - default = null -} \ No newline at end of file diff --git a/modules/aws/iam/roles/nullplatform/.terraform.lock.hcl b/modules/aws/iam/roles/nullplatform/.terraform.lock.hcl deleted file mode 100644 index 3904efc..0000000 --- a/modules/aws/iam/roles/nullplatform/.terraform.lock.hcl +++ /dev/null @@ -1,19 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.87.0" - hashes = [ - "h1:EDxEPPJt3z1s7LPaTfW4skOwStwIKUa4pRvY1U7fb9U=", - "zh:0ff0c91bcb9432ea0ae34f0f05e2bcb27d13e416b055b27dd1839277e7828dab", - "zh:170c075f97104cb40d88e701f3c9eae4dab08f078f6242d23792059db0a9d290", - "zh:49fdaac4023d445827577c036931e4bce1d8cbe9b41356beafe350a2259abd38", - "zh:5ed588793045b865d9bd7a867d25b2d1a815bcd3c318f46268dcdeb518345191", - "zh:6716747fedd73acdacaf6374ad9ca633a211a530da249086f6fb6af3fe9155fa", - "zh:8dae238b36bb4888baa6053b056c5c35382aa946dbbe00022ad9f59d461ba7c6", - "zh:9dcad763c2e7e6b0999044eebbca347a3fcc3e28778fa99f74cc25316d4ea723", - "zh:a86ca3a4f3ce991c7ab9906989ed9f352a3b9b34febb7a82b39fc2b6f12a58f5", - "zh:b964f15192fc89c12510f81bb6980bac19ae39138cdee727b5320757bcefff89", - "zh:cca503c8a46df411dcc482b3d352b522de44fcadfec35611bb7658bcdd785c43", - ] -} diff --git a/modules/aws/iam/roles/nullplatform/README.md b/modules/aws/iam/roles/nullplatform/README.md deleted file mode 100644 index 884faa4..0000000 --- a/modules/aws/iam/roles/nullplatform/README.md +++ /dev/null @@ -1,74 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_access_key.nullplatform_build_workflow_user_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource | -| [aws_iam_instance_profile.null-instance-profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | -| [aws_iam_policy.ecr-nullimages-read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.lambda-execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.null-aws-logs-enablement](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.null-params-read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform-assets-write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_alb_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_asg_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_ecr_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_ecr_write_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_eks_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_lambda_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_metrics_api_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_params_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.nullplatform_route53_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy_attachment.null-instance-lambda-execution-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.null-instance-role-aws-logs-enablement](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.null-instance-role-ecr-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_policy_attachment.null-instance-role-s3-parameters-read-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource | -| [aws_iam_role.null-instance-role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role.nullplatform_application_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role.nullplatform_scope_workflow_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role.nullplatform_telemetry_manager_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_user.nullplatform_build_workflow_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource | -| [aws_iam_user_policy.nullplatform_build_workflow_user_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy) | resource | -| [aws_iam_user_policy.nullplatform_build_workflow_user_policy_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [application\_manager\_assume\_role](#input\_application\_manager\_assume\_role) | n/a | `string` | `"arn:aws:iam::283477532906:role/application_manager"` | no | -| [assets\_bucket\_arns](#input\_assets\_bucket\_arns) | Assets bucket arn | `list(string)` | n/a | yes | -| [parameters\_bucket\_arns](#input\_parameters\_bucket\_arns) | Parameters bucket arn | `list(string)` | n/a | yes | -| [parameters\_encryption\_arns](#input\_parameters\_encryption\_arns) | Parameters secret arn | `list(string)` | n/a | yes | -| [scope\_manager\_assume\_role](#input\_scope\_manager\_assume\_role) | n/a | `string` | `"arn:aws:iam::283477532906:role/scope_and_deploy_manager"` | no | -| [telemetry\_manager\_assume\_role](#input\_telemetry\_manager\_assume\_role) | n/a | `string` | `"arn:aws:iam::283477532906:role/telemetry_manager"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [nullplatform\_application\_role\_arn](#output\_nullplatform\_application\_role\_arn) | The ARN of the null-application-role | -| [nullplatform\_build\_workflow\_user\_access\_key\_id](#output\_nullplatform\_build\_workflow\_user\_access\_key\_id) | The access key ID for the null-build-workflow-user | -| [nullplatform\_build\_workflow\_user\_name](#output\_nullplatform\_build\_workflow\_user\_name) | The name of the null-build-workflow-user | -| [nullplatform\_build\_workflow\_user\_secret\_access\_key](#output\_nullplatform\_build\_workflow\_user\_secret\_access\_key) | The secret access key for the null-build-workflow-user | -| [nullplatform\_ecr\_manager\_policy\_arn](#output\_nullplatform\_ecr\_manager\_policy\_arn) | The ARN of the np-ecr-manager-policy | -| [nullplatform\_ecr\_write\_policy\_arn](#output\_nullplatform\_ecr\_write\_policy\_arn) | The ARN of the np-ecr-write-policy | -| [nullplatform\_eks\_manager\_policy\_arn](#output\_nullplatform\_eks\_manager\_policy\_arn) | The ARN of the np-eks-manager-policy | -| [nullplatform\_instance\_profile\_arn](#output\_nullplatform\_instance\_profile\_arn) | The ARN of the instance arn | -| [nullplatform\_metrics\_api\_policy\_arn](#output\_nullplatform\_metrics\_api\_policy\_arn) | The ARN of the np-metrics-api-policy | -| [nullplatform\_role\_arn](#output\_nullplatform\_role\_arn) | The IAM Role arn used for Lambda and EC2 | -| [nullplatform\_route53\_manager\_policy\_arn](#output\_nullplatform\_route53\_manager\_policy\_arn) | The ARN of the np-route53-manager-policy | -| [nullplatform\_scope\_workflow\_role\_arn](#output\_nullplatform\_scope\_workflow\_role\_arn) | The ARN of the null-scope-workflow-role | -| [nullplatform\_telemetry\_manager\_role\_arn](#output\_nullplatform\_telemetry\_manager\_role\_arn) | The ARN of the null-telemetry-manager-role | diff --git a/modules/aws/iam/roles/nullplatform/backend.tf b/modules/aws/iam/roles/nullplatform/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/iam/roles/nullplatform/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/iam/roles/nullplatform/execution-role.tf b/modules/aws/iam/roles/nullplatform/execution-role.tf deleted file mode 100644 index 0e57757..0000000 --- a/modules/aws/iam/roles/nullplatform/execution-role.tf +++ /dev/null @@ -1,164 +0,0 @@ -resource "aws_iam_role" "null-instance-role" { - name = "null-instance-role" - assume_role_policy = < [aws](#provider\_aws) | 5.87.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_route53_zone.private_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | -| [aws_route53_zone.public_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain\_name](#input\_domain\_name) | n/a | `string` | n/a | yes | -| [vpcs](#input\_vpcs) | VPC ID which the hosted zone should be associated with | 
map(object({
    vpc_id     = string
    vpc_region = string
  }))
| n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [private\_zone\_id](#output\_private\_zone\_id) | The ID of the Private Route 53 Hosted Zone | -| [private\_zone\_name](#output\_private\_zone\_name) | The domain name of the Private Route 53 Hosted Zone | -| [public\_zone\_id](#output\_public\_zone\_id) | The ID of the Public Route 53 Hosted Zone | -| [public\_zone\_name](#output\_public\_zone\_name) | The domain name of the Public Route 53 Hosted Zone | diff --git a/modules/aws/route53/backend.tf b/modules/aws/route53/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/route53/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/route53/main.tf b/modules/aws/route53/main.tf deleted file mode 100644 index a9a9453..0000000 --- a/modules/aws/route53/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "aws_route53_zone" "public_zone" { - name = var.domain_name - provider = aws - tags = { - name = "${var.domain_name} - Public Zone" - } -} - -resource "aws_route53_zone" "private_zone" { - name = var.domain_name - provider = aws - - dynamic "vpc" { - for_each = var.vpcs - content { - vpc_id = vpc.value.vpc_id - vpc_region = vpc.value.vpc_region - } - } - - tags = { - name = "${var.domain_name} - Private Zone" - } -} diff --git a/modules/aws/route53/output.tf b/modules/aws/route53/output.tf deleted file mode 100644 index 5b11401..0000000 --- a/modules/aws/route53/output.tf +++ /dev/null @@ -1,19 +0,0 @@ -output "public_zone_id" { - description = "The ID of the Public Route 53 Hosted Zone" - value = aws_route53_zone.public_zone.zone_id -} - -output "public_zone_name" { - description = "The domain name of the Public Route 53 Hosted Zone" - value = aws_route53_zone.public_zone.name -} - -output "private_zone_id" { - description = "The ID of the Private Route 53 Hosted Zone" - value = aws_route53_zone.private_zone.zone_id -} - -output "private_zone_name" { - description = "The domain name of the Private Route 53 Hosted Zone" - value = aws_route53_zone.private_zone.name -} diff --git a/modules/aws/route53/variables.tf b/modules/aws/route53/variables.tf deleted file mode 100644 index 5ed8228..0000000 --- a/modules/aws/route53/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "vpcs" { - description = "VPC ID which the hosted zone should be associated with" - type = map(object({ - vpc_id = string - vpc_region = string - })) -} - -variable "domain_name" { - type = string -} diff --git a/modules/aws/secret/README.md b/modules/aws/secret/README.md deleted file mode 100644 index 980540e..0000000 --- a/modules/aws/secret/README.md +++ /dev/null @@ -1,35 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | -| [random](#provider\_random) | 3.6.3 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_secretsmanager_secret.nullservice_params_encryption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource | -| [aws_secretsmanager_secret_version.encryption_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | -| [random_uuid.encryption_key](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [name](#input\_name) | the bucket name | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [parameters\_encryption](#output\_parameters\_encryption) | Secret manager arn to encrypt parameters into parameters bucket | -| [parameters\_encryption\_arn](#output\_parameters\_encryption\_arn) | Secret manager arn to encrypt parameters into parameters bucket | diff --git a/modules/aws/secret/backend.tf b/modules/aws/secret/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/secret/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/secret/main.tf b/modules/aws/secret/main.tf deleted file mode 100644 index 172bb6a..0000000 --- a/modules/aws/secret/main.tf +++ /dev/null @@ -1,19 +0,0 @@ -resource "random_uuid" "encryption_key" { -} - -resource "aws_secretsmanager_secret" "nullservice_params_encryption" { - name = "nullservice/params-${var.name}" - - force_overwrite_replica_secret = true - recovery_window_in_days = 0 - -} - -resource "aws_secretsmanager_secret_version" "encryption_key" { - secret_id = aws_secretsmanager_secret.nullservice_params_encryption.id - secret_string = < [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a | - -## Resources - -No resources. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [suffix](#input\_suffix) | A suffix for the bucket name | `string` | n/a | yes | -| [vpc](#input\_vpc) | A VPC with public and private subnets | `any` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [private\_subnet\_arns](#output\_private\_subnet\_arns) | List of ARNs of private subnets | -| [private\_subnets](#output\_private\_subnets) | List of IDs of private subnets | -| [private\_subnets\_cidr\_blocks](#output\_private\_subnets\_cidr\_blocks) | List of cidr\_blocks of private subnets | -| [public\_subnets](#output\_public\_subnets) | List of IDs of public subnets | -| [vpc\_arn](#output\_vpc\_arn) | The ARN of the VPC | -| [vpc\_id](#output\_vpc\_id) | The ID of the VPC | diff --git a/modules/aws/vpc/backend.tf b/modules/aws/vpc/backend.tf deleted file mode 100644 index f2702bf..0000000 --- a/modules/aws/vpc/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} diff --git a/modules/aws/vpc/main.tf b/modules/aws/vpc/main.tf deleted file mode 100644 index f504986..0000000 --- a/modules/aws/vpc/main.tf +++ /dev/null @@ -1,28 +0,0 @@ -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "< 6.0.0" - - name = "nullplatform-vpc-${var.suffix}" - cidr = var.vpc["cidr"] - - providers = { - aws = aws - } - - enable_dns_hostnames = true - - azs = var.vpc["azs"] - private_subnets = var.vpc["private_subnets"] - public_subnets = var.vpc["public_subnets"] - - enable_nat_gateway = true - single_nat_gateway = true - - public_subnet_tags = { - "kubernetes.io/role/elb" = 1 - } - - private_subnet_tags = { - "kubernetes.io/role/internal-elb" = 1 - } -} diff --git a/modules/aws/vpc/output.tf b/modules/aws/vpc/output.tf deleted file mode 100644 index 48a6950..0000000 --- a/modules/aws/vpc/output.tf +++ /dev/null @@ -1,30 +0,0 @@ -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_arn" { - description = "The ARN of the VPC" - value = module.vpc.vpc_arn -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnet_arns" { - description = "List of ARNs of private subnets" - value = module.vpc.private_subnet_arns -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - diff --git a/modules/aws/vpc/variables.tf b/modules/aws/vpc/variables.tf deleted file mode 100644 index 7a1dda6..0000000 --- a/modules/aws/vpc/variables.tf +++ /dev/null @@ -1,8 +0,0 @@ -variable "vpc" { - description = "A VPC with public and private subnets" -} - -variable "suffix" { - type = string - description = "A suffix for the bucket name" -} diff --git a/modules/gcp/README.md b/modules/gcp/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/gcp/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/gcp/bucket/README.md b/modules/gcp/bucket/README.md deleted file mode 100644 index 05affcd..0000000 --- a/modules/gcp/bucket/README.md +++ /dev/null @@ -1,36 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | 6.19.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [google_storage_bucket.bucket](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [max\_accepted\_versions](#input\_max\_accepted\_versions) | Maximum number of versions of a bucket | `number` | `10` | no | -| [max\_days\_in\_bucket](#input\_max\_days\_in\_bucket) | Number of days before objects automatically expire | `number` | `30` | no | -| [name](#input\_name) | Name of the bucket | `string` | n/a | yes | -| [region](#input\_region) | Region of the bucket | `string` | n/a | yes | -| [storage\_class](#input\_storage\_class) | Storage class of the bucket (e.g., STANDARD, NEARLINE, COLDLINE, ARCHIVE) | `string` | `"STANDARD"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [bucket\_versioning\_status](#output\_bucket\_versioning\_status) | Indicates whether versioning is enabled | -| [created\_bucket\_name](#output\_created\_bucket\_name) | Name of the bucket created in GCP | diff --git a/modules/gcp/bucket/main.tf b/modules/gcp/bucket/main.tf deleted file mode 100644 index fc39a4f..0000000 --- a/modules/gcp/bucket/main.tf +++ /dev/null @@ -1,29 +0,0 @@ -resource "google_storage_bucket" "bucket" { - name = var.name - location = var.region - force_destroy = true - storage_class = var.storage_class - uniform_bucket_level_access = true - - versioning { - enabled = true - } - - lifecycle_rule { - action { - type = "Delete" - } - condition { - age = var.max_days_in_bucket - } - } - - lifecycle_rule { - action { - type = "Delete" - } - condition { - num_newer_versions = var.max_accepted_versions - } - } -} diff --git a/modules/gcp/bucket/outputs.tf b/modules/gcp/bucket/outputs.tf deleted file mode 100644 index 7130392..0000000 --- a/modules/gcp/bucket/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "created_bucket_name" { - value = google_storage_bucket.bucket.name - description = "Name of the bucket created in GCP" -} - -output "bucket_versioning_status" { - value = google_storage_bucket.bucket.versioning[0].enabled - description = "Indicates whether versioning is enabled" -} diff --git a/modules/gcp/bucket/variables.tf b/modules/gcp/bucket/variables.tf deleted file mode 100644 index 2e287d2..0000000 --- a/modules/gcp/bucket/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -variable "name" { - description = "Name of the bucket" - type = string -} - -variable "region" { - description = "Region of the bucket" - type = string -} - -variable "storage_class" { - description = "Storage class of the bucket (e.g., STANDARD, NEARLINE, COLDLINE, ARCHIVE)" - type = string - default = "STANDARD" -} - -variable "max_days_in_bucket" { - description = "Number of days before objects automatically expire" - type = number - default = 30 -} - -variable "max_accepted_versions" { - description = "Maximum number of versions of a bucket" - type = number - default = 10 -} - diff --git a/modules/gcp/dns/README.md b/modules/gcp/dns/README.md deleted file mode 100644 index 4086c43..0000000 --- a/modules/gcp/dns/README.md +++ /dev/null @@ -1,35 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | 6.19.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [google_dns_managed_zone.private-zone](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone) | resource | -| [google_dns_managed_zone.public-zone](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [network\_id](#input\_network\_id) | The id of the network to associate the private dns | `string` | n/a | yes | -| [private\_domain\_name](#input\_private\_domain\_name) | The name of the private domain | `string` | n/a | yes | -| [public\_domain\_name](#input\_public\_domain\_name) | The name of the public domain | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [private\_domain\_name](#output\_private\_domain\_name) | n/a | -| [public\_domain\_name](#output\_public\_domain\_name) | n/a | diff --git a/modules/gcp/dns/locals.tf b/modules/gcp/dns/locals.tf deleted file mode 100644 index 65415cb..0000000 --- a/modules/gcp/dns/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - description = "Nullplatform delegation" -} diff --git a/modules/gcp/dns/main.tf b/modules/gcp/dns/main.tf deleted file mode 100644 index 588386b..0000000 --- a/modules/gcp/dns/main.tf +++ /dev/null @@ -1,19 +0,0 @@ -resource "google_dns_managed_zone" "public-zone" { - name = replace(var.public_domain_name, ".", "-") - dns_name = "${var.public_domain_name}." - description = local.description -} - -resource "google_dns_managed_zone" "private-zone" { - name = replace(var.private_domain_name, ".", "-") - dns_name = "${var.private_domain_name}." - description = local.description - - visibility = "private" - - private_visibility_config { - networks { - network_url = var.network_id - } - } -} diff --git a/modules/gcp/dns/output.tf b/modules/gcp/dns/output.tf deleted file mode 100644 index d1c3806..0000000 --- a/modules/gcp/dns/output.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "public_domain_name" { - value = google_dns_managed_zone.public-zone.name -} - -output "private_domain_name" { - value = google_dns_managed_zone.private-zone.name -} diff --git a/modules/gcp/dns/variables.tf b/modules/gcp/dns/variables.tf deleted file mode 100644 index 428181f..0000000 --- a/modules/gcp/dns/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "public_domain_name" { - type = string - description = "The name of the public domain" -} - -variable "private_domain_name" { - type = string - description = "The name of the private domain" -} - -variable "network_id" { - type = string - description = "The id of the network to associate the private dns" -} diff --git a/modules/gcp/gke/README.md b/modules/gcp/gke/README.md deleted file mode 100644 index 069787c..0000000 --- a/modules/gcp/gke/README.md +++ /dev/null @@ -1,45 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | 6.19.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [google_container_cluster.gke](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster) | resource | -| [google_project_iam_member.gke_artifact_access](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource | -| [google_service_account.gke_service_account](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | value for the GKE cluster name | `string` | n/a | yes | -| [deletion\_protection](#input\_deletion\_protection) | value for the GKE cluster deletion protection | `bool` | `false` | no | -| [disk\_size\_gb](#input\_disk\_size\_gb) | n/a | `number` | `20` | no | -| [environment](#input\_environment) | Environment for the GKE cluster (e.g., dev, stg, prod) | `string` | n/a | yes | -| [initial\_node\_count](#input\_initial\_node\_count) | n/a | `number` | `3` | no | -| [machine\_type](#input\_machine\_type) | n/a | `string` | `"e2-medium"` | no | -| [network\_id](#input\_network\_id) | Network ID for the GKE cluster | `string` | n/a | yes | -| [node\_count](#input\_node\_count) | n/a | `number` | `3` | no | -| [project\_id](#input\_project\_id) | Project ID for the GKE cluster | `string` | n/a | yes | -| [region](#input\_region) | Region for the GKE cluster | `string` | n/a | yes | -| [subnet\_id](#input\_subnet\_id) | Subnet ID for the GKE cluster | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [cluster\_ca\_certificate](#output\_cluster\_ca\_certificate) | n/a | -| [cluster\_endpoint](#output\_cluster\_endpoint) | n/a | -| [name](#output\_name) | n/a | diff --git a/modules/gcp/gke/main.tf b/modules/gcp/gke/main.tf deleted file mode 100644 index 7a619da..0000000 --- a/modules/gcp/gke/main.tf +++ /dev/null @@ -1,31 +0,0 @@ -resource "google_container_cluster" "gke" { - name = "${var.cluster_name}-${var.environment}" - location = var.region - - deletion_protection = var.deletion_protection - - network = var.network_id - subnetwork = var.subnet_id - - initial_node_count = var.initial_node_count - - node_config { - disk_size_gb = var.disk_size_gb - machine_type = var.machine_type - service_account = google_service_account.gke_service_account.email - oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"] - - } -} - -resource "google_project_iam_member" "gke_artifact_access" { - project = var.project_id - role = "roles/artifactregistry.reader" - member = "serviceAccount:${google_service_account.gke_service_account.email}" -} - -resource "google_service_account" "gke_service_account" { - account_id = "nullplatform-gke-sa" - display_name = "Nullplatform GKE Service Account" -} - diff --git a/modules/gcp/gke/outputs.tf b/modules/gcp/gke/outputs.tf deleted file mode 100644 index a525f38..0000000 --- a/modules/gcp/gke/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -output "cluster_endpoint" { - value = google_container_cluster.gke.endpoint -} - -output "cluster_ca_certificate" { - value = base64decode(google_container_cluster.gke.master_auth[0].cluster_ca_certificate) -} - -output "name" { - value = google_container_cluster.gke.name -} diff --git a/modules/gcp/gke/variables.tf b/modules/gcp/gke/variables.tf deleted file mode 100644 index 5754de7..0000000 --- a/modules/gcp/gke/variables.tf +++ /dev/null @@ -1,55 +0,0 @@ -variable "project_id" { - type = string - description = "Project ID for the GKE cluster" -} - -variable "region" { - type = string - description = "Region for the GKE cluster" -} - -variable "cluster_name" { - type = string - description = "value for the GKE cluster name" -} - -variable "network_id" { - type = string - description = "Network ID for the GKE cluster" -} - -variable "subnet_id" { - type = string - description = "Subnet ID for the GKE cluster" -} - -variable "node_count" { - type = number - default = 3 -} - -variable "disk_size_gb" { - type = number - default = 20 -} - -variable "machine_type" { - type = string - default = "e2-medium" -} - -variable "environment" { - description = "Environment for the GKE cluster (e.g., dev, stg, prod)" - type = string -} - -variable "initial_node_count" { - type = number - default = 3 -} - -variable "deletion_protection" { - type = bool - default = false - description = "value for the GKE cluster deletion protection" -} diff --git a/modules/gcp/registry/README.md b/modules/gcp/registry/README.md deleted file mode 100644 index f3354f1..0000000 --- a/modules/gcp/registry/README.md +++ /dev/null @@ -1,33 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [google_artifact_registry_repository.registry](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/artifact_registry_repository) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [name](#input\_name) | The repository name | `string` | `"nullplatform-central-repository"` | no | -| [project\_id](#input\_project\_id) | GCP project id | `string` | n/a | yes | -| [region](#input\_region) | Region name | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [repository\_name](#output\_repository\_name) | n/a | diff --git a/modules/gcp/registry/artifact-registry.tf b/modules/gcp/registry/artifact-registry.tf deleted file mode 100644 index e8b75b5..0000000 --- a/modules/gcp/registry/artifact-registry.tf +++ /dev/null @@ -1,10 +0,0 @@ -resource "google_artifact_registry_repository" "registry" { - project = var.project_id - location = var.region - repository_id = var.name - format = "DOCKER" - - labels = { - environment = "global" - } -} diff --git a/modules/gcp/registry/output.tf b/modules/gcp/registry/output.tf deleted file mode 100644 index 9af2201..0000000 --- a/modules/gcp/registry/output.tf +++ /dev/null @@ -1,3 +0,0 @@ -output "repository_name" { - value = var.name -} diff --git a/modules/gcp/registry/variable.tf b/modules/gcp/registry/variable.tf deleted file mode 100644 index c5c0f63..0000000 --- a/modules/gcp/registry/variable.tf +++ /dev/null @@ -1,15 +0,0 @@ -variable "project_id" { - type = string - description = "GCP project id" -} - -variable "region" { - type = string - description = "Region name" -} - -variable "name" { - type = string - description = "The repository name" - default = "nullplatform-central-repository" -} diff --git a/modules/gcp/vpc/README.md b/modules/gcp/vpc/README.md deleted file mode 100644 index ab8fffb..0000000 --- a/modules/gcp/vpc/README.md +++ /dev/null @@ -1,38 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [google](#provider\_google) | 6.19.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [google_compute_network.vpc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network) | resource | -| [google_compute_subnetwork.subnets](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [environment](#input\_environment) | Environment for the VPC (e.g., dev, stg, prod) | `string` | n/a | yes | -| [name](#input\_name) | Name of the bucket | `string` | n/a | yes | -| [project\_id](#input\_project\_id) | Project ID for the GKE cluster | `string` | n/a | yes | -| [region](#input\_region) | Region for the GKE cluster | `string` | n/a | yes | -| [subnet\_cidr\_map](#input\_subnet\_cidr\_map) | n/a | `list(string)` | n/a | yes | -| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | CIDR for the VPC block | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [subnets](#output\_subnets) | n/a | -| [vpc\_id](#output\_vpc\_id) | n/a | diff --git a/modules/gcp/vpc/main.tf b/modules/gcp/vpc/main.tf deleted file mode 100644 index f141e2f..0000000 --- a/modules/gcp/vpc/main.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "google_compute_network" "vpc" { - name = "${var.name}-${var.environment}" - auto_create_subnetworks = false -} - -resource "google_compute_subnetwork" "subnets" { - for_each = { for idx, val in var.subnet_cidr_map : idx => val } - name = "${var.name}-${var.environment}-${each.key}" - ip_cidr_range = each.value - network = google_compute_network.vpc.id - region = var.region -} diff --git a/modules/gcp/vpc/outputs.tf b/modules/gcp/vpc/outputs.tf deleted file mode 100644 index 893ff07..0000000 --- a/modules/gcp/vpc/outputs.tf +++ /dev/null @@ -1,10 +0,0 @@ -output "vpc_id" { - value = google_compute_network.vpc.id -} - -output "subnets" { - value = { - for key, subnet in google_compute_subnetwork.subnets : - key => subnet.self_link - } -} \ No newline at end of file diff --git a/modules/gcp/vpc/variables.tf b/modules/gcp/vpc/variables.tf deleted file mode 100644 index 7def55e..0000000 --- a/modules/gcp/vpc/variables.tf +++ /dev/null @@ -1,28 +0,0 @@ -variable "project_id" { - type = string - description = "Project ID for the GKE cluster" -} - -variable "region" { - type = string - description = "Region for the GKE cluster" -} - -variable "name" { - description = "Name of the bucket" - type = string -} - -variable "vpc_cidr_block" { - type = string - description = "CIDR for the VPC block" -} - -variable "subnet_cidr_map" { - type = list(string) -} - -variable "environment" { - description = "Environment for the VPC (e.g., dev, stg, prod)" - type = string -} diff --git a/modules/kubernetes/README.md b/modules/kubernetes/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/kubernetes/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/aws-alb-controller/.terraform.lock.hcl b/modules/kubernetes/helm/aws-alb-controller/.terraform.lock.hcl deleted file mode 100644 index 7a8e2b0..0000000 --- a/modules/kubernetes/helm/aws-alb-controller/.terraform.lock.hcl +++ /dev/null @@ -1,63 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "6.0.0" - constraints = ">= 4.0.0" - hashes = [ - "h1:dbRRZ1NzH1QV/+83xT/X3MLYaZobMXt8DNwbqnJojpo=", - "zh:16b1bb786719b7ebcddba3ab751b976ebf4006f7144afeebcb83f0c5f41f8eb9", - "zh:1fbc08b817b9eaf45a2b72ccba59f4ea19e7fcf017be29f5a9552b623eccc5bc", - "zh:304f58f3333dbe846cfbdfc2227e6ed77041ceea33b6183972f3f8ab51bd065f", - "zh:4cd447b5c24f14553bd6e1a0e4fea3c7d7b218cbb2316a3d93f1c5cb562c181b", - "zh:589472b56be8277558616075fc5480fcd812ba6dc70e8979375fc6d8750f83ef", - "zh:5d78484ba43c26f1ef6067c4150550b06fd39c5d4bfb790f92c4a6f7d9d0201b", - "zh:5f470ce664bffb22ace736643d2abe7ad45858022b652143bcd02d71d38d4e42", - "zh:7a9cbb947aaab8c885096bce5da22838ca482196cf7d04ffb8bdf7fd28003e47", - "zh:854df3e4c50675e727705a0eaa4f8d42ccd7df6a5efa2456f0205a9901ace019", - "zh:87162c0f47b1260f5969679dccb246cb528f27f01229d02fd30a8e2f9869ba2c", - "zh:9a145404d506b52078cd7060e6cbb83f8fc7953f3f63a5e7137d41f69d6317a3", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a4eab2649f5afe06cc406ce2aaf9fd44dcf311123f48d344c255e93454c08921", - "zh:bea09141c6186a3e133413ae3a2e3d1aaf4f43466a6a468827287527edf21710", - "zh:d7ea2a35ff55ddfe639ab3b04331556b772a8698eca01f5d74151615d9f336db", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "3.0.2" - hashes = [ - "h1:tOye2RnjFNXH236AsqGaIWtz4j6PZrpPuJhOSBt0KxU=", - "zh:2778de76c7dfb2e85c75fe6de3c11172a25551ed499bfb9e9f940a5be81167b0", - "zh:3b4c436a41e4fbae5f152852a9bd5c97db4460af384e26977477a40adf036690", - "zh:617a372f5bb2288f3faf5fd4c878a68bf08541cf418a3dbb8a19bc41ad4a0bf2", - "zh:84de431479548c96cb61c495278e320f361e80ab4f8835a5425ece24a9b6d310", - "zh:8b4cf5f81d10214e5e1857d96cff60a382a22b9caded7f5d7a92e5537fc166c1", - "zh:baeb26a00ffbcf3d507cdd940b2a2887eee723af5d3319a53eec69048d5e341e", - "zh:ca05a8814e9bf5fbffcd642df3a8d9fae9549776c7057ceae6d6f56471bae80f", - "zh:ca4bf3f94dedb5c5b1a73568f2dad7daf0ef3f85e688bc8bc2d0e915ec148366", - "zh:d331f2129fd3165c4bda875c84a65555b22eb007801522b9e017d065ac69b67e", - "zh:e583b2b478dde67da28e605ab4ef6521c2e390299b471d7d8ef05a0b608dcdad", - "zh:f238b86611647c108c073d265f8891a2738d3158c247468ae0ff5b1a3ac4122a", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.37.1" - hashes = [ - "h1:+37jC6JlkPyPvDHudK3qaj7ZVJ0Zy9zc9+oq8h1WayA=", - "zh:0ed097413c7fc804479e325966886b405dc0b75ad2b4f54ce4df1d8e4802b397", - "zh:17dcf4a685a00d2d048671124e8a1a8e836b58ecd2ef628a1c666fe0ced2e598", - "zh:36891284e5bced57c438f12d0b27856b0d4b70b562bd200b01919a6a89545be9", - "zh:3e49d86b508e641ba122d1b0af24cdc4d8ffa2ec1b30022436fb1d7c6ba696ea", - "zh:40be623e116708bdcb0fac32989db43720f031c5fe9a4dc63395078185d24403", - "zh:44fc0ac3bc39e289b67f9dde7ee9fef29eb8192197e5e68fee69098573021722", - "zh:957aa451573bcde5d57f6f8338ea3139010c7f61fefe8f6a140a8c267f056511", - "zh:c55fd85b7e8acaac17e30670ac3574b88b3530820dd004bcd2a5daa8624a46e9", - "zh:c743f06843a1f5ecde2b8ef639f4d3db654a334ef248dee57261c719ea843f3a", - "zh:c93cc71c64b838d89522ac5fb60f68e0e1e7f2fc39db6b0ead7afd78795e79ed", - "zh:eda1163c2266905adc54bc78cc3e7b606a164fbc6b59be607db933b302015ccd", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/kubernetes/helm/aws-alb-controller/README.md b/modules/kubernetes/helm/aws-alb-controller/README.md deleted file mode 100644 index bb48138..0000000 --- a/modules/kubernetes/helm/aws-alb-controller/README.md +++ /dev/null @@ -1,38 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | -| [helm](#provider\_helm) | 2.17.0 | -| [kubernetes](#provider\_kubernetes) | 2.35.1 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [lb\_role](#module\_lb\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a | - -## Resources - -| Name | Type | -|------|------| -| [helm_release.lb](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_service_account.service-account](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | EKS Cluster Name | `string` | n/a | yes | -| [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | OIDC Provider ARN used for IRSA | `string` | n/a | yes | -| [suffix](#input\_suffix) | A suffix for the bucket name | `string` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | VPC ID which Load balancers will be deployed in | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/aws-alb-controller/backend.tf b/modules/kubernetes/helm/aws-alb-controller/backend.tf deleted file mode 100644 index 6498a39..0000000 --- a/modules/kubernetes/helm/aws-alb-controller/backend.tf +++ /dev/null @@ -1,13 +0,0 @@ -terraform { - required_providers { - helm = { - source = "hashicorp/helm" - } - aws = { - source = "hashicorp/aws" - } - kubernetes = { - source = "hashicorp/kubernetes" - } - } -} diff --git a/modules/kubernetes/helm/aws-alb-controller/main.tf b/modules/kubernetes/helm/aws-alb-controller/main.tf deleted file mode 100644 index c7eda06..0000000 --- a/modules/kubernetes/helm/aws-alb-controller/main.tf +++ /dev/null @@ -1,66 +0,0 @@ -data "aws_region" "current" { -} - -module "lb_role" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.60" - role_name = "${var.cluster_name}_eks_lb_${var.suffix}" - attach_load_balancer_controller_policy = true - oidc_providers = { - main = { - provider_arn = var.oidc_provider_arn - namespace_service_accounts = ["kube-system:aws-load-balancer-controller"] - } - } - role_permissions_boundary_arn = var.iam_role_permissions_boundary -} - -resource "kubernetes_service_account" "service-account" { - metadata { - name = "aws-load-balancer-controller" - namespace = "kube-system" - labels = { - "app.kubernetes.io/name" = "aws-load-balancer-controller" - "app.kubernetes.io/component" = "controller" - } - annotations = { - "eks.amazonaws.com/role-arn" = module.lb_role.iam_role_arn - "eks.amazonaws.com/sts-regional-endpoints" = "true" - } - } -} - -resource "helm_release" "lb" { - name = "aws-load-balancer-controller" - repository = "https://aws.github.io/eks-charts" - chart = "aws-load-balancer-controller" - namespace = "kube-system" - depends_on = [ - kubernetes_service_account.service-account - ] - set { - name = "region" - value = data.aws_region.current.name - } - set { - name = "vpcId" - value = var.vpc_id - } - set { - name = "image.repository" - value = "602401143452.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/amazon/aws-load-balancer-controller" - } - set { - name = "serviceAccount.create" - value = "false" - } - set { - name = "serviceAccount.name" - value = "aws-load-balancer-controller" - } - set { - name = "clusterName" - value = var.cluster_name - } -} - diff --git a/modules/kubernetes/helm/aws-alb-controller/variables.tf b/modules/kubernetes/helm/aws-alb-controller/variables.tf deleted file mode 100644 index 35459ba..0000000 --- a/modules/kubernetes/helm/aws-alb-controller/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable "cluster_name" { - description = "EKS Cluster Name" - type = string -} - -variable "vpc_id" { - description = "VPC ID which Load balancers will be deployed in" - type = string -} - -variable "oidc_provider_arn" { - description = "OIDC Provider ARN used for IRSA" - type = string -} - -variable "suffix" { - type = string - description = "A suffix for the bucket name" -} - -variable "iam_role_permissions_boundary" { - description = "ARN of the policy that is used to set the permissions boundary for the IAM role" - type = string - default = null -} \ No newline at end of file diff --git a/modules/kubernetes/helm/cert-manager/README.md b/modules/kubernetes/helm/cert-manager/README.md deleted file mode 100644 index d3e35a0..0000000 --- a/modules/kubernetes/helm/cert-manager/README.md +++ /dev/null @@ -1,31 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.cert-manager-config](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain\_name](#input\_domain\_name) | The hosted zone domain name. | `string` | n/a | yes | -| [values\_yaml](#input\_values\_yaml) | values.yaml for Nullplatform helm chart | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/cert-manager/backend.tf b/modules/kubernetes/helm/cert-manager/backend.tf deleted file mode 100644 index 665c434..0000000 --- a/modules/kubernetes/helm/cert-manager/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - helm = { - source = "hashicorp/helm" - } - } -} diff --git a/modules/kubernetes/helm/cert-manager/gcp/README.md b/modules/kubernetes/helm/cert-manager/gcp/README.md deleted file mode 100644 index efcecd9..0000000 --- a/modules/kubernetes/helm/cert-manager/gcp/README.md +++ /dev/null @@ -1,29 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [cert-manager](#module\_cert-manager) | ./.. | n/a | - -## Resources - -No resources. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain\_name](#input\_domain\_name) | The hosted zone domain name. | `string` | n/a | yes | -| [project\_id](#input\_project\_id) | The gcp project id | `string` | n/a | yes | -| [service\_account\_key](#input\_service\_account\_key) | Base 64 service account key | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/cert-manager/gcp/main.tf b/modules/kubernetes/helm/cert-manager/gcp/main.tf deleted file mode 100644 index 61cf740..0000000 --- a/modules/kubernetes/helm/cert-manager/gcp/main.tf +++ /dev/null @@ -1,9 +0,0 @@ -module "cert-manager" { - source = "./.." - domain_name = var.domain_name - values_yaml = templatefile("${path.module}/template/values.yaml", { - domain_name = var.domain_name, - project_id = var.project_id, - service_account_key = var.service_account_key - }) -} diff --git a/modules/kubernetes/helm/cert-manager/gcp/template/README.md b/modules/kubernetes/helm/cert-manager/gcp/template/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/kubernetes/helm/cert-manager/gcp/template/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/cert-manager/gcp/template/values.yaml b/modules/kubernetes/helm/cert-manager/gcp/template/values.yaml deleted file mode 100644 index bc77f5c..0000000 --- a/modules/kubernetes/helm/cert-manager/gcp/template/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -hostedZoneName: "${domain_name}" -gcp: - enabled: true - projectId: ${project_id} - serviceAccountKey: | - ${indent(4, service_account_key)} -azure: - enabled: false diff --git a/modules/kubernetes/helm/cert-manager/gcp/variables.tf b/modules/kubernetes/helm/cert-manager/gcp/variables.tf deleted file mode 100644 index 5204ac7..0000000 --- a/modules/kubernetes/helm/cert-manager/gcp/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "project_id" { - description = "The gcp project id" - type = string -} - -variable "service_account_key" { - description = "Base 64 service account key" - type = string -} - -variable "domain_name" { - description = "The hosted zone domain name." - type = string -} diff --git a/modules/kubernetes/helm/cert-manager/main.tf b/modules/kubernetes/helm/cert-manager/main.tf deleted file mode 100644 index 1b9b09d..0000000 --- a/modules/kubernetes/helm/cert-manager/main.tf +++ /dev/null @@ -1,32 +0,0 @@ -locals { - name = "cert-manager" - namespace = "cert-manager" -} - -resource "helm_release" "cert-manager" { - name = local.name - - repository = "https://charts.jetstack.io" - chart = local.name - create_namespace = true - namespace = local.namespace - - set { - name = "crds.enabled" - value = "true" - } -} - -# This might fail if we do not install nullplatform base chart, if so, reexecuting terraform after manual step might solve the issue -resource "helm_release" "cert-manager-config" { - name = "${local.name}-config" - - repository = "https://nullplatform.github.io/helm-charts" - chart = "nullplatform-${local.name}-config" - create_namespace = true - namespace = local.namespace - - values = [ - var.values_yaml - ] -} diff --git a/modules/kubernetes/helm/cert-manager/variables.tf b/modules/kubernetes/helm/cert-manager/variables.tf deleted file mode 100644 index 0514177..0000000 --- a/modules/kubernetes/helm/cert-manager/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "values_yaml" { - type = string - description = "values.yaml for Nullplatform helm chart" -} - -variable "domain_name" { - description = "The hosted zone domain name." - type = string -} diff --git a/modules/kubernetes/helm/istio/README.md b/modules/kubernetes/helm/istio/README.md deleted file mode 100644 index ec130c8..0000000 --- a/modules/kubernetes/helm/istio/README.md +++ /dev/null @@ -1,29 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [helm_release.istio_base](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istio_ingressgateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [helm_release.istiod](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/istio/backend.tf b/modules/kubernetes/helm/istio/backend.tf deleted file mode 100644 index 665c434..0000000 --- a/modules/kubernetes/helm/istio/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - helm = { - source = "hashicorp/helm" - } - } -} diff --git a/modules/kubernetes/helm/istio/main.tf b/modules/kubernetes/helm/istio/main.tf deleted file mode 100644 index 9d51358..0000000 --- a/modules/kubernetes/helm/istio/main.tf +++ /dev/null @@ -1,33 +0,0 @@ -locals { - repository = "https://istio-release.storage.googleapis.com/charts" - namespace = "istio-system" -} -resource "helm_release" "istio_base" { - name = "istio-base" - repository = local.repository - chart = "base" - namespace = local.namespace - create_namespace = true -} - -resource "helm_release" "istiod" { - name = "istiod" - depends_on = [helm_release.istio_base] - repository = local.repository - chart = "istiod" - namespace = local.namespace -} - -# Setup Istio Gateway using Helm -resource "helm_release" "istio_ingressgateway" { - name = "istio-ingressgateway" - depends_on = [helm_release.istiod] - repository = local.repository - chart = "gateway" - namespace = local.namespace - - set { - name = "platform" - value = "demo" - } -} diff --git a/modules/kubernetes/helm/nullplatform/agent/.terraform.lock.hcl b/modules/kubernetes/helm/nullplatform/agent/.terraform.lock.hcl deleted file mode 100644 index 2002b58..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/.terraform.lock.hcl +++ /dev/null @@ -1,71 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.99.1" - hashes = [ - "h1:0jNckFqimGrHhRB88880ovIpmoE20xhjRb94GBdgjwo=", - "zh:13a07422f776dd97214dfa89d6a88340b99613cbb869013c756c1a68fd8cdd9d", - "zh:1841d422278afa25d42a8d3ea9197ad08cf092769bd2aa89056d25d4c2629df8", - "zh:269016c7ba09d76e42fbcf15de28f2de0595ff9a7304a0500011a4493d7a1551", - "zh:2b842c3d0f30e048c05a37752b9c07d316656f3caf79841d08a4f1b057555eb2", - "zh:6559eedc095f70a51460dc702613a9033734ba536c1de1ed86a735a3c8131e40", - "zh:6d43b2676630344db3a7d6ba8330d20993492168f124e19e040a0aa914ec832e", - "zh:7f5d5cb0c1a492080b668f456de50f5b91fc67018c05f12483added3faf703f6", - "zh:c3bb8094bf26565150229f1ca6014d41d1283b8a2b06a15b45cd5a6b4ce82e28", - "zh:e45bc994d0c6e1c0a0b70e8378f2f933e924f05c91061ed2a97ceaf282e08a25", - "zh:ee725d6fbc1dbaa5017e9eab6fa0aa7e107a4ed73a4a8e2acab6b5d3d54cd0e4", - ] -} - -provider "registry.opentofu.org/hashicorp/helm" { - version = "2.17.0" - hashes = [ - "h1:ShIag7wqd5Rs+zYpVMpjAh+T0ozr4XGYfSTKWqceQBY=", - "zh:02690815e35131a42cb9851f63a3369c216af30ad093d05b39001d43da04b56b", - "zh:27a62f12b29926387f4d71aeeee9f7ffa0ccb81a1b6066ee895716ad050d1b7a", - "zh:2d0a5babfa73604b3fefc9dab9c87f91c77fce756c2e32b294e9f1290aed26c0", - "zh:3976400ceba6dda4636e1d297e3097e1831de5628afa534a166de98a70d1dcbe", - "zh:54440ef14f342b41d75c1aded7487bfcc3f76322b75894235b47b7e89ac4bfa4", - "zh:6512e2ab9f2fa31cbb90d9249647b5c5798f62eb1215ec44da2cdaa24e38ad25", - "zh:795f327ca0b8c5368af0ed03d5d4f6da7260692b4b3ca0bd004ed542e683464d", - "zh:ba659e1d94f224bc3f1fd34cbb9d2663e3a8e734108e5a58eb49eda84b140978", - "zh:c5c8575c4458835c2acbc3d1ed5570589b14baa2525d8fbd04295c097caf41eb", - "zh:e0877a5dac3de138e61eefa26b2f5a13305a17259779465899880f70e11314e0", - ] -} - -provider "registry.opentofu.org/hashicorp/kubernetes" { - version = "2.37.1" - constraints = "~> 2.23" - hashes = [ - "h1:UWJPvQZxW9Q6mxtUvIdnapPE8s8o4a2HUo53OInq9p4=", - "zh:22031e9995b3dc7ae497305dc6c5b7bf1a585c378d46446e724601f992cd9e11", - "zh:3614bc188ae5040d892671009c66f56cfcb3859e11f42ed7ffc1cee384b1275b", - "zh:5d925944ac961bbe5fb4917a3e7e6d9bc0bef2f3198f26e8d4cd1793d5eadde3", - "zh:67a86d1576eb67a58cc68f47bffd370b2f834fd909980acdab38a9b9b2c1c809", - "zh:90c34fe321f937b34392bdc6ee1f9fa42db1c5ff93341c58a96a8a0c1f18327f", - "zh:943b0fb6db1ce3b64e177f74ae7931f485ef47713df861f0e98d6838e75087ff", - "zh:9c6f0164bf64b0d7baac29bc74aa0879956cec6dc28a7f52b2582c9deffb8c21", - "zh:b1d555c2977a2d7c689f88b9f4b8db24c104692b9233191719d1b10ca724f159", - "zh:c4d2ce2148a55d7d7dc5986f02119cc71ccb86ec1e96773f4c9430fd2944fda4", - ] -} - -provider "registry.opentofu.org/hashicorp/null" { - version = "3.2.4" - constraints = "~> 3.2" - hashes = [ - "h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=", - "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", - "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", - "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", - "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", - "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", - "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", - "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", - "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", - "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", - "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", - ] -} diff --git a/modules/kubernetes/helm/nullplatform/agent/README.md b/modules/kubernetes/helm/nullplatform/agent/README.md deleted file mode 100644 index 6984078..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/README.md +++ /dev/null @@ -1,55 +0,0 @@ -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | ~> 5.0 | -| [helm](#requirement\_helm) | ~> 2.11 | -| [kubernetes](#requirement\_kubernetes) | ~> 2.23 | -| [null](#requirement\_null) | ~> 3.2 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.99.1 | -| [helm](#provider\_helm) | 2.17.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [trusting\_oidc](#module\_trusting\_oidc) | ../../../../aws/data/iam/eks/trusting | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_policy.irsa_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.load_balancer_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_policy.route53_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.agent_irsa](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.agent_load_balancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.agent_route53](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [helm_release.agent](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cloud\_name](#input\_cloud\_name) | The provider cloud where the agent is deployed | `string` | n/a | yes | -| [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | n/a | yes | -| [github\_repo](#input\_github\_repo) | GitHub repository | `string` | n/a | yes | -| [github\_token](#input\_github\_token) | GitHub token | `string` | n/a | yes | -| [github\_user](#input\_github\_user) | GitHub user | `string` | n/a | yes | -| [namespace](#input\_namespace) | Kubernetes namespace for the agent | `string` | `"nullplatform-tools"` | no | -| [np\_api\_key](#input\_np\_api\_key) | Nullplatform api key for the agent to communicate | `string` | n/a | yes | -| [service\_account\_name](#input\_service\_account\_name) | Name of the service account | `string` | `"nullplatform-agent"` | no | -| [tags](#input\_tags) | Agent tag, the identity of the agent | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/nullplatform/agent/data.tf b/modules/kubernetes/helm/nullplatform/agent/data.tf deleted file mode 100644 index e81057a..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/data.tf +++ /dev/null @@ -1,13 +0,0 @@ -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -data "aws_caller_identity" "current" {} - -module "trusting_oidc" { - source = "../../../../aws/data/iam/eks/trusting" - - cluster_name = var.cluster_name - namespace = var.namespace - service_account_name = var.service_account_name -} \ No newline at end of file diff --git a/modules/kubernetes/helm/nullplatform/agent/iam.tf b/modules/kubernetes/helm/nullplatform/agent/iam.tf deleted file mode 100644 index 9831b89..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/iam.tf +++ /dev/null @@ -1,111 +0,0 @@ -resource "aws_iam_role" "role" { - name = "nullplatform-agent-role-${var.cluster_name}" - - assume_role_policy = jsonencode(module.trusting_oidc.trusting) - permissions_boundary = var.iam_role_permissions_boundary - -} - -# Route 53 Policy -resource "aws_iam_policy" "route53_policy" { - name = "${var.cluster_name}-agent-route53-policy" - description = "Policy for Route 53 management" - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "route53:ChangeResourceRecordSets", - "route53:GetChange", - "route53:GetHostedZone", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets" - ] - Resource = "*" - } - ] - }) -} - -# Load Balancer Controller Policy -resource "aws_iam_policy" "load_balancer_policy" { - name = "${var.cluster_name}-agent-load-balancer-policy" - description = "Policy for Load Balancer management" - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeRules" - ] - Resource = "*" - } - ] - }) -} - -resource "aws_iam_policy" "irsa_policy" { - name = "irsa_policy" - description = "IAM policy for managing IAM roles and EKS cluster description" - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "iam:CreateRole", - "iam:PutRolePolicy", - "iam:AttachRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:DetachRolePolicy", - "iam:ListRolePolicies", - "iam:DeleteRolePolicy", - "iam:DeleteRole", - "iam:TagRole", - "iam:PutRolePermissionsBoundary" - ] - Resource = "*" - }, - { - Effect = "Allow" - Action = [ - "sts:GetCallerIdentity" - ] - Resource = "*" - }, - { - Effect = "Allow" - Action = [ - "eks:DescribeCluster" - ] - Resource = "*" - } - ] - }) -} - -# Attach policies to the role -resource "aws_iam_role_policy_attachment" "agent_route53" { - policy_arn = aws_iam_policy.route53_policy.arn - role = aws_iam_role.role.name -} - -resource "aws_iam_role_policy_attachment" "agent_load_balancer" { - policy_arn = aws_iam_policy.load_balancer_policy.arn - role = aws_iam_role.role.name -} - - -resource "aws_iam_role_policy_attachment" "agent_irsa" { - policy_arn = aws_iam_policy.irsa_policy.arn - role = aws_iam_role.role.name -} diff --git a/modules/kubernetes/helm/nullplatform/agent/locals.tf b/modules/kubernetes/helm/nullplatform/agent/locals.tf deleted file mode 100644 index 38a82a8..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - oidc_issuer_url = replace(data.aws_eks_cluster.cluster.identity[0].oidc[0].issuer, "https://", "") -} \ No newline at end of file diff --git a/modules/kubernetes/helm/nullplatform/agent/main.tf b/modules/kubernetes/helm/nullplatform/agent/main.tf deleted file mode 100644 index 5e4b985..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/main.tf +++ /dev/null @@ -1,32 +0,0 @@ -locals { - agent_values = templatefile("${path.module}/templates/values-${var.cloud_name}.tmpl.yaml", { - agent_repos = var.agent_repos - cluster_name = var.cluster_name - namespace = var.namespace - service_account_name = var.service_account_name - tags = var.tags - np_api_key = var.np_api_key - resource_identity = aws_iam_role.role.arn - init_scripts = var.init_scripts - vault_token = var.vault_token - vault_url = var.vault_url - }) -} -# Helm release -resource "helm_release" "agent" { - name = "nullplatform-agent" - chart = "nullplatform-agent" - repository = "https://nullplatform.github.io/helm-charts" - namespace = var.namespace - create_namespace = true - - force_update = true - - values = [local.agent_values] - - depends_on = [ - aws_iam_role.role, - aws_iam_role_policy_attachment.agent_route53, - aws_iam_role_policy_attachment.agent_load_balancer - ] -} \ No newline at end of file diff --git a/modules/kubernetes/helm/nullplatform/agent/providers.tf b/modules/kubernetes/helm/nullplatform/agent/providers.tf deleted file mode 100644 index 1d7b161..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/providers.tf +++ /dev/null @@ -1,51 +0,0 @@ -# Provider configuration -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "~> 2.23" - } - helm = { - source = "hashicorp/helm" - version = "~> 2.11" - } - null = { - source = "hashicorp/null" - version = "~> 3.2" - } - } -} - -# Configure providers -# provider "aws" { -# } -# -# provider "kubernetes" { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) -# -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } -# -# provider "helm" { -# kubernetes { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) -# -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } -# } diff --git a/modules/kubernetes/helm/nullplatform/agent/templates/values-aws.tmpl.yaml b/modules/kubernetes/helm/nullplatform/agent/templates/values-aws.tmpl.yaml deleted file mode 100644 index 705d116..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/templates/values-aws.tmpl.yaml +++ /dev/null @@ -1,27 +0,0 @@ -serviceAccount: - annotations: - eks.amazonaws.com/role-arn: "${resource_identity}" -args: - - "--tags=$(TAGS)" - - "--apikey=$(NP_API_KEY)" - - "--runtime=host" - - "--command-executor-env=NP_API_KEY=$(NP_API_KEY),VAULT_ADDR=$(VAULT_URL),VAULT_TOKEN=$(VAULT_TOKEN)" - - "--command-executor-debug" - - "--webserver-enabled" - - "--command-executor-git-command-repos $(AGENT_REPOS)" -configuration: - values: - NP_API_KEY: "${np_api_key}" - TAGS: "${tags}" - AGENT_REPOS: "${agent_repos}" - CLUSTER_NAME: "${cluster_name}" - NAMESPACE: "${namespace}" - VAULT_TOKEN: "${vault_token}" - VAULT_URL: "${vault_url}" -initScripts: - - apk add --no-cache aws-cli -%{ for script in init_scripts ~} - - ${script} -%{ endfor ~} -image: - tag: aws \ No newline at end of file diff --git a/modules/kubernetes/helm/nullplatform/agent/variables.tf b/modules/kubernetes/helm/nullplatform/agent/variables.tf deleted file mode 100644 index 7d99dd6..0000000 --- a/modules/kubernetes/helm/nullplatform/agent/variables.tf +++ /dev/null @@ -1,63 +0,0 @@ -variable "cluster_name" { - description = "Name of the EKS cluster" - type = string -} - -variable "namespace" { - description = "Kubernetes namespace for the agent" - type = string - default = "nullplatform-tools" -} - -variable "service_account_name" { - description = "Name of the service account" - type = string - default = "nullplatform-agent" -} - -variable "tags" { - description = "Agent tag, the identity of the agent" - type = string -} - -variable "agent_repos" { - description = "GitHub repository to download" - type = string -} - -variable "np_api_key" { - description = "Nullplatform api key for the agent to communicate" - type = string - sensitive = true -} - -variable "cloud_name" { - description = "The provider cloud where the agent is deployed" - type = string - validation { - condition = contains(["aws", "gcp", "azure"], var.cloud_name) - error_message = "The provider cloud must be one of: aws, gcp, or azure." - } -} - -variable "init_scripts" { - description = "List of shell commands to be executed before the container starts." - type = list(string) - default = [] -} - -variable "iam_role_permissions_boundary" { - description = "ARN of the policy that is used to set the permissions boundary for the IAM role" - type = string - default = null -} - -variable "vault_token" { - type = string - description = "Authentication token for Vault server access" -} - -variable "vault_url" { - type = string - description = "URL endpoint for the Vault server" -} \ No newline at end of file diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/README.md b/modules/kubernetes/helm/nullplatform/logs-controller/README.md deleted file mode 100644 index 027cd1e..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/README.md +++ /dev/null @@ -1,29 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [helm_release.config_helm](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [values\_yaml](#input\_values\_yaml) | values.yaml for Nullplatform helm chart | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/README.md b/modules/kubernetes/helm/nullplatform/logs-controller/aws/README.md deleted file mode 100644 index 8560ac5..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/README.md +++ /dev/null @@ -1,32 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [nullplatform](#module\_nullplatform) | ./.. | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cloudwatch\_enabled](#input\_cloudwatch\_enabled) | Enable Cloudwatch logging | `bool` | `true` | no | -| [tls\_secret\_name](#input\_tls\_secret\_name) | Secret name for TLS | `string` | `"www-tls"` | no | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/backend.tf b/modules/kubernetes/helm/nullplatform/logs-controller/aws/backend.tf deleted file mode 100644 index 23cb0af..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/backend.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - helm = { - source = "hashicorp/helm" - } - } -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/data.tf b/modules/kubernetes/helm/nullplatform/logs-controller/aws/data.tf deleted file mode 100644 index f446d01..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/data.tf +++ /dev/null @@ -1,3 +0,0 @@ -data "aws_region" "current" { - provider = aws -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/main.tf b/modules/kubernetes/helm/nullplatform/logs-controller/aws/main.tf deleted file mode 100644 index 93a0a2e..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/main.tf +++ /dev/null @@ -1,10 +0,0 @@ -module "nullplatform" { - source = "./.." - - values_yaml = templatefile("${path.module}/template/values.yaml", { - region = data.aws_region.current.name, - tls_secret_name = var.tls_secret_name - cloudwatch_enabled = var.cloudwatch_enabled - }) -} - diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/template/values.yaml b/modules/kubernetes/helm/nullplatform/logs-controller/aws/template/values.yaml deleted file mode 100644 index 87abf53..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/template/values.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - provider: eks - awsRegion: ${region} -tls: - secretName: ${tls_secret_name} -cloudwatch: - enabled: ${cloudwatch_enabled} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/aws/variables.tf b/modules/kubernetes/helm/nullplatform/logs-controller/aws/variables.tf deleted file mode 100644 index 72778b0..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/aws/variables.tf +++ /dev/null @@ -1,11 +0,0 @@ -variable "cloudwatch_enabled" { - type = bool - description = "Enable Cloudwatch logging" - default = true -} - -variable "tls_secret_name" { - type = string - description = "Secret name for TLS" - default = "www-tls" -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/backend.tf b/modules/kubernetes/helm/nullplatform/logs-controller/backend.tf deleted file mode 100644 index 665c434..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - helm = { - source = "hashicorp/helm" - } - } -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/README.md b/modules/kubernetes/helm/nullplatform/logs-controller/gcp/README.md deleted file mode 100644 index cfd55aa..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/README.md +++ /dev/null @@ -1,28 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [nullplatform](#module\_nullplatform) | ./.. | n/a | - -## Resources - -No resources. - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [registry](#input\_registry) | GCP Registry to pull images from | `string` | n/a | yes | -| [service\_account\_key\_base64](#input\_service\_account\_key\_base64) | Base 64 service account key | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/backend.tf b/modules/kubernetes/helm/nullplatform/logs-controller/gcp/backend.tf deleted file mode 100644 index 665c434..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - helm = { - source = "hashicorp/helm" - } - } -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/main.tf b/modules/kubernetes/helm/nullplatform/logs-controller/gcp/main.tf deleted file mode 100644 index 7889d70..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/main.tf +++ /dev/null @@ -1,8 +0,0 @@ -module "nullplatform" { - source = "../.." - - values_yaml = templatefile("${path.module}/template/values.yaml", { - registry = var.registry, - password = var.service_account_key_base64 - }) -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/template/values.yaml b/modules/kubernetes/helm/nullplatform/logs-controller/gcp/template/values.yaml deleted file mode 100644 index e96bcd6..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/template/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -global: - provider: gke -imagePullSecrets: - enabled: true - registry: ${registry} - username: _json_key_base64 - password: ${password} -logging: - enabled: false -metricsServer: - enabled: false diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/variables.tf b/modules/kubernetes/helm/nullplatform/logs-controller/gcp/variables.tf deleted file mode 100644 index b470fef..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/gcp/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "service_account_key_base64" { - description = "Base 64 service account key" - type = string -} - -variable "registry" { - type = string - description = "GCP Registry to pull images from" -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/main.tf b/modules/kubernetes/helm/nullplatform/logs-controller/main.tf deleted file mode 100644 index 1cb9866..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/main.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "helm_release" "config_helm" { - name = "nullplatform-base" - provider = helm - repository = "https://nullplatform.github.io/helm-charts" - chart = "nullplatform-base" - namespace = "default" - disable_openapi_validation = true - - values = [ - var.values_yaml - ] -} diff --git a/modules/kubernetes/helm/nullplatform/logs-controller/variables.tf b/modules/kubernetes/helm/nullplatform/logs-controller/variables.tf deleted file mode 100644 index dd54a0f..0000000 --- a/modules/kubernetes/helm/nullplatform/logs-controller/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "values_yaml" { - type = string - description = "values.yaml for Nullplatform helm chart" -} diff --git a/modules/kubernetes/helm/prometheus/.terraform.lock.hcl b/modules/kubernetes/helm/prometheus/.terraform.lock.hcl deleted file mode 100644 index c6ef489..0000000 --- a/modules/kubernetes/helm/prometheus/.terraform.lock.hcl +++ /dev/null @@ -1,71 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.99.1" - constraints = "~> 5.0" - hashes = [ - "h1:0jNckFqimGrHhRB88880ovIpmoE20xhjRb94GBdgjwo=", - "zh:13a07422f776dd97214dfa89d6a88340b99613cbb869013c756c1a68fd8cdd9d", - "zh:1841d422278afa25d42a8d3ea9197ad08cf092769bd2aa89056d25d4c2629df8", - "zh:269016c7ba09d76e42fbcf15de28f2de0595ff9a7304a0500011a4493d7a1551", - "zh:2b842c3d0f30e048c05a37752b9c07d316656f3caf79841d08a4f1b057555eb2", - "zh:6559eedc095f70a51460dc702613a9033734ba536c1de1ed86a735a3c8131e40", - "zh:6d43b2676630344db3a7d6ba8330d20993492168f124e19e040a0aa914ec832e", - "zh:7f5d5cb0c1a492080b668f456de50f5b91fc67018c05f12483added3faf703f6", - "zh:c3bb8094bf26565150229f1ca6014d41d1283b8a2b06a15b45cd5a6b4ce82e28", - "zh:e45bc994d0c6e1c0a0b70e8378f2f933e924f05c91061ed2a97ceaf282e08a25", - "zh:ee725d6fbc1dbaa5017e9eab6fa0aa7e107a4ed73a4a8e2acab6b5d3d54cd0e4", - ] -} - -provider "registry.opentofu.org/hashicorp/helm" { - version = "2.17.0" - hashes = [ - "h1:ShIag7wqd5Rs+zYpVMpjAh+T0ozr4XGYfSTKWqceQBY=", - "zh:02690815e35131a42cb9851f63a3369c216af30ad093d05b39001d43da04b56b", - "zh:27a62f12b29926387f4d71aeeee9f7ffa0ccb81a1b6066ee895716ad050d1b7a", - "zh:2d0a5babfa73604b3fefc9dab9c87f91c77fce756c2e32b294e9f1290aed26c0", - "zh:3976400ceba6dda4636e1d297e3097e1831de5628afa534a166de98a70d1dcbe", - "zh:54440ef14f342b41d75c1aded7487bfcc3f76322b75894235b47b7e89ac4bfa4", - "zh:6512e2ab9f2fa31cbb90d9249647b5c5798f62eb1215ec44da2cdaa24e38ad25", - "zh:795f327ca0b8c5368af0ed03d5d4f6da7260692b4b3ca0bd004ed542e683464d", - "zh:ba659e1d94f224bc3f1fd34cbb9d2663e3a8e734108e5a58eb49eda84b140978", - "zh:c5c8575c4458835c2acbc3d1ed5570589b14baa2525d8fbd04295c097caf41eb", - "zh:e0877a5dac3de138e61eefa26b2f5a13305a17259779465899880f70e11314e0", - ] -} - -provider "registry.opentofu.org/hashicorp/kubernetes" { - version = "2.37.1" - constraints = "~> 2.23" - hashes = [ - "h1:UWJPvQZxW9Q6mxtUvIdnapPE8s8o4a2HUo53OInq9p4=", - "zh:22031e9995b3dc7ae497305dc6c5b7bf1a585c378d46446e724601f992cd9e11", - "zh:3614bc188ae5040d892671009c66f56cfcb3859e11f42ed7ffc1cee384b1275b", - "zh:5d925944ac961bbe5fb4917a3e7e6d9bc0bef2f3198f26e8d4cd1793d5eadde3", - "zh:67a86d1576eb67a58cc68f47bffd370b2f834fd909980acdab38a9b9b2c1c809", - "zh:90c34fe321f937b34392bdc6ee1f9fa42db1c5ff93341c58a96a8a0c1f18327f", - "zh:943b0fb6db1ce3b64e177f74ae7931f485ef47713df861f0e98d6838e75087ff", - "zh:9c6f0164bf64b0d7baac29bc74aa0879956cec6dc28a7f52b2582c9deffb8c21", - "zh:b1d555c2977a2d7c689f88b9f4b8db24c104692b9233191719d1b10ca724f159", - "zh:c4d2ce2148a55d7d7dc5986f02119cc71ccb86ec1e96773f4c9430fd2944fda4", - ] -} - -provider "registry.opentofu.org/hashicorp/null" { - version = "3.2.4" - hashes = [ - "h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=", - "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", - "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", - "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", - "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", - "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", - "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", - "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", - "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", - "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", - "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", - ] -} diff --git a/modules/kubernetes/helm/prometheus/README.md b/modules/kubernetes/helm/prometheus/README.md deleted file mode 100644 index 61f0f23..0000000 --- a/modules/kubernetes/helm/prometheus/README.md +++ /dev/null @@ -1,37 +0,0 @@ -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | ~> 5.0 | -| [helm](#requirement\_helm) | ~> 2.11 | -| [kubernetes](#requirement\_kubernetes) | ~> 2.23 | -| [null](#requirement\_null) | ~> 3.2 | - -## Providers - -| Name | Version | -|------|---------| -| [helm](#provider\_helm) | 2.17.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [helm_release.prometheus](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allowed\_cidrs](#input\_allowed\_cidrs) | List of CIDR blocks allowed to access the Prometheus load balancer | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [load\_balancer\_scheme](#input\_load\_balancer\_scheme) | Load balancer scheme - 'internet-facing' for public access or 'internal' for private access | `string` | `"internal"` | no | -| [namespace](#input\_namespace) | The namespace to deploy Prometheus into | `string` | `"prometheus"` | no | - -## Outputs - -No outputs. diff --git a/modules/kubernetes/helm/prometheus/main.tf b/modules/kubernetes/helm/prometheus/main.tf deleted file mode 100644 index 6a45df3..0000000 --- a/modules/kubernetes/helm/prometheus/main.tf +++ /dev/null @@ -1,16 +0,0 @@ -resource "helm_release" "prometheus" { - name = "prometheus" - repository = "https://prometheus-community.github.io/helm-charts" - chart = "prometheus" - namespace = var.namespace - create_namespace = true - - values = [ - templatefile("${path.module}/values.yaml.tmpl", { - namespace = var.namespace - load_balancer_scheme = var.load_balancer_scheme - allowed_cidrs = join(",", var.allowed_cidrs) - storageClassName = var.storageClassName - }) - ] -} diff --git a/modules/kubernetes/helm/prometheus/providers.tf b/modules/kubernetes/helm/prometheus/providers.tf deleted file mode 100644 index c1fb50d..0000000 --- a/modules/kubernetes/helm/prometheus/providers.tf +++ /dev/null @@ -1,49 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "~> 2.23" - } - helm = { - source = "hashicorp/helm" - version = "~> 2.11" - } - null = { - source = "hashicorp/null" - version = "~> 3.2" - } - } -} - -# provider "aws" { -# } - -# provider "kubernetes" { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } - -# provider "helm" { -# kubernetes { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } -# } diff --git a/modules/kubernetes/helm/prometheus/values.yaml.tmpl b/modules/kubernetes/helm/prometheus/values.yaml.tmpl deleted file mode 100644 index 826d167..0000000 --- a/modules/kubernetes/helm/prometheus/values.yaml.tmpl +++ /dev/null @@ -1,125 +0,0 @@ -server: - persistentVolume: - enabled: true - size: 20Gi - storageClass: ${storageClassName} - accessModes: - - ReadWriteOnce - emptyDir: {} - service: - type: LoadBalancer - port: 80 - targetPort: 9090 - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: nlb - service.beta.kubernetes.io/aws-load-balancer-scheme: ${load_balancer_scheme} - service.beta.kubernetes.io/aws-load-balancer-internal: "${load_balancer_scheme == "internal"}" - service.beta.kubernetes.io/aws-load-balancer-source-ranges: ${allowed_cidrs} - service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - extraFlags: - - web.enable-lifecycle - - -alertmanager: - enabled: false - -nodeExporter: - enabled: true - -pushgateway: - enabled: true - -configmapReload: - prometheus: - enabled: true - -serverFiles: - alerts: {} - rules: {} - prometheus.yml: - # global: - # evaluation_interval: 1m - # scrape_interval: 1m - # scrape_timeout: 10s - - rule_files: - - /etc/config/recording_rules.yml - - /etc/config/alerting_rules.yml - - /etc/config/rules - - /etc/config/alerts - - scrape_configs: - - job_name: prometheus - static_configs: - - targets: - - localhost:9090 - - - job_name: null-platform-metrics - kubernetes_sd_configs: - - role: node - metrics_path: /metrics - relabel_configs: - - regex: (.*):10250 - replacement: $1:2021 - source_labels: - - __address__ - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - source_labels: - - __meta_kubernetes_node_name - target_label: node - scheme: http - - - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - job_name: kubernetes-apiservers - kubernetes_sd_configs: - - role: endpoints - relabel_configs: - - action: keep - regex: default;kubernetes;https - source_labels: - - __meta_kubernetes_namespace - - __meta_kubernetes_service_name - - __meta_kubernetes_endpoint_port_name - scheme: https - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - - - job_name: kubernetes-nodes - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics - - - job_name: kubernetes-pods - kubernetes_sd_configs: - - role: pod - relabel_configs: - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] - action: keep - regex: true - - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] - action: replace - target_label: __metrics_path__ - regex: (.+) - - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] - action: replace - regex: ([^:]+)(?::\d+)?;(\d+) - replacement: $1:$2 - target_label: __address__ - - action: labelmap - regex: __meta_kubernetes_pod_label_(.+) - - source_labels: [__meta_kubernetes_namespace] - action: replace - target_label: kubernetes_namespace - - source_labels: [__meta_kubernetes_pod_name] - action: replace - target_label: kubernetes_pod_name diff --git a/modules/kubernetes/helm/prometheus/variables.tf b/modules/kubernetes/helm/prometheus/variables.tf deleted file mode 100644 index 65dd62a..0000000 --- a/modules/kubernetes/helm/prometheus/variables.tf +++ /dev/null @@ -1,27 +0,0 @@ -variable "namespace" { - description = "The namespace to deploy Prometheus into" - type = string - default = "prometheus" -} - -variable "allowed_cidrs" { - description = "List of CIDR blocks allowed to access the Prometheus load balancer" - type = list(string) - default = ["0.0.0.0/0"] # Default to allow all, but should be restricted in production -} - -variable "load_balancer_scheme" { - description = "Load balancer scheme - 'internet-facing' for public access or 'internal' for private access" - type = string - default = "internal" - validation { - condition = contains(["internet-facing", "internal"], var.load_balancer_scheme) - error_message = "Load balancer scheme must be either 'internet-facing' or 'internal'." - } -} - -variable "storageClassName" { - description = "The storageClass name to use" - type = string - default = "gp2" -} diff --git a/modules/kubernetes/helm/vault/.terraform.lock.hcl b/modules/kubernetes/helm/vault/.terraform.lock.hcl deleted file mode 100644 index 0e54886..0000000 --- a/modules/kubernetes/helm/vault/.terraform.lock.hcl +++ /dev/null @@ -1,90 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/aws" { - version = "5.99.1" - constraints = "~> 5.0" - hashes = [ - "h1:0jNckFqimGrHhRB88880ovIpmoE20xhjRb94GBdgjwo=", - "zh:13a07422f776dd97214dfa89d6a88340b99613cbb869013c756c1a68fd8cdd9d", - "zh:1841d422278afa25d42a8d3ea9197ad08cf092769bd2aa89056d25d4c2629df8", - "zh:269016c7ba09d76e42fbcf15de28f2de0595ff9a7304a0500011a4493d7a1551", - "zh:2b842c3d0f30e048c05a37752b9c07d316656f3caf79841d08a4f1b057555eb2", - "zh:6559eedc095f70a51460dc702613a9033734ba536c1de1ed86a735a3c8131e40", - "zh:6d43b2676630344db3a7d6ba8330d20993492168f124e19e040a0aa914ec832e", - "zh:7f5d5cb0c1a492080b668f456de50f5b91fc67018c05f12483added3faf703f6", - "zh:c3bb8094bf26565150229f1ca6014d41d1283b8a2b06a15b45cd5a6b4ce82e28", - "zh:e45bc994d0c6e1c0a0b70e8378f2f933e924f05c91061ed2a97ceaf282e08a25", - "zh:ee725d6fbc1dbaa5017e9eab6fa0aa7e107a4ed73a4a8e2acab6b5d3d54cd0e4", - ] -} - -provider "registry.opentofu.org/hashicorp/helm" { - version = "2.17.0" - constraints = "~> 2.11" - hashes = [ - "h1:ShIag7wqd5Rs+zYpVMpjAh+T0ozr4XGYfSTKWqceQBY=", - "zh:02690815e35131a42cb9851f63a3369c216af30ad093d05b39001d43da04b56b", - "zh:27a62f12b29926387f4d71aeeee9f7ffa0ccb81a1b6066ee895716ad050d1b7a", - "zh:2d0a5babfa73604b3fefc9dab9c87f91c77fce756c2e32b294e9f1290aed26c0", - "zh:3976400ceba6dda4636e1d297e3097e1831de5628afa534a166de98a70d1dcbe", - "zh:54440ef14f342b41d75c1aded7487bfcc3f76322b75894235b47b7e89ac4bfa4", - "zh:6512e2ab9f2fa31cbb90d9249647b5c5798f62eb1215ec44da2cdaa24e38ad25", - "zh:795f327ca0b8c5368af0ed03d5d4f6da7260692b4b3ca0bd004ed542e683464d", - "zh:ba659e1d94f224bc3f1fd34cbb9d2663e3a8e734108e5a58eb49eda84b140978", - "zh:c5c8575c4458835c2acbc3d1ed5570589b14baa2525d8fbd04295c097caf41eb", - "zh:e0877a5dac3de138e61eefa26b2f5a13305a17259779465899880f70e11314e0", - ] -} - -provider "registry.opentofu.org/hashicorp/kubernetes" { - version = "2.37.1" - constraints = "~> 2.23" - hashes = [ - "h1:UWJPvQZxW9Q6mxtUvIdnapPE8s8o4a2HUo53OInq9p4=", - "zh:22031e9995b3dc7ae497305dc6c5b7bf1a585c378d46446e724601f992cd9e11", - "zh:3614bc188ae5040d892671009c66f56cfcb3859e11f42ed7ffc1cee384b1275b", - "zh:5d925944ac961bbe5fb4917a3e7e6d9bc0bef2f3198f26e8d4cd1793d5eadde3", - "zh:67a86d1576eb67a58cc68f47bffd370b2f834fd909980acdab38a9b9b2c1c809", - "zh:90c34fe321f937b34392bdc6ee1f9fa42db1c5ff93341c58a96a8a0c1f18327f", - "zh:943b0fb6db1ce3b64e177f74ae7931f485ef47713df861f0e98d6838e75087ff", - "zh:9c6f0164bf64b0d7baac29bc74aa0879956cec6dc28a7f52b2582c9deffb8c21", - "zh:b1d555c2977a2d7c689f88b9f4b8db24c104692b9233191719d1b10ca724f159", - "zh:c4d2ce2148a55d7d7dc5986f02119cc71ccb86ec1e96773f4c9430fd2944fda4", - ] -} - -provider "registry.opentofu.org/hashicorp/local" { - version = "2.5.3" - hashes = [ - "h1:31Clmfoe7hzkcdgwuhUuGuPGfeG2Ksk+YWcJgzBTN7M=", - "zh:32e1d4b0595cea6cda4ca256195c162772ddff25594ab4008731a2ec7be230bf", - "zh:48c390af0c87df994ec9796f04ec2582bcac581fb81ed6bb58e0671da1c17991", - "zh:4be7289c969218a57b40902e2f359914f8d35a7f97b439140cb711aa21e494bd", - "zh:4cf958e631e99ed6c8b522c9b22e1f1b568c0bdadb01dd002ca7dffb1c927764", - "zh:7a0132c0faca4c4c96aa70808effd6817e28712bf5a39881666ac377b4250acf", - "zh:7d60de08fac427fb045e4590d1b921b6778498eee9eb16f78c64d4c577bde096", - "zh:91003bee5981e99ec3925ce2f452a5f743827f9d0e131a86613549c1464796f0", - "zh:9fe2fe75977c8149e2515fb30c6cc6cfd57b225d4ce592c570d81a3831d7ffa3", - "zh:e210e6be54933ce93e03d0994e520ba289aa01b2c1f70e77afb8f2ee796b0fe3", - "zh:e8793e5f9422f2b31a804e51806595f335b827c9a38db18766960464566f21d5", - ] -} - -provider "registry.opentofu.org/hashicorp/null" { - version = "3.2.4" - constraints = "~> 3.2" - hashes = [ - "h1:i+WKhUHL2REY5EGmiHjfUljJB8UKZ9QdhdM5uTeUhC4=", - "zh:1769783386610bed8bb1e861a119fe25058be41895e3996d9216dd6bb8a7aee3", - "zh:32c62a9387ad0b861b5262b41c5e9ed6e940eda729c2a0e58100e6629af27ddb", - "zh:339bf8c2f9733fce068eb6d5612701144c752425cebeafab36563a16be460fb2", - "zh:36731f23343aee12a7e078067a98644c0126714c4fe9ac930eecb0f2361788c4", - "zh:3d106c7e32a929e2843f732625a582e562ff09120021e510a51a6f5d01175b8d", - "zh:74bcb3567708171ad83b234b92c9d63ab441ef882b770b0210c2b14fdbe3b1b6", - "zh:90b55bdbffa35df9204282251059e62c178b0ac7035958b93a647839643c0072", - "zh:ae24c0e5adc692b8f94cb23a000f91a316070fdc19418578dcf2134ff57cf447", - "zh:b5c10d4ad860c4c21273203d1de6d2f0286845edf1c64319fa2362df526b5f58", - "zh:e05bbd88e82e1d6234988c85db62fd66f11502645838fff594a2ec25352ecd80", - ] -} diff --git a/modules/kubernetes/helm/vault/README.md b/modules/kubernetes/helm/vault/README.md deleted file mode 100644 index af4182e..0000000 --- a/modules/kubernetes/helm/vault/README.md +++ /dev/null @@ -1,66 +0,0 @@ -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | ~> 5.0 | -| [helm](#requirement\_helm) | ~> 2.11 | -| [kubernetes](#requirement\_kubernetes) | ~> 2.23 | -| [null](#requirement\_null) | ~> 3.2 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.99.1 | -| [helm](#provider\_helm) | 2.17.0 | -| [kubernetes](#provider\_kubernetes) | 2.37.1 | -| [local](#provider\_local) | 2.5.3 | -| [null](#provider\_null) | 3.2.4 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [trusting\_oidc](#module\_trusting\_oidc) | ../../../aws/data/iam/eks/trusting | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_policy.vault_kms_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.vault_kms_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.vault_kms_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_kms_alias.vault_unseal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | -| [aws_kms_key.vault_unseal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | -| [helm_release.vault](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | -| [kubernetes_namespace.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | -| [kubernetes_service_account.vault](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) | resource | -| [null_resource.vault_init](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [local_file.vault_root_token](https://registry.terraform.io/providers/hashicorp/local/latest/docs/data-sources/file) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [allowed\_cidr\_blocks](#input\_allowed\_cidr\_blocks) | List of CIDR blocks allowed to access the load balancer | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | -| [cluster\_name](#input\_cluster\_name) | Name of the Kubernetes cluster | `string` | n/a | yes | -| [kms\_key\_id](#input\_kms\_key\_id) | AWS KMS Key ID for auto-unseal | `string` | `""` | no | -| [load\_balancer\_scheme](#input\_load\_balancer\_scheme) | Load balancer scheme - 'internet-facing' for public access or 'internal' for private access | `string` | `"internal"` | no | -| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs for the load balancer | `list(string)` | n/a | yes | -| [vault\_namespace](#input\_vault\_namespace) | Kubernetes namespace for Vault | `string` | `"vault"` | no | -| [vault\_service\_account](#input\_vault\_service\_account) | Vault service account name | `string` | `"vault"` | no | -| [wait\_timeout](#input\_wait\_timeout) | The time it waits for pods to be ready | `string` | `"300s"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [vault\_iam\_role\_arn](#output\_vault\_iam\_role\_arn) | IAM Role ARN for Vault service account | -| [vault\_kms\_key\_id](#output\_vault\_kms\_key\_id) | KMS Key ID used for Vault auto-unseal | -| [vault\_root\_token](#output\_vault\_root\_token) | Vault root token for authentication | -| [vault\_service\_url](#output\_vault\_service\_url) | Vault service URL | -| [vault\_ui\_port\_forward\_command](#output\_vault\_ui\_port\_forward\_command) | Command to port-forward to Vault UI | diff --git a/modules/kubernetes/helm/vault/data.tf b/modules/kubernetes/helm/vault/data.tf deleted file mode 100644 index be8184f..0000000 --- a/modules/kubernetes/helm/vault/data.tf +++ /dev/null @@ -1,15 +0,0 @@ -data "aws_caller_identity" "current" {} - -data "aws_region" "current" {} - -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -module "trusting_oidc" { - source = "../../../aws/data/iam/eks/trusting" - - cluster_name = var.cluster_name - namespace = var.vault_namespace - service_account_name = var.vault_service_account -} \ No newline at end of file diff --git a/modules/kubernetes/helm/vault/helm.tf b/modules/kubernetes/helm/vault/helm.tf deleted file mode 100644 index cdf955c..0000000 --- a/modules/kubernetes/helm/vault/helm.tf +++ /dev/null @@ -1,104 +0,0 @@ -resource "helm_release" "vault" { - name = "vault" - repository = "https://helm.releases.hashicorp.com" - chart = "vault" - namespace = var.vault_namespace - version = "0.28.0" - - values = [ - yamlencode({ - global = { - enabled = true - tlsDisable = true - } - - injector = { - enabled = true - } - - server = { - serviceAccount = { - create = false - name = var.vault_service_account - } - - # Enable persistent storage with gp2 - dataStorage = { - enabled = true - size = "10Gi" - storageClass = var.storageClassName - } - - auditStorage = { - enabled = false - } - - # Remove custom volumes since we're using persistent storage - volumes = [] - volumeMounts = [] - - # Single instance, no HA - ha = { - enabled = false - } - - # Simple configuration with file storage on ephemeral disk - standalone = { - enabled = true - config = <<-EOT - ui = true - - listener "tcp" { - tls_disable = 1 - address = "[::]:8200" - } - - storage "file" { - path = "/vault/file" - } - - seal "awskms" { - region = "${data.aws_region.current.name}" - kms_key_id = "${var.kms_key_id != "" ? var.kms_key_id : aws_kms_key.vault_unseal[0].key_id}" - } - - disable_mlock = true - EOT - } - - service = { - enabled = true - type = "LoadBalancer" - port = 8200 - annotations = { - "service.beta.kubernetes.io/aws-load-balancer-type" = "nlb" - "service.beta.kubernetes.io/aws-load-balancer-subnets" = join(",", var.public_subnet_ids) - "service.beta.kubernetes.io/aws-load-balancer-scheme" = var.load_balancer_scheme - "service.beta.kubernetes.io/aws-load-balancer-internal" = tostring(var.load_balancer_scheme == "internal") - "service.beta.kubernetes.io/aws-load-balancer-ssl-ports" = "8200" - "service.beta.kubernetes.io/aws-load-balancer-ssl-redirect" = "true" - "service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy" = "ELBSecurityPolicy-TLS-1-2-2017-01" - "service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled" = "true" - "service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags" = "Name=${var.cluster_name}-vault" - "service.beta.kubernetes.io/aws-load-balancer-source-ranges" = join(",", var.allowed_cidr_blocks) - } - } - - ingress = { - enabled = false - } - } - - ui = { - enabled = true - serviceType = "ClusterIP" - } - }) - ] - - depends_on = [ - kubernetes_namespace.vault, - kubernetes_service_account.vault, - aws_iam_role_policy_attachment.vault_kms_policy_attachment - ] -} diff --git a/modules/kubernetes/helm/vault/iam.tf b/modules/kubernetes/helm/vault/iam.tf deleted file mode 100644 index 7b2cd69..0000000 --- a/modules/kubernetes/helm/vault/iam.tf +++ /dev/null @@ -1,37 +0,0 @@ -resource "aws_iam_role" "vault_kms_role" { - name = "vault-kms-role-${var.cluster_name}" - - assume_role_policy = jsonencode(module.trusting_oidc.trusting) - permissions_boundary = var.iam_role_permissions_boundary - - -} - - -# IAM policy for KMS access -resource "aws_iam_policy" "vault_kms_policy" { - name = "vault-kms-policy-${var.cluster_name}" - description = "Policy for Vault to access KMS for auto-unseal" - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Effect = "Allow" - Action = [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey", - "kms:DescribeKey" - ] - Resource = var.kms_key_id != "" ? "arn:aws:kms:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:key/${var.kms_key_id}" : aws_kms_key.vault_unseal[0].arn - } - ] - }) -} - -# Attach policy to role -resource "aws_iam_role_policy_attachment" "vault_kms_policy_attachment" { - role = aws_iam_role.vault_kms_role.name - policy_arn = aws_iam_policy.vault_kms_policy.arn -} \ No newline at end of file diff --git a/modules/kubernetes/helm/vault/kms.tf b/modules/kubernetes/helm/vault/kms.tf deleted file mode 100644 index bb04883..0000000 --- a/modules/kubernetes/helm/vault/kms.tf +++ /dev/null @@ -1,29 +0,0 @@ -resource "aws_kms_key" "vault_unseal" { - count = var.kms_key_id == "" ? 1 : 0 - description = "KMS key for Vault auto-unseal" - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Sid = "Enable IAM User Permissions" - Effect = "Allow" - Principal = { - AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root" - } - Action = "kms:*" - Resource = "*" - } - ] - }) - - tags = { - Name = "vault-auto-unseal-${var.cluster_name}" - } -} - -resource "aws_kms_alias" "vault_unseal" { - count = var.kms_key_id == "" ? 1 : 0 - name = "alias/vault-auto-unseal-${var.cluster_name}" - target_key_id = aws_kms_key.vault_unseal[0].key_id -} \ No newline at end of file diff --git a/modules/kubernetes/helm/vault/kubernetes.tf b/modules/kubernetes/helm/vault/kubernetes.tf deleted file mode 100644 index 2437a37..0000000 --- a/modules/kubernetes/helm/vault/kubernetes.tf +++ /dev/null @@ -1,70 +0,0 @@ -# Kubernetes namespace -resource "kubernetes_namespace" "vault" { - metadata { - name = var.vault_namespace - } -} - -# Kubernetes service account with IAM role annotation -resource "kubernetes_service_account" "vault" { - metadata { - name = var.vault_service_account - namespace = var.vault_namespace - annotations = { - "eks.amazonaws.com/role-arn" = aws_iam_role.vault_kms_role.arn - } - } - depends_on = [kubernetes_namespace.vault] -} - -resource "null_resource" "vault_init" { - provisioner "local-exec" { - command = <<-EOT - # Wait for Vault pods to be ready - kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=vault -n ${var.vault_namespace} --timeout=${var.wait_timeout} - - # Check if Vault is already initialized - if kubectl exec -n ${var.vault_namespace} vault-0 -- vault status | grep -q "Initialized.*true"; then - echo "Vault is already initialized" - - # Try to get existing root token from secret - if kubectl get secret vault-root-token -n ${var.vault_namespace} >/dev/null 2>&1; then - ROOT_TOKEN=$(kubectl get secret vault-root-token -n ${var.vault_namespace} -o jsonpath='{.data.token}' | base64 -d) - echo "Retrieved existing root token" - else - echo "Warning: Vault is initialized but no root token found in secrets" - ROOT_TOKEN="" - fi - else - echo "Initializing Vault..." - - # Initialize Vault and save output - kubectl exec -n ${var.vault_namespace} vault-0 -- vault operator init -format=json > /tmp/vault-init.json - - # Extract root token - ROOT_TOKEN=$(cat /tmp/vault-init.json | jq -r '.root_token') - - # Create Kubernetes secret for root token - kubectl create secret generic vault-root-token -n ${var.vault_namespace} \ - --from-literal=token="$ROOT_TOKEN" \ - --dry-run=client -o yaml | kubectl apply -f - - - echo "Vault initialized successfully with auto-unseal" - echo "Root token stored in vault-root-token secret" - fi - - # Save root token to file for Terraform to read - echo -n "$ROOT_TOKEN" > /tmp/vault-root-token.txt - - # Output the token (will be captured by Terraform) - echo "VAULT_ROOT_TOKEN=$ROOT_TOKEN" - EOT - } - - # Force re-run when dependencies change - triggers = { - vault_deployment = helm_release.vault.metadata[0].revision - } - - depends_on = [helm_release.vault] -} diff --git a/modules/kubernetes/helm/vault/output.tf b/modules/kubernetes/helm/vault/output.tf deleted file mode 100644 index 376d6b3..0000000 --- a/modules/kubernetes/helm/vault/output.tf +++ /dev/null @@ -1,31 +0,0 @@ -output "vault_kms_key_id" { - description = "KMS Key ID used for Vault auto-unseal" - value = var.kms_key_id != "" ? var.kms_key_id : aws_kms_key.vault_unseal[0].key_id -} - -output "vault_iam_role_arn" { - description = "IAM Role ARN for Vault service account" - value = aws_iam_role.vault_kms_role.arn -} - -output "vault_service_url" { - description = "Vault service URL" - value = "http://vault.${var.vault_namespace}.svc.cluster.local:8200" -} - -output "vault_ui_port_forward_command" { - description = "Command to port-forward to Vault UI" - value = "kubectl port-forward -n ${var.vault_namespace} svc/vault 8200:8200" -} - -data "local_file" "vault_root_token" { - filename = "/tmp/vault-root-token.txt" - depends_on = [null_resource.vault_init] -} - -# Output the root token -output "vault_root_token" { - description = "Vault root token for authentication" - value = data.local_file.vault_root_token.content - sensitive = true -} \ No newline at end of file diff --git a/modules/kubernetes/helm/vault/providers.tf b/modules/kubernetes/helm/vault/providers.tf deleted file mode 100644 index a7bf91c..0000000 --- a/modules/kubernetes/helm/vault/providers.tf +++ /dev/null @@ -1,51 +0,0 @@ -# Provider configuration -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "~> 2.23" - } - helm = { - source = "hashicorp/helm" - version = "~> 2.11" - } - null = { - source = "hashicorp/null" - version = "~> 3.2" - } - } -} - -# # Configure providers -# provider "aws" { -# } -# -# provider "kubernetes" { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) -# -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } -# -# provider "helm" { -# kubernetes { -# host = data.aws_eks_cluster.cluster.endpoint -# cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) -# -# exec { -# api_version = "client.authentication.k8s.io/v1beta1" -# command = "aws" -# args = ["eks", "get-token", "--cluster-name", var.cluster_name] -# } -# } -# } diff --git a/modules/kubernetes/helm/vault/variables.tf b/modules/kubernetes/helm/vault/variables.tf deleted file mode 100644 index a9cc66b..0000000 --- a/modules/kubernetes/helm/vault/variables.tf +++ /dev/null @@ -1,61 +0,0 @@ -variable "cluster_name" { - description = "Name of the Kubernetes cluster" - type = string -} - -variable "vault_namespace" { - description = "Kubernetes namespace for Vault" - type = string - default = "vault" -} - -variable "wait_timeout" { - description = "The time it waits for pods to be ready" - type = string - default = "300s" -} - -variable "kms_key_id" { - description = "AWS KMS Key ID for auto-unseal" - type = string - default = "" -} - -variable "vault_service_account" { - description = "Vault service account name" - type = string - default = "vault" -} - -variable "public_subnet_ids" { - description = "List of public subnet IDs for the load balancer" - type = list(string) -} - -variable "allowed_cidr_blocks" { - description = "List of CIDR blocks allowed to access the load balancer" - type = list(string) - default = ["0.0.0.0/0"] -} - -variable "load_balancer_scheme" { - description = "Load balancer scheme - 'internet-facing' for public access or 'internal' for private access" - type = string - default = "internal" - validation { - condition = contains(["internet-facing", "internal"], var.load_balancer_scheme) - error_message = "Load balancer scheme must be either 'internet-facing' or 'internal'." - } -} - -variable "iam_role_permissions_boundary" { - description = "ARN of the policy that is used to set the permissions boundary for the IAM role" - type = string - default = null -} - -variable "storageClassName" { - description = "The storageClass name to use" - type = string - default = "gp2" -} diff --git a/modules/nullplatform/README.md b/modules/nullplatform/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/nullplatform/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/nullplatform/dimensions/README.md b/modules/nullplatform/dimensions/README.md deleted file mode 100644 index 1cb5953..0000000 --- a/modules/nullplatform/dimensions/README.md +++ /dev/null @@ -1,34 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_dimension.environment](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/dimension) | resource | -| [nullplatform_dimension_value.environment_value](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/dimension_value) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [environments](#input\_environments) | The list of environments | `list(string)` | 
[
  "development",
  "staging",
  "production"
]
| no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [ids](#output\_ids) | The Ids of the dimensions created | -| [names](#output\_names) | The names of the dimensions created | diff --git a/modules/nullplatform/dimensions/backend.tf b/modules/nullplatform/dimensions/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/dimensions/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/dimensions/outputs.tf b/modules/nullplatform/dimensions/outputs.tf deleted file mode 100644 index 7b63183..0000000 --- a/modules/nullplatform/dimensions/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "ids" { - description = "The Ids of the dimensions created" - value = [for env in nullplatform_dimension_value.environment_value : env.id] -} - -output "names" { - description = "The names of the dimensions created" - value = var.environments -} diff --git a/modules/nullplatform/dimensions/variables.tf b/modules/nullplatform/dimensions/variables.tf deleted file mode 100644 index e83a07a..0000000 --- a/modules/nullplatform/dimensions/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -################################################################################ -# General Variables from root module -################################################################################ - -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environments" { - type = list(string) - description = "The list of environments" - default = ["development", "staging", "production"] -} diff --git a/modules/nullplatform/provider/asset/docker-server/README.md b/modules/nullplatform/provider/asset/docker-server/README.md deleted file mode 100644 index 398ca4c..0000000 --- a/modules/nullplatform/provider/asset/docker-server/README.md +++ /dev/null @@ -1,33 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.docker_server](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [login\_server](#input\_login\_server) | Docker Login server name | `string` | n/a | yes | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [password](#input\_password) | Docker password | `string` | n/a | yes | -| [path](#input\_path) | Path to the registry created | `string` | n/a | yes | -| [username](#input\_username) | Docker username | `string` | `"_json_key_base64"` | no | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/asset/docker-server/backend.tf b/modules/nullplatform/provider/asset/docker-server/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/asset/docker-server/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/asset/docker-server/variables.tf b/modules/nullplatform/provider/asset/docker-server/variables.tf deleted file mode 100644 index 5e7e473..0000000 --- a/modules/nullplatform/provider/asset/docker-server/variables.tf +++ /dev/null @@ -1,26 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "login_server" { - description = "Docker Login server name" - type = string -} - -variable "path" { - description = "Path to the registry created" - type = string -} - -variable "username" { - description = "Docker username" - type = string - default = "_json_key_base64" -} - -variable "password" { - description = "Docker password" - type = string - sensitive = false -} diff --git a/modules/nullplatform/provider/asset/ecr/.terraform.lock.hcl b/modules/nullplatform/provider/asset/ecr/.terraform.lock.hcl deleted file mode 100644 index f269b36..0000000 --- a/modules/nullplatform/provider/asset/ecr/.terraform.lock.hcl +++ /dev/null @@ -1,41 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/azurerm" { - version = "4.19.0" - hashes = [ - "h1:nYJrDZgta67mFtKdd8ypCdxcAPvdz1vAabb4yh6ms8g=", - "zh:2ad30ba69767c30c1a97ceac3fd9f3c20d4a503f9bc0d2390929fe1bf993e882", - "zh:3103558709ba3d2903c18d590e81f7f6c603ffdcb5102fea42c41223e986ece6", - "zh:62d184427b38cc7befbae1e190431201b2d5bf214d55bba1fe65ffe53554a2b2", - "zh:761cc8f1a87e8215a55439891c1596b3522cdbddbb8784b57d21ff3140dacc09", - "zh:970cd1530c95621ab261e39183e2a516859744f16f9a198acd6fb4c39b2aa7a9", - "zh:9dcb1c531c43e34f75d1f01f0d5f0a7c13ba8049ac6f3177f56b08faa4254714", - "zh:b581aea03dbbee771f75c3cc3c0660a735544f9d91cc3dbf41ebf0ed764057be", - "zh:b7e5b92e8eba1b1bf8ce47925ff4e53f96351f4d88ce5a0bbd72b0b83f799537", - "zh:cf1e1698713b20425deffc3e52c4eea345fbb422c0acf1bef32777657096ec30", - "zh:ea9eb7fe756f498c3c46bfbb87bff3e58892751ce90b521ef87f6736132fad09", - ] -} - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/asset/ecr/README.md b/modules/nullplatform/provider/asset/ecr/README.md deleted file mode 100644 index a9c25aa..0000000 --- a/modules/nullplatform/provider/asset/ecr/README.md +++ /dev/null @@ -1,33 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.ecr](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [application\_manager\_role](#input\_application\_manager\_role) | The IAM role arn used to create repositories on an application creation | `string` | n/a | yes | -| [build\_workflow\_user\_access\_key\_id](#input\_build\_workflow\_user\_access\_key\_id) | AWS Access key used by Nullplatform to push images to ECR | `string` | n/a | yes | -| [build\_workflow\_user\_secret\_access\_key](#input\_build\_workflow\_user\_secret\_access\_key) | AWS Secret key used by Nullplatform to push images to ECR | `string` | n/a | yes | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [region](#input\_region) | ECR AWS region | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/asset/ecr/backend.tf b/modules/nullplatform/provider/asset/ecr/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/asset/ecr/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/asset/ecr/main.tf b/modules/nullplatform/provider/asset/ecr/main.tf deleted file mode 100644 index 6d1cec7..0000000 --- a/modules/nullplatform/provider/asset/ecr/main.tf +++ /dev/null @@ -1,18 +0,0 @@ -resource "nullplatform_provider_config" "ecr" { - provider = nullplatform - nrn = var.nrn - type = "ecr" - dimensions = {} - attributes = jsonencode({ - "ci" : { - "region" : var.region, - "access_key" : var.build_workflow_user_access_key_id - "secret_key" : var.build_workflow_user_secret_access_key - }, - "setup" : { - "region" : var.region, - "role_arn" : var.application_manager_role - } - }) -} - diff --git a/modules/nullplatform/provider/asset/ecr/variables.tf b/modules/nullplatform/provider/asset/ecr/variables.tf deleted file mode 100644 index 05339ba..0000000 --- a/modules/nullplatform/provider/asset/ecr/variables.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "region" { - description = "ECR AWS region" - type = string -} - -variable "build_workflow_user_access_key_id" { - description = "AWS Access key used by Nullplatform to push images to ECR" - type = string -} - -variable "build_workflow_user_secret_access_key" { - description = "AWS Secret key used by Nullplatform to push images to ECR" - type = string -} - -variable "application_manager_role" { - description = "The IAM role arn used to create repositories on an application creation" - type = string -} diff --git a/modules/nullplatform/provider/asset/s3/.terraform.lock.hcl b/modules/nullplatform/provider/asset/s3/.terraform.lock.hcl deleted file mode 100644 index f269b36..0000000 --- a/modules/nullplatform/provider/asset/s3/.terraform.lock.hcl +++ /dev/null @@ -1,41 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/hashicorp/azurerm" { - version = "4.19.0" - hashes = [ - "h1:nYJrDZgta67mFtKdd8ypCdxcAPvdz1vAabb4yh6ms8g=", - "zh:2ad30ba69767c30c1a97ceac3fd9f3c20d4a503f9bc0d2390929fe1bf993e882", - "zh:3103558709ba3d2903c18d590e81f7f6c603ffdcb5102fea42c41223e986ece6", - "zh:62d184427b38cc7befbae1e190431201b2d5bf214d55bba1fe65ffe53554a2b2", - "zh:761cc8f1a87e8215a55439891c1596b3522cdbddbb8784b57d21ff3140dacc09", - "zh:970cd1530c95621ab261e39183e2a516859744f16f9a198acd6fb4c39b2aa7a9", - "zh:9dcb1c531c43e34f75d1f01f0d5f0a7c13ba8049ac6f3177f56b08faa4254714", - "zh:b581aea03dbbee771f75c3cc3c0660a735544f9d91cc3dbf41ebf0ed764057be", - "zh:b7e5b92e8eba1b1bf8ce47925ff4e53f96351f4d88ce5a0bbd72b0b83f799537", - "zh:cf1e1698713b20425deffc3e52c4eea345fbb422c0acf1bef32777657096ec30", - "zh:ea9eb7fe756f498c3c46bfbb87bff3e58892751ce90b521ef87f6736132fad09", - ] -} - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/asset/s3/README.md b/modules/nullplatform/provider/asset/s3/README.md deleted file mode 100644 index a1e0dad..0000000 --- a/modules/nullplatform/provider/asset/s3/README.md +++ /dev/null @@ -1,30 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.s3](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [lambda\_assets\_bucket](#input\_lambda\_assets\_bucket) | Bucket where assets for lambda functions are stored | `string` | n/a | yes | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/asset/s3/backend.tf b/modules/nullplatform/provider/asset/s3/backend.tf deleted file mode 100644 index 8886af7..0000000 --- a/modules/nullplatform/provider/asset/s3/backend.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - azurerm = { - source = "hashicorp/azurerm" - } - } -} diff --git a/modules/nullplatform/provider/asset/s3/main.tf b/modules/nullplatform/provider/asset/s3/main.tf deleted file mode 100644 index 04a8206..0000000 --- a/modules/nullplatform/provider/asset/s3/main.tf +++ /dev/null @@ -1,11 +0,0 @@ -resource "nullplatform_provider_config" "s3" { - provider = nullplatform - nrn = var.nrn - type = "s3-configuration" - dimensions = {} - attributes = jsonencode({ - "bucket" : { - "name" : var.lambda_assets_bucket - } - }) -} diff --git a/modules/nullplatform/provider/asset/s3/variables.tf b/modules/nullplatform/provider/asset/s3/variables.tf deleted file mode 100644 index f733abd..0000000 --- a/modules/nullplatform/provider/asset/s3/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "lambda_assets_bucket" { - description = "Bucket where assets for lambda functions are stored" - type = string -} diff --git a/modules/nullplatform/provider/cloud/README.md b/modules/nullplatform/provider/cloud/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/nullplatform/provider/cloud/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/cloud/aws/.terraform.lock.hcl b/modules/nullplatform/provider/cloud/aws/.terraform.lock.hcl deleted file mode 100644 index 8ef8c42..0000000 --- a/modules/nullplatform/provider/cloud/aws/.terraform.lock.hcl +++ /dev/null @@ -1,46 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "6.10.0" - hashes = [ - "h1:3+TkVoKllN+U48xMQjZCB692MigTQCLkEfug6aYMG/c=", - "zh:3c92efebaf635372bf7283e04fc667d59b0ff3cf1aacd011fc484a11f70954d9", - "zh:404b2a1d360851e63f25945406f2d0c2cb9c20b361552ce01bf7fe3df516a5bf", - "zh:523b1640e2b9e2b548876a1dccc627c290f342255d727568fe4becfd9a8f5689", - "zh:697adf10c76384195303650555229129d64135f5be3abf95da0bf4b6de742054", - "zh:69d6177e3e106518844373871d4e6377003336761aab884da32f66b034229b5c", - "zh:6a41899ce8ab9cdd6f706160fd350951e5f3fc1432a37e638d3576a780c686fd", - "zh:6e8fd28299d6bf0ab6922cf987757e578f357a45ac45abc312688580dbde3bee", - "zh:7ca4bfb5a8f89586dd0c8dd9c1e638a03bc7c6f456bcc29be57cfb7bdc90fc30", - "zh:8fe1f6e0a2718318bae3f53a4fb77bc9eaef0fc4131145996f48482b135830c6", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:b221cfbc9f19ad30719b773f05f45571e88b124c15c35ac230021df1bb1110f5", - "zh:b458c357b5f38092e374957e51827d9113447696deccf0cb01f5684d976e7725", - "zh:b7fbb1b05972d73d72af58a2179ac124c6d69a4f0392aa2ce4dc855e78f52268", - "zh:d95da0dc45df0f30005e17c5206addbd62b0471c265d9855fe8039bf6f2adef7", - "zh:db5dd4120c6ab6ae13df67353a9bc902ac34d01c1d297812d628ebf61dc6f681", - ] -} - -provider "registry.terraform.io/nullplatform/nullplatform" { - version = "0.0.67" - hashes = [ - "h1:zSLxZP4h6M9BvwZJioiBee91ezjobz9/Od0/Z0jboaE=", - "zh:10f229fa98947f36131f0a47333009e5ce00a355fb4ff5586e812d61691d5367", - "zh:1961d95c204f5f4976961b65843695c99b64746ec53dbe5d965a19fe52e9f448", - "zh:20e2f782a10fd3f6c9a0e154cebae36abbe74fe591f47453d3b08f8eb0fc049e", - "zh:2e60dcdfea18d1d975be05bcda94ab748be6ba6ea9eba4250d9bbfe08cb3a6c6", - "zh:343b1ca672061ef1c30e45aa02b70901be2db4d9ea4bdb67101483f00fe4d503", - "zh:54d94184600350360b14499bcbe75ded1df0afa5b52cb9f1de940259efee1dc9", - "zh:56ce4326785d8f3c8ee510cc4b8a05878b611a997552ffbc1d52d449a5fbbb1f", - "zh:7b6fda50448ff0a2573d6695216442f50159fbc6cc769c24a3d2e49286c76028", - "zh:8fce4e5808f7dc28f631a0408ae5a488e2c45f1a6da00bc3c4496066f99a7513", - "zh:ab42579c18cfda2c9172bff516e87efe6b7b0958aa31905f0d60c9ac74f583a8", - "zh:b89246315045a4c49a2cda19a3c398cc6c749b23ae8fdfbb592c68e9ae88b8ba", - "zh:ca54131274159aff9a45d795c816e2df1175a6912b0bd880dda98a269ea641ae", - "zh:d36e6d9e8bf62b2650bf8d5d118db7c8ff44f701d4d88c4ec8df7d13fc6f9780", - "zh:e3c59713748c8b0204e55bab117b864515adaa5e62afb0667a65bb4c7d998fa2", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/cloud/aws/README.md b/modules/nullplatform/provider/cloud/aws/README.md deleted file mode 100644 index 03f0c57..0000000 --- a/modules/nullplatform/provider/cloud/aws/README.md +++ /dev/null @@ -1,39 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 5.87.0 | -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.aws](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [domain\_name](#input\_domain\_name) | n/a | `string` | n/a | yes | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [hosted\_public\_zone\_id](#input\_hosted\_public\_zone\_id) | The Hosted zone if for the public dns | `string` | n/a | yes | -| [hosted\_zone\_id](#input\_hosted\_zone\_id) | The Hosted zone if for the private dns | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [region](#input\_region) | n/a | `string` | n/a | yes | -| [scope\_manager\_role](#input\_scope\_manager\_role) | Add admin role to the aws-auth configmap | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/cloud/aws/backend.tf b/modules/nullplatform/provider/cloud/aws/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/cloud/aws/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/cloud/aws/data.tf b/modules/nullplatform/provider/cloud/aws/data.tf deleted file mode 100644 index d9c96ce..0000000 --- a/modules/nullplatform/provider/cloud/aws/data.tf +++ /dev/null @@ -1,3 +0,0 @@ -data "aws_caller_identity" "current" { - provider = aws -} diff --git a/modules/nullplatform/provider/cloud/aws/locals.tf b/modules/nullplatform/provider/cloud/aws/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/cloud/aws/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/cloud/aws/main.tf b/modules/nullplatform/provider/cloud/aws/main.tf deleted file mode 100644 index dc9a07d..0000000 --- a/modules/nullplatform/provider/cloud/aws/main.tf +++ /dev/null @@ -1,21 +0,0 @@ -resource "nullplatform_provider_config" "aws" { - provider = nullplatform - nrn = var.nrn - type = "aws-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - iam = { - scope_workflow_role = var.scope_manager_role - } - account = { - id = data.aws_caller_identity.current.account_id - region = var.region - } - networking = { - application_domain = var.application_domain - domain_name = var.domain_name - hosted_zone_id = var.hosted_zone_id - hosted_public_zone_id = var.hosted_public_zone_id - } - }) -} diff --git a/modules/nullplatform/provider/cloud/aws/variables.tf b/modules/nullplatform/provider/cloud/aws/variables.tf deleted file mode 100644 index c9cdce5..0000000 --- a/modules/nullplatform/provider/cloud/aws/variables.tf +++ /dev/null @@ -1,50 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "region" { - type = string -} - -variable "domain_name" { - type = string -} - -variable "scope_manager_role" { - type = string - description = "Add admin role to the aws-auth configmap" -} - -variable "hosted_zone_id" { - type = string - description = "The Hosted zone if for the private dns" -} - -variable "hosted_public_zone_id" { - type = string - description = "The Hosted zone if for the public dns" -} - -variable "application_domain" { - type = bool - description = "Enable application domain in networking configuration" - default = true -} diff --git a/modules/nullplatform/provider/cloud/gcp/.terraform.lock.hcl b/modules/nullplatform/provider/cloud/gcp/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/cloud/gcp/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/cloud/gcp/README.md b/modules/nullplatform/provider/cloud/gcp/README.md deleted file mode 100644 index 0e03f8f..0000000 --- a/modules/nullplatform/provider/cloud/gcp/README.md +++ /dev/null @@ -1,38 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.gcp](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [credentials\_file](#input\_credentials\_file) | Base64 credentials file | `string` | n/a | yes | -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [domain\_name](#input\_domain\_name) | Domain name | `string` | n/a | yes | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [private\_dns\_zone\_name](#input\_private\_dns\_zone\_name) | gcp private zone name | `string` | n/a | yes | -| [project\_id](#input\_project\_id) | ID del Proyecto en GCP | `string` | n/a | yes | -| [public\_dns\_zone\_name](#input\_public\_dns\_zone\_name) | gcp public zone name | `string` | n/a | yes | -| [use\_application\_domain](#input\_use\_application\_domain) | false | `bool` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/cloud/gcp/backend.tf b/modules/nullplatform/provider/cloud/gcp/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/cloud/gcp/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/cloud/gcp/locals.tf b/modules/nullplatform/provider/cloud/gcp/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/cloud/gcp/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/cloud/gcp/main.tf b/modules/nullplatform/provider/cloud/gcp/main.tf deleted file mode 100644 index f514c81..0000000 --- a/modules/nullplatform/provider/cloud/gcp/main.tf +++ /dev/null @@ -1,19 +0,0 @@ -resource "nullplatform_provider_config" "gcp" { - nrn = var.nrn - type = "google-cloud-configuration" - dimensions = var.dimensions - attributes = jsonencode({ - "project" : { - "id" : var.project_id - }, - "networking" : { - "domain_name" : var.domain_name, - "application_domain" : var.use_application_domain, - "public_dns_zone_name" : var.public_dns_zone_name - "private_dns_zone_name" : var.private_dns_zone_name - }, - "authentication" : { - "service_account_key" : var.credentials_file - } - }) -} diff --git a/modules/nullplatform/provider/cloud/gcp/variables.tf b/modules/nullplatform/provider/cloud/gcp/variables.tf deleted file mode 100644 index 9fe9e0f..0000000 --- a/modules/nullplatform/provider/cloud/gcp/variables.tf +++ /dev/null @@ -1,51 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "project_id" { - type = string - description = "ID del Proyecto en GCP" -} - -variable "domain_name" { - description = "Domain name" - type = string -} - -variable "public_dns_zone_name" { - description = "gcp public zone name" - type = string -} - -variable "private_dns_zone_name" { - description = "gcp private zone name" - type = string -} - -variable "use_application_domain" { - description = false - type = bool -} - -variable "credentials_file" { - description = "Base64 credentials file" - type = string -} diff --git a/modules/nullplatform/provider/code/github/README.md b/modules/nullplatform/provider/code/github/README.md deleted file mode 100644 index 58a7b3c..0000000 --- a/modules/nullplatform/provider/code/github/README.md +++ /dev/null @@ -1,31 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.github](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [organization](#input\_organization) | The github organization to associate to nullplatform. | `string` | n/a | yes | -| [organization\_installation\_id](#input\_organization\_installation\_id) | The github installation id after installing the organization to Nullplatform github application. | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/code/github/backend.tf b/modules/nullplatform/provider/code/github/backend.tf deleted file mode 100644 index 8886af7..0000000 --- a/modules/nullplatform/provider/code/github/backend.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - azurerm = { - source = "hashicorp/azurerm" - } - } -} diff --git a/modules/nullplatform/provider/code/github/main.tf b/modules/nullplatform/provider/code/github/main.tf deleted file mode 100644 index ed69e6b..0000000 --- a/modules/nullplatform/provider/code/github/main.tf +++ /dev/null @@ -1,13 +0,0 @@ -resource "nullplatform_provider_config" "github" { - nrn = try(regex("(.*):namespace.*", var.nrn)[0], var.nrn) - type = "github-configuration" - dimensions = {} - attributes = jsonencode({ - "setup" : { - "organization" : var.organization, - "installation_id" : var.organization_installation_id, - }, - } - ) -} - diff --git a/modules/nullplatform/provider/code/github/variables.tf b/modules/nullplatform/provider/code/github/variables.tf deleted file mode 100644 index b4a03fc..0000000 --- a/modules/nullplatform/provider/code/github/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "organization" { - type = string - description = "The github organization to associate to nullplatform." -} - -variable "organization_installation_id" { - type = string - description = "The github installation id after installing the organization to Nullplatform github application." -} diff --git a/modules/nullplatform/provider/compute/ec2/.terraform.lock.hcl b/modules/nullplatform/provider/compute/ec2/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/compute/ec2/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/compute/ec2/README.md b/modules/nullplatform/provider/compute/ec2/README.md deleted file mode 100644 index 53cb5bb..0000000 --- a/modules/nullplatform/provider/compute/ec2/README.md +++ /dev/null @@ -1,36 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.ec2](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [ami\_id](#input\_ami\_id) | AMI Id used to launch to EC2 instances | `string` | `"ami-0a6dd292b2a2a778c"` | no | -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [instance\_profile](#input\_instance\_profile) | The IAM Instance profile to attach to EC2 instances | `string` | n/a | yes | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [parameters\_bucket](#input\_parameters\_bucket) | The parameters bucket storage | `string` | n/a | yes | -| [parameters\_encryption\_secret](#input\_parameters\_encryption\_secret) | The parameters bucket storage encryption key | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/compute/ec2/backend.tf b/modules/nullplatform/provider/compute/ec2/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/compute/ec2/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/compute/ec2/locals.tf b/modules/nullplatform/provider/compute/ec2/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/compute/ec2/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/compute/ec2/main.tf b/modules/nullplatform/provider/compute/ec2/main.tf deleted file mode 100644 index bfc9743..0000000 --- a/modules/nullplatform/provider/compute/ec2/main.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "nullplatform_provider_config" "ec2" { - provider = nullplatform - nrn = var.nrn - type = "ec2-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - ami = { - id = var.ami_id - }, - storage = { - parameters_bucket = var.parameters_bucket - parameters_encryption_secret = var.parameters_encryption_secret - }, - security = { - # ssh_key = var.ec2_ssh_key_name - iam_profile = var.instance_profile - - } - }) -} diff --git a/modules/nullplatform/provider/compute/ec2/variables.tf b/modules/nullplatform/provider/compute/ec2/variables.tf deleted file mode 100644 index 20a141e..0000000 --- a/modules/nullplatform/provider/compute/ec2/variables.tf +++ /dev/null @@ -1,43 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "ami_id" { - type = string - description = "AMI Id used to launch to EC2 instances" - default = "ami-0a6dd292b2a2a778c" #null-runtime-58 -} - -variable "parameters_bucket" { - type = string - description = "The parameters bucket storage" -} - -variable "parameters_encryption_secret" { - type = string - description = "The parameters bucket storage encryption key" -} - -variable "instance_profile" { - type = string - description = "The IAM Instance profile to attach to EC2 instances" -} - diff --git a/modules/nullplatform/provider/compute/lambda/.terraform.lock.hcl b/modules/nullplatform/provider/compute/lambda/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/compute/lambda/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/compute/lambda/README.md b/modules/nullplatform/provider/compute/lambda/README.md deleted file mode 100644 index 9808a0c..0000000 --- a/modules/nullplatform/provider/compute/lambda/README.md +++ /dev/null @@ -1,33 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.lambda](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [lambda\_function\_role\_arn](#input\_lambda\_function\_role\_arn) | The IAM Role arn to deploy Lambda functions | `string` | n/a | yes | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/compute/lambda/backend.tf b/modules/nullplatform/provider/compute/lambda/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/compute/lambda/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/compute/lambda/locals.tf b/modules/nullplatform/provider/compute/lambda/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/compute/lambda/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/compute/lambda/main.tf b/modules/nullplatform/provider/compute/lambda/main.tf deleted file mode 100644 index 4872ad6..0000000 --- a/modules/nullplatform/provider/compute/lambda/main.tf +++ /dev/null @@ -1,11 +0,0 @@ -resource "nullplatform_provider_config" "lambda" { - provider = nullplatform - nrn = var.nrn - type = "aws-lambda-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - setup = { - role_arn = var.lambda_function_role_arn - } - }) -} diff --git a/modules/nullplatform/provider/compute/lambda/variables.tf b/modules/nullplatform/provider/compute/lambda/variables.tf deleted file mode 100644 index 11af5de..0000000 --- a/modules/nullplatform/provider/compute/lambda/variables.tf +++ /dev/null @@ -1,27 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "lambda_function_role_arn" { - type = string - description = "The IAM Role arn to deploy Lambda functions" -} - diff --git a/modules/nullplatform/provider/container/README.md b/modules/nullplatform/provider/container/README.md deleted file mode 100644 index 5ca9045..0000000 --- a/modules/nullplatform/provider/container/README.md +++ /dev/null @@ -1,23 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/container/eks/.terraform.lock.hcl b/modules/nullplatform/provider/container/eks/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/container/eks/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/container/eks/README.md b/modules/nullplatform/provider/container/eks/README.md deleted file mode 100644 index 23de3cb..0000000 --- a/modules/nullplatform/provider/container/eks/README.md +++ /dev/null @@ -1,34 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.eks](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | GKE Cluster name | `string` | n/a | yes | -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [namespace](#input\_namespace) | Namespace where apps will be created | `string` | `"nullplatform"` | no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/container/eks/backend.tf b/modules/nullplatform/provider/container/eks/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/container/eks/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/container/eks/locals.tf b/modules/nullplatform/provider/container/eks/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/container/eks/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/container/eks/main.tf b/modules/nullplatform/provider/container/eks/main.tf deleted file mode 100644 index 29d417f..0000000 --- a/modules/nullplatform/provider/container/eks/main.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "nullplatform_provider_config" "eks" { - provider = nullplatform - nrn = var.nrn - type = "eks-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - cluster = { - id = var.cluster_name, - namespace = var.namespace - } - }) -} diff --git a/modules/nullplatform/provider/container/eks/variables.tf b/modules/nullplatform/provider/container/eks/variables.tf deleted file mode 100644 index 91f3c90..0000000 --- a/modules/nullplatform/provider/container/eks/variables.tf +++ /dev/null @@ -1,32 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "cluster_name" { - type = string - description = "GKE Cluster name" -} - -variable "namespace" { - type = string - description = "Namespace where apps will be created" - default = "nullplatform" -} diff --git a/modules/nullplatform/provider/container/gke/.terraform.lock.hcl b/modules/nullplatform/provider/container/gke/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/container/gke/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/container/gke/README.md b/modules/nullplatform/provider/container/gke/README.md deleted file mode 100644 index df6de7c..0000000 --- a/modules/nullplatform/provider/container/gke/README.md +++ /dev/null @@ -1,38 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.gke](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cluster\_name](#input\_cluster\_name) | GKE Cluster name | `string` | n/a | yes | -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [gateway\_namespace](#input\_gateway\_namespace) | Namespace where gateways will be created | `string` | `"gateways"` | no | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [location](#input\_location) | GCP location where the cluster exists | `string` | n/a | yes | -| [namespace](#input\_namespace) | Namespace where apps will be created | `string` | `"nullplatform"` | no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [private\_gateway\_name](#input\_private\_gateway\_name) | Private gateway name | `string` | `"gateway-private"` | no | -| [public\_gateway\_name](#input\_public\_gateway\_name) | Public gateway name | `string` | `"gateway-public"` | no | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/container/gke/backend.tf b/modules/nullplatform/provider/container/gke/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/container/gke/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/container/gke/locals.tf b/modules/nullplatform/provider/container/gke/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/container/gke/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/container/gke/main.tf b/modules/nullplatform/provider/container/gke/main.tf deleted file mode 100644 index b521733..0000000 --- a/modules/nullplatform/provider/container/gke/main.tf +++ /dev/null @@ -1,18 +0,0 @@ -resource "nullplatform_provider_config" "gke" { - nrn = var.nrn - type = "gke-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - "cluster" : { - "id" : var.cluster_name, - "location" : var.location, - "namespace" : var.namespace - "image_pull_secrets" : ["image-pull-secret-nullplatform"] - }, - "gateway" : { - "namespace" : var.gateway_namespace, - "public_name" : var.public_gateway_name, - "private_name" : var.private_gateway_name, - } - }) -} diff --git a/modules/nullplatform/provider/container/gke/variables.tf b/modules/nullplatform/provider/container/gke/variables.tf deleted file mode 100644 index 103fced..0000000 --- a/modules/nullplatform/provider/container/gke/variables.tf +++ /dev/null @@ -1,55 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "cluster_name" { - type = string - description = "GKE Cluster name" -} - -variable "location" { - type = string - description = "GCP location where the cluster exists" -} - -variable "namespace" { - type = string - description = "Namespace where apps will be created" - default = "nullplatform" -} - -variable "gateway_namespace" { - description = "Namespace where gateways will be created" - type = string - default = "gateways" -} - -variable "public_gateway_name" { - description = "Public gateway name" - type = string - default = "gateway-public" -} - -variable "private_gateway_name" { - description = "Private gateway name" - type = string - default = "gateway-private" -} diff --git a/modules/nullplatform/provider/networking/vpc/.terraform.lock.hcl b/modules/nullplatform/provider/networking/vpc/.terraform.lock.hcl deleted file mode 100644 index 061eabe..0000000 --- a/modules/nullplatform/provider/networking/vpc/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.50" - hashes = [ - "h1:SpVt8qRCAbEqMZ24pSJLFuJ77cmDtbd9Twggk5IhHpo=", - "zh:13e064b2cb9810afacc1cea10119ae79d0eee2cb358073c91bcec580a6f20fa7", - "zh:2939e4c20111ed71ad0f1d3022756aeade36afeae9bfd6b8d0bc29143d428d41", - "zh:2afe3a28241f14ff502c64419225945714544e0bd8447ece85ea188230ee76f3", - "zh:4332b4e06b9be0da0669fb36f7345b19c7a858891f47398117de258b84ed67ea", - "zh:4657a3f422edc0358176a770a9fed9a464be2831260d1c572a214dcc705cf835", - "zh:5df5d97d819e068f198e580712ff351509e8fd36494642f88c8e995b9b0b6157", - "zh:95611701e2d9c1107ca3cd028355f0cdb3fd89abc794ab3b23e43adbe0709b67", - "zh:9a78a06b4221dc3ee4db54c2d2cd7dae46730f2a6356c33b4f228683c46f8074", - "zh:ac604ca7b534dd7a0700e6cacb46cc93a2b20e56f4c63cb23e1624ea90cb7602", - "zh:b485b58550b4d04e5471f056c941e1f8f0de6efac1b323d00f23cba72253572c", - "zh:c86870ee600c54edcb085cb32850db955e47bfc0daa3b068dc51590e27b73d86", - "zh:e684601ec015e7a132c607c28cd4787aab1008648eb1b4ac14552701145cc6d8", - "zh:e82423ae69f1536c70b778b1333998d8b34ffa8686e7a0b6575f0872a7c2fd4d", - "zh:eaf45f4384ca089a1886fc91c10c6f46109dba964a06d6f0a9110b6cb2abab5b", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/provider/networking/vpc/README.md b/modules/nullplatform/provider/networking/vpc/README.md deleted file mode 100644 index 3f78278..0000000 --- a/modules/nullplatform/provider/networking/vpc/README.md +++ /dev/null @@ -1,39 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.50 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_provider_config.network](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [dimensions](#input\_dimensions) | A map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [environment](#input\_environment) | The environment dimension value to which the configuraion applies | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | use Environment as default dimension | `bool` | `true` | no | -| [nrn](#input\_nrn) | The null platform nrn | `string` | n/a | yes | -| [private\_load\_balancer\_arn](#input\_private\_load\_balancer\_arn) | The private alb arn used for ec2 and lambda | `string` | n/a | yes | -| [private\_load\_balancer\_listener\_arn](#input\_private\_load\_balancer\_listener\_arn) | The private alb listener arn used for ec2 and lambda | `string` | n/a | yes | -| [public\_load\_balancer\_arn](#input\_public\_load\_balancer\_arn) | The private alb arn used for ec2 and lambda | `string` | n/a | yes | -| [public\_load\_balancer\_listener\_arn](#input\_public\_load\_balancer\_listener\_arn) | The private alb listener arn used for ec2 and lambda | `string` | n/a | yes | -| [security\_group\_ids](#input\_security\_group\_ids) | The sg ids used for ec2 and lambda | `list(string)` | n/a | yes | -| [subnet\_ids](#input\_subnet\_ids) | The subnet ids used for ec2 and lambda | `list(string)` | n/a | yes | -| [vpc\_id](#input\_vpc\_id) | The VPC id used for ec2 and lambda | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/modules/nullplatform/provider/networking/vpc/backend.tf b/modules/nullplatform/provider/networking/vpc/backend.tf deleted file mode 100644 index 48aab7d..0000000 --- a/modules/nullplatform/provider/networking/vpc/backend.tf +++ /dev/null @@ -1,7 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} diff --git a/modules/nullplatform/provider/networking/vpc/locals.tf b/modules/nullplatform/provider/networking/vpc/locals.tf deleted file mode 100644 index f315038..0000000 --- a/modules/nullplatform/provider/networking/vpc/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} diff --git a/modules/nullplatform/provider/networking/vpc/main.tf b/modules/nullplatform/provider/networking/vpc/main.tf deleted file mode 100644 index f4172c0..0000000 --- a/modules/nullplatform/provider/networking/vpc/main.tf +++ /dev/null @@ -1,23 +0,0 @@ -resource "nullplatform_provider_config" "network" { - provider = nullplatform - nrn = var.nrn - type = "aws-networking-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - "vpc" : { - "id" : var.vpc_id, - "subnets" : var.subnet_ids, - "security_groups" : var.security_group_ids - }, - "load_balancer" : { - "private" : { - "arn" : var.private_load_balancer_arn, - "listener_arn" : var.private_load_balancer_listener_arn - }, - "public" : { - "arn" : var.public_load_balancer_arn, - "listener_arn" : var.public_load_balancer_listener_arn - } - } - }) -} diff --git a/modules/nullplatform/provider/networking/vpc/variables.tf b/modules/nullplatform/provider/networking/vpc/variables.tf deleted file mode 100644 index 516391e..0000000 --- a/modules/nullplatform/provider/networking/vpc/variables.tf +++ /dev/null @@ -1,56 +0,0 @@ -variable "nrn" { - type = string - description = "The null platform nrn" -} - -variable "environment" { - type = string - description = "The environment dimension value to which the configuraion applies" -} - -variable "dimensions" { - type = map(string) - description = "A map of dimension values to configure Nullplatform" - default = {} -} - -variable "include_environment" { - type = bool - description = "use Environment as default dimension" - default = true -} - -variable "vpc_id" { - type = string - description = "The VPC id used for ec2 and lambda" -} - -variable "subnet_ids" { - type = list(string) - description = "The subnet ids used for ec2 and lambda" -} - -variable "security_group_ids" { - type = list(string) - description = "The sg ids used for ec2 and lambda" -} - -variable "private_load_balancer_arn" { - type = string - description = "The private alb arn used for ec2 and lambda" -} - -variable "private_load_balancer_listener_arn" { - type = string - description = "The private alb listener arn used for ec2 and lambda" -} - -variable "public_load_balancer_arn" { - type = string - description = "The private alb arn used for ec2 and lambda" -} - -variable "public_load_balancer_listener_arn" { - type = string - description = "The private alb listener arn used for ec2 and lambda" -} diff --git a/modules/nullplatform/scope-definition-agent-association/README.md b/modules/nullplatform/scope-definition-agent-association/README.md deleted file mode 100644 index 2548ba2..0000000 --- a/modules/nullplatform/scope-definition-agent-association/README.md +++ /dev/null @@ -1,65 +0,0 @@ -## [ALPHA] Scope-Definition-Agent-Association module - -This module creates a notification channel that associates agents with a specific scope definition, enabling agent-based operations for services within that scope. - -## How to use it - -```hcl -module "k8s_scope_definition" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/scope-definition?ref=alpha" - nrn = var.np_account_nrn - np_api_key = var.np_api_key - github_repo_url = "https://github.com/nullplatform/scopes" - github_ref = "features/specs_for_automation" - github_scope_path = "k8s" - scope_name = "K8S Webserver" - workflow_override_values = "../../nullplatform-training/partner-training/3-scopes-getting-started/scope-override/values.yaml" - scope_description = "Webserver running in a Kubernetes cluster" - -} - -module "k8s_agent_asociation" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/scope-definition-agent-association?ref=alpha" - agent_api_key = var.np_api_key - scope_definition=module.k8s_scope_definition - agent_tags = { "environment" = "demo", "training" = "ingenia", "cluster" = "geisbruch" } -} -``` - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_notification_channel.channel_from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [agent\_api\_key](#input\_agent\_api\_key) | API key with permissions to run commands on agents (usually ops permissions) | `string` | n/a | yes | -| [agent\_command](#input\_agent\_command) | Agent command configuration | 
object({
    type = string
    data = object({
      cmdline     = string
      arguments   = optional(list(string), [])
      environment = optional(map(string), {})
    })
  })
| n/a | yes | -| [agent\_tags](#input\_agent\_tags) | Agent tags for selector | `map(string)` | n/a | yes | -| [channel\_sources](#input\_channel\_sources) | List of sources for the notification channel | `list(string)` | 
[
  "telemetry",
  "service"
]
| no | -| [channel\_type](#input\_channel\_type) | Type of the notification channel | `string` | `"agent"` | no | -| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | n/a | yes | -| [scope\_slug](#input\_scope\_slug) | The slug of the scope definition | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [id](#output\_id) | The ID of the created notification channel | \ No newline at end of file diff --git a/modules/nullplatform/scope-definition-agent-association/backend.tf b/modules/nullplatform/scope-definition-agent-association/backend.tf deleted file mode 100644 index 8fda109..0000000 --- a/modules/nullplatform/scope-definition-agent-association/backend.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - http = { - source = "hashicorp/http" - } - external = { - source = "hashicorp/external" - } - null = { - source = "hashicorp/null" - } - } -} diff --git a/modules/nullplatform/scope-definition-agent-association/main.tf b/modules/nullplatform/scope-definition-agent-association/main.tf deleted file mode 100644 index 4c0077c..0000000 --- a/modules/nullplatform/scope-definition-agent-association/main.tf +++ /dev/null @@ -1,35 +0,0 @@ -resource "nullplatform_notification_channel" "channel_from_template" { - nrn = local.merged_config.nrn - type = "agent" - source = local.merged_config.channel_sources - - - configuration { - dynamic "agent" { - for_each = [1] - content { - api_key = local.merged_config.agent_api_key - command { - type = local.merged_config.specification.agent_command.type - data = { - cmdline = join(" ", compact([ - local.merged_config.specification.agent_command.data.cmdline, - local.merged_config.workflow_override_path != null ? "--overrides-path=${local.merged_config.workflow_override_path}" : "" - ])) - arguments = jsonencode(try(local.merged_config.specification.agent_command.data.arguments, [])) - environment = jsonencode(try(local.merged_config.specification.agent_command.data.environment, {})) - } - } - - selector = local.merged_config.agent_tags - } - } - } - - filters = jsonencode({ - "$or" = [ - {"service.specification.slug" = {"$eq": local.merged_config.slug }}, - {"arguments.scope_provider" = {"$eq": local.merged_config.scope_provider_id }} - ] - }) -} diff --git a/modules/nullplatform/scope-definition-agent-association/outputs.tf b/modules/nullplatform/scope-definition-agent-association/outputs.tf deleted file mode 100644 index eed0514..0000000 --- a/modules/nullplatform/scope-definition-agent-association/outputs.tf +++ /dev/null @@ -1,8 +0,0 @@ -################################################################################ -# Scope Definition Module Outputs -################################################################################ - -output "id" { - value = nullplatform_notification_channel.channel_from_template.id - description = "The ID of the created notification channel" -} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition-agent-association/variables.tf b/modules/nullplatform/scope-definition-agent-association/variables.tf deleted file mode 100644 index a583cdc..0000000 --- a/modules/nullplatform/scope-definition-agent-association/variables.tf +++ /dev/null @@ -1,120 +0,0 @@ -################################################################################ -# Scope Definition Module Variables -################################################################################ - -variable "nrn" { - type = string - description = "Nullplatform Resource Name (organization:account format)" - default = null -} - -variable "agent_tags" { - type = map(string) - description = "Agent tags" - -} - -variable "channel_sources" { - type = list(string) - description = "List of sources for the notification channel (e.g., ['monitoring', 'alerts'])" - default = [ "telemetry", "service" ] -} - -variable "channel_type" { - type = string - description = "Type of the notification channel (e.g., 'agent')" - default = "agent" - -} - -variable "agent_api_key" { - type = string - description = "API key with permsissions to run commands on agents (usually ops permisions)" - sensitive = true -} - -variable "scope_slug" { - type = string - description = "The slug of the scope definition" - default = null -} -variable "workflow_override_path" { - type = string - default = null - description = "Path to a custom workflow file to override the default one" - -} -variable "agent_command" { - type = object({ - type = string - data = object({ - cmdline = string - arguments = optional(list(string), []) - environment = optional(map(string), {}) - }) - }) - default = null - -} - -variable "workflow_override_values" { - type = string - default = "null" - description = "Values to override in the workflow file" - -} - -variable "scope_provider_id" { - type = string - description = "The ID of the scope provider associated with the scope definition" - default = null - -} - -variable "scope_definition" { - type = object({ - slug = string, - nrn = string, - workflow_override_path = string, - workflow_override_values = string, - scope_provider_id = string, - specification = object({ - agent_command = object({ - type = string - data = object({ - cmdline = string - arguments = optional(list(string), []) - environment = optional(map(string), {}) - }) - }) - }) - }) -} - -locals { - base_config = { - nrn = var.nrn - agent_tags = var.agent_tags - channel_sources = var.channel_sources - channel_type = var.channel_type - agent_api_key = var.agent_api_key - slug = var.scope_slug - scope_provider_id = var.scope_provider_id - agent_command = var.agent_command - workflow_override_path = var.workflow_override_path - workflow_override_values = var.workflow_override_values - } - - merged_config = merge( - local.base_config, - { - for k, v in var.scope_definition : k => ( - # If key exists in base_config and scope_definition value is null, - # keep the base_config value, otherwise use scope_definition value - contains(keys(local.base_config), k) && v == null - ? local.base_config[k] - : v - ) - } - ) -} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/README.md b/modules/nullplatform/scope-definition/README.md deleted file mode 100644 index 56e2d6c..0000000 --- a/modules/nullplatform/scope-definition/README.md +++ /dev/null @@ -1,64 +0,0 @@ -## [ALPHA] Scope-Definition module - -## How to use it - -```hcl -module "" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/scope-definition" - - nrn = "" - np_api_key = "" - github_repo_url = "https://github.com/nullplatform/scopes" - github_ref = "main" - github_scope_path = "k8s" - scope_name = "K8S Webserver" - scope_description = "Webserver running in a Kubernetes cluster" -} -``` - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [http](#provider\_http) | n/a | -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_action_specification.from_templates](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/action_specification) | resource | -| [nullplatform_scope_type.from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/scope_type) | resource | -| [nullplatform_service_specification.from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/service_specification) | resource | -| [http_http.action_templates](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | -| [http_http.service_spec_template](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [action\_spec\_names](#input\_action\_spec\_names) | List of action specification template names to fetch and create | `list(string)` | 
[
  "create-scope",
  "delete-scope",
  "start-initial",
  "start-blue-green",
  "finalize-blue-green",
  "rollback-deployment",
  "delete-deployment",
  "switch-traffic",
  "set-desired-instance-count",
  "pause-autoscaling",
  "resume-autoscaling",
  "restart-pods",
  "kill-instances"
]
| no | -| [github\_ref](#input\_github\_ref) | Git reference (branch, tag, or commit) | `string` | `"main"` | no | -| [github\_repo\_url](#input\_github\_repo\_url) | GitHub repository URL containing templates | `string` | `"https://github.com/nullplatform/scopes"` | no | -| [github\_scope\_path](#input\_github\_scope\_path) | Path within the repository for the specific scope (e.g., k8s, ecs) | `string` | `"k8s"` | no | -| [np\_api\_key](#input\_np\_api\_key) | Nullplatform API key for authentication | `string` | n/a | yes | -| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | n/a | yes | -| [scope\_description](#input\_scope\_description) | Description of the scope type to be created | `string` | n/a | yes | -| [scope\_name](#input\_scope\_name) | Name of the scope type to be created | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [action\_specification\_ids](#output\_action\_specification\_ids) | Map of action specification names to their IDs | -| [scope\_type\_id](#output\_scope\_type\_id) | The ID of the created scope type | -| [service\_specification\_id](#output\_service\_specification\_id) | The ID of the created service specification | -| [service\_specification\_slug](#output\_service\_specification\_slug) | The slug of the created service specification | \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/backend.tf b/modules/nullplatform/scope-definition/backend.tf deleted file mode 100644 index 8fda109..0000000 --- a/modules/nullplatform/scope-definition/backend.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - http = { - source = "hashicorp/http" - } - external = { - source = "hashicorp/external" - } - null = { - source = "hashicorp/null" - } - } -} diff --git a/modules/nullplatform/scope-definition/main.tf b/modules/nullplatform/scope-definition/main.tf deleted file mode 100644 index ab72230..0000000 --- a/modules/nullplatform/scope-definition/main.tf +++ /dev/null @@ -1,133 +0,0 @@ -################################################################################ -# Step 1: Fetch Templates -################################################################################ - -locals { - git_login = var.git_user != null && var.git_password !=null ? "${var.git_user}:${var.git_password}@" : var.git_user != null ? "${var.git_user}@" : "" - full_git_repo_url = var.git_provider == "github" ? "https://${local.git_login}raw.githubusercontent.com/${var.git_repo}/refs/heads/${var.git_ref}" : null -} - -# Fetch service specification template -data "http" "service_spec_template" { - url = "${local.full_git_repo_url}/${var.git_scope_path}/specs/service-spec.json${var.use_tpl_files ? ".tpl" : ""}" -} -# Fetch action specification templates -data "http" "action_templates" { - for_each = toset(local.available_actions) - url = "${local.full_git_repo_url}/${var.git_scope_path}/specs/actions/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" -} - - - -################################################################################ -# Step 2: Process and Create Service Specification -################################################################################ - -locals { - # Process the template by replacing the template variables - # replace is done because some old templates contain gomplate placeholders - service_spec_rendered = var.use_tpl_files ? replace( - data.http.service_spec_template.response_body, - "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"\"" - ) : data.http.service_spec_template.response_body - service_spec_parsed = jsondecode(local.service_spec_rendered) - available_actions = local.service_spec_parsed.available_actions -} - -# Create service specification -resource "nullplatform_service_specification" "from_template" { - name = local.service_spec_parsed.name - visible_to = [var.nrn] - type = local.service_spec_parsed.type - attributes = jsonencode(local.service_spec_parsed.attributes) - use_default_actions = local.service_spec_parsed.use_default_actions - - selectors { - category = local.service_spec_parsed.selectors.category - imported = local.service_spec_parsed.selectors.imported - provider = local.service_spec_parsed.selectors.provider - sub_category = local.service_spec_parsed.selectors.sub_category - } -} - -locals { - # Variables that depend on created service specification - service_specification_id = nullplatform_service_specification.from_template.id - service_slug = nullplatform_service_specification.from_template.slug - - dependent_env_vars = { - NRN = var.nrn - SERVICE_SPECIFICATION_ID = local.service_specification_id - SERVICE_SLUG = local.service_slug - } -} - -################################################################################ -# Step 3: Process and Create Scope Type -################################################################################ - - - -# Create scope type -resource "nullplatform_scope_type" "from_template" { - depends_on = [nullplatform_service_specification.from_template] - - nrn = var.nrn - name = var.scope_name - description = var.scope_description - provider_id = local.service_specification_id -} - -################################################################################ -# Step 4: Create Action Specifications -################################################################################ - -# Process action templates - conditional processing based on file type -# replace is done because some old templates contain gomplate placeholders -locals { - action_specs_parsed = { - for name in local.available_actions : - name => jsondecode(var.use_tpl_files ? replace( - data.http.action_templates[name].response_body, - "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"\"" - ) : data.http.action_templates[name].response_body) - } -} - -# Create action specifications -resource "nullplatform_action_specification" "from_templates" { - for_each = toset(local.available_actions ) - depends_on = [nullplatform_service_specification.from_template] - - service_specification_id = local.service_specification_id - name = local.action_specs_parsed[each.key].name - type = local.action_specs_parsed[each.key].type - parameters = jsonencode(local.action_specs_parsed[each.key].parameters) - results = jsonencode(local.action_specs_parsed[each.key].results) - retryable = try(local.action_specs_parsed[each.key].retryable, false) -} - -## TODO: Change by NRN API when available or provider -resource "null_resource" "nrn_patch" { - depends_on = [nullplatform_service_specification.from_template] - - triggers = { - nrn = var.nrn - service_slug = local.service_slug - } - - provisioner "local-exec" { - command = <<-EOT - np nrn patch --nrn "${var.nrn}" --body "{ - \"global.${local.service_slug}_metric_provider\": \"${var.metrics_provider}\", - \"global.${local.service_slug}_log_provider\": \"${var.logs_provider}\" - }" - EOT - - environment = { - NP_API_KEY = var.np_api_key - } - } -} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/outputs.tf b/modules/nullplatform/scope-definition/outputs.tf deleted file mode 100644 index 7e1c6bb..0000000 --- a/modules/nullplatform/scope-definition/outputs.tf +++ /dev/null @@ -1,78 +0,0 @@ -################################################################################ -# Scope Definition Module Outputs -################################################################################ - -output "service_specification_id" { - value = nullplatform_service_specification.from_template.id - description = "The ID of the created service specification" -} - -output "service_specification_slug" { - value = nullplatform_service_specification.from_template.slug - description = "The slug of the created service specification" -} - -output "slug" { - value = nullplatform_service_specification.from_template.slug - description = "The slug of the created service specification" -} - -output "scope_type_id" { - value = nullplatform_scope_type.from_template.id - description = "The ID of the created scope type" -} - -output "action_specification_ids" { - value = { - for k, v in nullplatform_action_specification.from_templates : k => v.id - } - description = "Map of action specification names to their IDs" -} - -output "nrn" { - value = var.nrn - description = "The NRN of the created service specification" -} -output "git_repo_url" { - value = var.git_repo - description = "The GitHub repository URL associated with the service specification" -} -output "git_ref" { - value = var.git_ref - description = "The GitHub branch associated with the service specification" -} -output "git_scope_path" { - value = var.git_scope_path - description = "The GitHub path associated with the service specification" -} - -output "scope_name" { - value = var.scope_name - description = "The name of the scope definition" -} - -output "scope_description" { - value = var.scope_description - description = "The name of the scope definition" -} - -output "specification" { - value = local.service_spec_parsed - description = "The attributes of the created service specification" -} - -output "workflow_override_path" { - value = var.workflow_override_path - description = "The path to the custom workflow file" -} -output "workflow_override_values" { - value = var.workflow_override_values - description = "The workflow override values" - -} - -output "scope_provider_id" { - value = nullplatform_service_specification.from_template.id - description = "The ID of the scope provider associated with the scope definition" - -} \ No newline at end of file diff --git a/modules/nullplatform/scope-definition/variables.tf b/modules/nullplatform/scope-definition/variables.tf deleted file mode 100644 index a388fac..0000000 --- a/modules/nullplatform/scope-definition/variables.tf +++ /dev/null @@ -1,110 +0,0 @@ -################################################################################ -# Scope Definition Module Variables -################################################################################ - -variable "nrn" { - type = string - description = "Nullplatform Resource Name (organization:account format)" -} -variable "git_provider" { - type = string - default = "github" - description = "Git provider (e.g., github, gitlab)" -} -variable "git_user" { - type = string - default = null - description = "Git username for authentication" -} -variable "git_password" { - type = string - default = null - sensitive = true - description = "Git password or token for authentication" -} -variable "git_repo" { - type = string - default = "nullplatform/scopes" - description = "GitHub repository containing templates" -} - -variable "workflow_override_path" { - type = string - default = null - description = "Path to a custom workflow file to override the default one" -} - -variable "workflow_override_values" { - type = string - default = null - description = "Values to override in the workflow file" - -} - -variable "git_ref" { - type = string - default = "main" - description = "Git reference (branch, tag, or commit)" -} - -variable "git_scope_path" { - type = string - default = "k8s" - description = "Path within the repository for the specific scope (e.g., k8s, ecs)" -} - -variable "scope_name" { - type = string - description = "Name of the scope type to be created" -} -variable "scope_description" { - type = string - description = "Description of the scope type to be created" -} - -variable "action_spec_names" { - type = list(string) - default = [ - "create-scope", - "delete-scope", - "start-initial", - "start-blue-green", - "finalize-blue-green", - "rollback-deployment", - "delete-deployment", - "switch-traffic", - "set-desired-instance-count", - "pause-autoscaling", - "resume-autoscaling", - "restart-pods", - "kill-instances" - ] - description = "List of action specification template names to fetch and create" -} - -variable "logs_provider" { - type = string - default = "external" - description = "The logs provider to be used" -} - -variable "metrics_provider" { - type = string - default = "externalmetrics" - description = "The metrics provider to be used" - -} - -variable "use_tpl_files" { - type = bool - default = true - description = "Whether to use .tpl files (true) or .json files (false) for templates" -} - -# NRN Patch Configuration -variable "np_api_key" { - type = string - sensitive = true - description = "Nullplatform API key for authentication" -} - diff --git a/modules/nullplatform/service-definition-agent-association/README.md b/modules/nullplatform/service-definition-agent-association/README.md deleted file mode 100644 index 27575b2..0000000 --- a/modules/nullplatform/service-definition-agent-association/README.md +++ /dev/null @@ -1,67 +0,0 @@ -## [ALPHA] Service-Definition-Agent-Association module - -This module creates a notification channel that associates agents with a specific service definition, enabling agent-based operations for services within that scope. - -## How to use it - -```hcl -module "service_definition" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/service-definition?ref=alpha" - nrn = var.np_account_nrn - np_api_key = var.np_api_key - git_repo = "nullplatform/services" - git_ref = "main" - git_service_path = "databases/postgres/k8s" - service_name = "PostgreSQL Database" - service_description = "PostgreSQL database service running in Kubernetes" -} - -module "service_agent_association" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/service-definition-agent-association?ref=alpha" - agent_api_key = var.np_api_key - service_definition = module.service_definition - agent_tags = { "environment" = "production", "cluster" = "k8s-prod" } -} -``` - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_notification_channel.channel_from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [agent\_api\_key](#input\_agent\_api\_key) | API key with permsissions to run commands on agents (usually ops permisions) | `string` | n/a | yes | -| [agent\_command](#input\_agent\_command) | Agent command configuration | 
object({
    type = string
    data = object({
      cmdline     = string
      arguments   = optional(list(string), [])
      environment = optional(map(string), {})
    })
  })
| `null` | no | -| [agent\_tags](#input\_agent\_tags) | Agent tags | `map(string)` | n/a | yes | -| [channel\_sources](#input\_channel\_sources) | List of sources for the notification channel (e.g., ['monitoring', 'alerts']) | `list(string)` | 
[
  "telemetry",
  "service"
]
| no | -| [channel\_type](#input\_channel\_type) | Type of the notification channel (e.g., 'agent') | `string` | `"agent"` | no | -| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | `null` | no | -| [service\_definition](#input\_service\_definition) | The service definition object from the service-definition module | 
object({
    nrn = string,
    slug = string,
    workflow_override_path = string,
    workflow_override_values = string,
    service_specification_id = string,
    specification = object({
      agent_command = object({
        type = string
        data = object({
          cmdline     = string
          arguments   = optional(list(string), [])
          environment = optional(map(string), {})
        })
      })
    })
  })
| n/a | yes | -| [service\_slug](#input\_service\_slug) | The slug of the scope definition | `string` | `null` | no | -| [service\_specification\_id](#input\_service\_specification\_id) | The ID of the service definition associated with the agent | `string` | `null` | no | -| [workflow\_override\_path](#input\_workflow\_override\_path) | Path to a custom workflow file to override the default one | `string` | `null` | no | -| [workflow\_override\_values](#input\_workflow\_override\_values) | Values to override in the workflow file | `string` | `"null"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [id](#output\_id) | The ID of the created notification channel | \ No newline at end of file diff --git a/modules/nullplatform/service-definition-agent-association/backend.tf b/modules/nullplatform/service-definition-agent-association/backend.tf deleted file mode 100644 index 8fda109..0000000 --- a/modules/nullplatform/service-definition-agent-association/backend.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - http = { - source = "hashicorp/http" - } - external = { - source = "hashicorp/external" - } - null = { - source = "hashicorp/null" - } - } -} diff --git a/modules/nullplatform/service-definition-agent-association/main.tf b/modules/nullplatform/service-definition-agent-association/main.tf deleted file mode 100644 index 6acabf4..0000000 --- a/modules/nullplatform/service-definition-agent-association/main.tf +++ /dev/null @@ -1,35 +0,0 @@ - -resource "nullplatform_notification_channel" "channel_from_template" { - nrn = local.merged_config.nrn - type = "agent" - source = local.merged_config.channel_sources - - - configuration { - dynamic "agent" { - for_each = [1] - content { - api_key = local.merged_config.agent_api_key - command { - type = local.merged_config.specification.agent_command.type - data = { - cmdline = join(" ", compact([ - local.merged_config.specification.agent_command.data.cmdline, - local.merged_config.workflow_override_path != null ? "--overrides-path=${local.merged_config.workflow_override_path}" : "", - ])) - arguments = jsonencode(try(local.merged_config.specification.agent_command.data.arguments, [])) - environment = jsonencode(try(local.merged_config.specification.agent_command.data.environment, {})) - } - } - - selector = local.merged_config.agent_tags - } - } - } - - filters = jsonencode({ - "$or" = [ - {"service.specification.slug" = {"$eq": local.merged_config.slug }} - ] - }) -} diff --git a/modules/nullplatform/service-definition-agent-association/outputs.tf b/modules/nullplatform/service-definition-agent-association/outputs.tf deleted file mode 100644 index eed0514..0000000 --- a/modules/nullplatform/service-definition-agent-association/outputs.tf +++ /dev/null @@ -1,8 +0,0 @@ -################################################################################ -# Scope Definition Module Outputs -################################################################################ - -output "id" { - value = nullplatform_notification_channel.channel_from_template.id - description = "The ID of the created notification channel" -} \ No newline at end of file diff --git a/modules/nullplatform/service-definition-agent-association/variables.tf b/modules/nullplatform/service-definition-agent-association/variables.tf deleted file mode 100644 index 6d40035..0000000 --- a/modules/nullplatform/service-definition-agent-association/variables.tf +++ /dev/null @@ -1,118 +0,0 @@ -################################################################################ -# Scope Definition Module Variables -################################################################################ - -variable "nrn" { - type = string - description = "Nullplatform Resource Name (organization:account format)" - default = null -} - -variable "agent_tags" { - type = map(string) - description = "Agent tags" -} - -variable "channel_sources" { - type = list(string) - description = "List of sources for the notification channel (e.g., ['monitoring', 'alerts'])" - default = [ "telemetry", "service" ] -} - -variable "channel_type" { - type = string - description = "Type of the notification channel (e.g., 'agent')" - default = "agent" - -} - -variable "agent_api_key" { - type = string - description = "API key with permsissions to run commands on agents (usually ops permisions)" - sensitive = true -} - -variable "service_slug" { - type = string - description = "The slug of the scope definition" - default = null -} -variable "workflow_override_path" { - type = string - default = null - description = "Path to a custom workflow file to override the default one" - -} -variable "agent_command" { - type = object({ - type = string - data = object({ - cmdline = string - arguments = optional(list(string), []) - environment = optional(map(string), {}) - }) - }) - default = null - -} - -variable "workflow_override_values" { - type = string - default = "null" - description = "Values to override in the workflow file" - -} - -variable "service_specification_id" { - type = string - description = "The ID of the service definition associated with the agent" - default = null - -} - -variable "service_definition" { - type = object({ - nrn = string, - slug = string, - workflow_override_path = string, - workflow_override_values = string, - service_specification_id = string, - specification = object({ - agent_command = object({ - type = string - data = object({ - cmdline = string - arguments = optional(list(string), []) - environment = optional(map(string), {}) - }) - }) - }) - }) -} -locals { - base_config = { - nrn = var.nrn - agent_tags = var.agent_tags - channel_sources = var.channel_sources - channel_type = var.channel_type - agent_api_key = var.agent_api_key - slug = var.service_slug - service_specification_id = var.service_specification_id - agent_command = var.agent_command - workflow_override_path = var.workflow_override_path - workflow_override_values = var.workflow_override_values - } - - merged_config = merge( - local.base_config, - { - for k, v in var.service_definition : k => ( - # If key exists in base_config and service_definition value is null, - # keep the base_config value, otherwise use service_definition value - contains(keys(local.base_config), k) && v == null - ? local.base_config[k] - : v - ) - } - ) -} \ No newline at end of file diff --git a/modules/nullplatform/service-definition/README.md b/modules/nullplatform/service-definition/README.md deleted file mode 100644 index f3f7a9e..0000000 --- a/modules/nullplatform/service-definition/README.md +++ /dev/null @@ -1,89 +0,0 @@ -## [ALPHA] Service-Definition module - -## How to use it - -```hcl -module "service_definition" { - source = "git@github.com:nullplatform/main-terraform-modules.git//modules/nullplatform/service-definition" - - nrn = "organization:account" - np_api_key = "your-api-key" - git_repo = "nullplatform/services" - git_ref = "main" - git_service_path = "databases/postgres/k8s" - service_name = "PostgreSQL Database" - service_description = "PostgreSQL database service running in Kubernetes" - dimensions = { - environment = "production" - region = "us-east-1" - } -} -``` - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [http](#provider\_http) | n/a | -| [nullplatform](#provider\_nullplatform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_action_specification.from_templates](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/action_specification) | resource | -| [nullplatform_link_specification.service_link_from_templates](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/link_specification) | resource | -| [nullplatform_service_specification.from_template](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/service_specification) | resource | -| [http_http.action_templates](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | -| [http_http.link_templates](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | -| [http_http.service_spec_template](https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [dimensions](#input\_dimensions) | Key-value pairs for dimensions to be associated with the service specification | `map(string)` | `null` | no | -| [extra\_visibile\_to\_nrns](#input\_extra\_visibile\_to\_nrns) | Additional NRNs that should have visibility to the created service specification | `list(string)` | `[]` | no | -| [git\_password](#input\_git\_password) | Git provider (e.g., github, gitlab) | `string` | `null` | no | -| [git\_provider](#input\_git\_provider) | Git provider (e.g., github, gitlab) | `string` | `"github"` | no | -| [git\_ref](#input\_git\_ref) | Git reference (branch, tag, or commit) | `string` | `"main"` | no | -| [git\_repo](#input\_git\_repo) | GitHub repository URL containing templates | `string` | `"nullplatform/services"` | no | -| [git\_service\_path](#input\_git\_service\_path) | Path within the repository for the specific service (e.g., databases/postgres/k8s) | `string` | n/a | yes | -| [git\_user](#input\_git\_user) | Git provider (e.g., github, gitlab) | `string` | `null` | no | -| [np\_api\_key](#input\_np\_api\_key) | Nullplatform API key for authentication | `string` | n/a | yes | -| [nrn](#input\_nrn) | Nullplatform Resource Name (organization:account format) | `string` | n/a | yes | -| [service\_description](#input\_service\_description) | Description of the scope type to be created | `string` | n/a | yes | -| [service\_name](#input\_service\_name) | Name of the scope type to be created | `string` | n/a | yes | -| [use\_tpl\_files](#input\_use\_tpl\_files) | Whether to use .tpl files (true) or .json files (false) for templates | `bool` | `false` | no | -| [workflow\_override\_path](#input\_workflow\_override\_path) | Path to a custom workflow file to override the default one | `string` | `""` | no | -| [workflow\_override\_values](#input\_workflow\_override\_values) | Values to override in the workflow file | `string` | `""` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [action\_specification\_ids](#output\_action\_specification\_ids) | Map of action specification names to their IDs | -| [git\_password](#output\_git\_password) | The Git password associated with the service specification | -| [git\_provider](#output\_git\_provider) | The Git provider associated with the service specification | -| [git\_ref](#output\_git\_ref) | The GitHub branch associated with the service specification | -| [git\_repo](#output\_git\_repo) | The GitHub repository URL associated with the service specification | -| [git\_service\_path](#output\_git\_service\_path) | The GitHub path associated with the service specification | -| [git\_user](#output\_git\_user) | The Git user associated with the service specification | -| [link\_specification\_ids](#output\_link\_specification\_ids) | Map of link specification names to their IDs | -| [nrn](#output\_nrn) | The NRN of the created service specification | -| [service\_description](#output\_service\_description) | The description of the service definition | -| [service\_name](#output\_service\_name) | The name of the scope definition | -| [service\_specification\_id](#output\_service\_specification\_id) | The ID of the created service specification | -| [service\_specification\_slug](#output\_service\_specification\_slug) | The slug of the created service specification | -| [slug](#output\_slug) | The slug of the created service specification | -| [specification](#output\_specification) | The attributes of the created service specification | -| [workflow\_override\_path](#output\_workflow\_override\_path) | The path to the custom workflow file | -| [workflow\_override\_values](#output\_workflow\_override\_values) | The workflow override values | \ No newline at end of file diff --git a/modules/nullplatform/service-definition/backend.tf b/modules/nullplatform/service-definition/backend.tf deleted file mode 100644 index 8fda109..0000000 --- a/modules/nullplatform/service-definition/backend.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - http = { - source = "hashicorp/http" - } - external = { - source = "hashicorp/external" - } - null = { - source = "hashicorp/null" - } - } -} diff --git a/modules/nullplatform/service-definition/main.tf b/modules/nullplatform/service-definition/main.tf deleted file mode 100644 index 83f98ca..0000000 --- a/modules/nullplatform/service-definition/main.tf +++ /dev/null @@ -1,129 +0,0 @@ - -################################################################################ -# Step 1: Fetch Templates -################################################################################ - -locals { - git_login = var.git_user != null && var.git_password !=null ? "${var.git_user}:${var.git_password}@" : var.git_user != null ? "${var.git_user}@" : "" - full_git_repo_url = var.git_provider == "github" ? "https://${local.git_login}raw.githubusercontent.com/${var.git_repo}/refs/heads/${var.git_ref}" : null -} - -# Fetch service specification template -data "http" "service_spec_template" { - url = "${local.full_git_repo_url}/${var.git_service_path}/specs/service-spec.json${var.use_tpl_files ? ".tpl" : ""}" -} -# Fetch action specification templates -data "http" "action_templates" { - for_each = toset(local.available_actions) - url = "${local.full_git_repo_url}/${var.git_service_path}/specs/actions/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" -} - -data "http" "link_templates" { - for_each = toset(local.available_links) - url = "${local.full_git_repo_url}/${var.git_service_path}/specs/links/${each.key}.json${var.use_tpl_files ? ".tpl" : ""}" -} - - -################################################################################ -# Step 2: Process and Create Service Specification -################################################################################ - -locals { - # Process the template by replacing the template variables - # replace is done because some old templates contain gomplate placeholders - service_spec_rendered = var.use_tpl_files ? replace( - data.http.service_spec_template.response_body, - "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"${var.nrn}\"" - ) : data.http.service_spec_template.response_body - service_spec_parsed = jsondecode(local.service_spec_rendered) - available_actions = try(local.service_spec_parsed.available_actions, []) - available_links = try(local.service_spec_parsed.available_links, []) - visible_to_nrns = concat([var.nrn], var.extra_visibile_to_nrns) - -} - -# Create service specification -resource "nullplatform_service_specification" "from_template" { - name = var.service_name - visible_to = local.visible_to_nrns - type = local.service_spec_parsed.type - attributes = jsonencode(local.service_spec_parsed.attributes) - use_default_actions = local.service_spec_parsed.use_default_actions - - selectors { - category = local.service_spec_parsed.selectors.category - imported = local.service_spec_parsed.selectors.imported - provider = local.service_spec_parsed.selectors.provider - sub_category = local.service_spec_parsed.selectors.sub_category - } - dimensions = jsonencode(var.dimensions) -} - -locals { - # Variables that depend on created service specification - service_specification_id = nullplatform_service_specification.from_template.id - service_slug = nullplatform_service_specification.from_template.slug - - dependent_env_vars = { - NRN = var.nrn - SERVICE_SPECIFICATION_ID = local.service_specification_id - SERVICE_SLUG = local.service_slug - } -} - -################################################################################ -# Process action templates - conditional processing based on file type -# replace is done because some old templates contain gomplate placeholders -locals { - action_specs_parsed = { - for name in local.available_actions : - name => jsondecode(var.use_tpl_files ? replace( - data.http.action_templates[name].response_body, - "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"\"" - ) : data.http.action_templates[name].response_body) - } -} - -# Create action specifications -resource "nullplatform_action_specification" "from_templates" { - for_each = toset(local.available_actions ) - depends_on = [nullplatform_service_specification.from_template] - - service_specification_id = local.service_specification_id - name = local.action_specs_parsed[each.key].name - type = local.action_specs_parsed[each.key].type - parameters = jsonencode(local.action_specs_parsed[each.key].parameters) - results = jsonencode(local.action_specs_parsed[each.key].results) - retryable = try(local.action_specs_parsed[each.key].retryable, false) -} - - -locals { - link_specs_parsed = { - for name in local.available_links : - name => jsondecode(var.use_tpl_files ? replace( - data.http.link_templates[name].response_body, - "/\"{{\\s+env.Getenv\\s+\".*\"\\s+}}\"/", - "\"\"" - ) : data.http.link_templates[name].response_body) - } -} - -resource "nullplatform_link_specification" "service_link_from_templates" { - for_each = toset(local.available_links ) - depends_on = [nullplatform_service_specification.from_template] - - name = local.link_specs_parsed[each.key].name - unique = try(local.link_specs_parsed[each.key].unique, false) - specification_id = local.service_specification_id - attributes = jsonencode(local.link_specs_parsed[each.key].attributes) - use_default_actions = try(local.link_specs_parsed[each.key].use_default_actions, true) - selectors { - category = local.service_spec_parsed.selectors.category - imported = local.service_spec_parsed.selectors.imported - provider = local.service_spec_parsed.selectors.provider - sub_category = local.service_spec_parsed.selectors.sub_category - } -} \ No newline at end of file diff --git a/modules/nullplatform/service-definition/outputs.tf b/modules/nullplatform/service-definition/outputs.tf deleted file mode 100644 index 651b802..0000000 --- a/modules/nullplatform/service-definition/outputs.tf +++ /dev/null @@ -1,88 +0,0 @@ -################################################################################ -# Scope Definition Module Outputs -################################################################################ - -output "service_specification_id" { - value = nullplatform_service_specification.from_template.id - description = "The ID of the created service specification" -} - -output "service_specification_slug" { - value = nullplatform_service_specification.from_template.slug - description = "The slug of the created service specification" -} - -output "slug" { - value = nullplatform_service_specification.from_template.slug - description = "The slug of the created service specification" -} - -output "action_specification_ids" { - value = { - for k, v in nullplatform_action_specification.from_templates : k => v.id - } - description = "Map of action specification names to their IDs" -} - - -output "link_specification_ids" { - value = { - for k, v in nullplatform_link_specification.service_link_from_templates : k => v.id - } - description = "Map of link specification names to their IDs" -} - -output "nrn" { - value = var.nrn - description = "The NRN of the created service specification" -} -output "git_provider" { - value = var.git_provider - description = "The Git provider associated with the service specification" -} -output "git_user" { - value = var.git_user - description = "The Git user associated with the service specification" -} -output "git_password" { - value = var.git_password - description = "The Git password associated with the service specification" - sensitive = true -} -output "git_repo" { - value = var.git_repo - description = "The GitHub repository URL associated with the service specification" -} -output "git_ref" { - value = var.git_ref - description = "The GitHub branch associated with the service specification" -} -output "git_service_path" { - value = var.git_service_path - description = "The GitHub path associated with the service specification" -} - -output "service_name" { - value = var.service_name - description = "The name of the scope definition" -} - -output "service_description" { - value = var.service_description - description = "The description of the service definition" -} - -output "specification" { - value = local.service_spec_parsed - description = "The attributes of the created service specification" -} - -output "workflow_override_path" { - value = var.workflow_override_path - description = "The path to the custom workflow file" -} -output "workflow_override_values" { - value = var.workflow_override_values - description = "The workflow override values" - -} diff --git a/modules/nullplatform/service-definition/variables.tf b/modules/nullplatform/service-definition/variables.tf deleted file mode 100644 index 7049d1d..0000000 --- a/modules/nullplatform/service-definition/variables.tf +++ /dev/null @@ -1,87 +0,0 @@ -################################################################################ -# Scope Definition Module Variables -################################################################################ - -variable "nrn" { - type = string - description = "Nullplatform Resource Name (organization:account format)" -} -variable "git_provider" { - type = string - default = "github" - description = "Git provider (e.g., github, gitlab)" -} -variable "git_user" { - type = string - default = null - description = "Git provider (e.g., github, gitlab)" -} -variable "git_password" { - type = string - default = null - sensitive = true - description = "Git provider (e.g., github, gitlab)" -} -variable "git_repo" { - type = string - default = "nullplatform/services" - description = "GitHub repository URL containing templates" -} - -variable "workflow_override_path" { - type = string - default = null - description = "Path to a custom workflow file to override the default one" -} - -variable "workflow_override_values" { - type = string - default = null - description = "Values to override in the workflow file" - -} - -variable "git_ref" { - type = string - default = "main" - description = "Git reference (branch, tag, or commit)" -} - -variable "git_service_path" { - type = string - description = "Path within the repository for the specific service (e.g., databases/postgres/k8s)" -} - -variable "service_name" { - type = string - description = "Name of the scope type to be created" -} -variable "service_description" { - type = string - description = "Description of the scope type to be created" -} - -variable "use_tpl_files" { - type = bool - default = false - description = "Whether to use .tpl files (true) or .json files (false) for templates" -} - -# NRN Patch Configuration -variable "np_api_key" { - type = string - sensitive = true - description = "Nullplatform API key for authentication" -} - -variable "extra_visibile_to_nrns" { - type = list(string) - default = [] - description = "Additional NRNs that should have visibility to the created service specification" -} -variable "dimensions" { - type = map(string) - default = null - description = "Key-value pairs for dimensions to be associated with the service specification" - -} \ No newline at end of file diff --git a/modules/nullplatform/service/.terraform.lock.hcl b/modules/nullplatform/service/.terraform.lock.hcl deleted file mode 100644 index e5bfb4a..0000000 --- a/modules/nullplatform/service/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "tofu init". -# Manual edits may be lost in future updates. - -provider "registry.opentofu.org/nullplatform/nullplatform" { - version = "0.0.57" - hashes = [ - "h1:c0qU+V7JeCZVMj8VwZLhx23LkHgNXIG3QgKdrQ6Y39c=", - "zh:06ad980f549118b21b2423960564dd7bdbe8302c442cba4d982a36abab0430c9", - "zh:07f37b0ce6e28f938e02f24d538e9d1c6b473a8056f7e079ecf3a6038936077c", - "zh:13cbc02c3e14b5ba76f74c653b8b23dca173542a239ecdb67ac14abd0917105a", - "zh:279c225e5ae218168f66fffebcddb14c5e781d74c58a8bbcffe42343cdc362e9", - "zh:34a282e4ba66ac5a25fb4546453695f4e6f581a1fc98a46eb1c56ec670a5468e", - "zh:4df7fe2d937b9fa91d219b7eee9ad58dc4dc857002109da7e93d3c8a8f1af683", - "zh:605e3e0308e16c0c80abaa86a96c7fb8a4449338c1ffa8d30975ec87b2fae4f1", - "zh:7215c72a73462636e7d60d0bd901ca2fb918b1cc76a575c6de4a365530de0f01", - "zh:79804e1ca5795e52250389df4c727099566e68b7f268f6064fc5f8ede7754e25", - "zh:7bcc2cf87c755bc8cd04b7bd85d708b6f97fc5a61daea2ff396d0630b2439ba4", - "zh:8f3bbaa006a0a8a1e87df89b49a635afc1f5cd9cc36dd3bb62451140e173b2fc", - "zh:abb8663efd33a2e46dce42cbc2d8e2f1fba712002775d41e892618521a0193ae", - "zh:c5bb79b935c64873c265fb755813b26e96ea85d417728b2464b6ab0c491bffc2", - "zh:d6b7babf81de6fbffa46f1453601fbbd7a58eb976355d08788b4b049f32ff271", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} diff --git a/modules/nullplatform/service/README.md b/modules/nullplatform/service/README.md deleted file mode 100644 index 73a23d8..0000000 --- a/modules/nullplatform/service/README.md +++ /dev/null @@ -1,50 +0,0 @@ -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [nullplatform](#provider\_nullplatform) | 0.0.57 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [nullplatform_action_specification.basic_actions](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/action_specification) | resource | -| [nullplatform_link_specification.link_specification](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/link_specification) | resource | -| [nullplatform_notification_channel.github](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | -| [nullplatform_notification_channel.webhook](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/notification_channel) | resource | -| [nullplatform_service_specification.service_specification](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/service_specification) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [assignable\_to](#input\_assignable\_to) | service assignable to. Options: any, dimension, scope | `string` | `"any"` | no | -| [attributes](#input\_attributes) | service attributes json schema | `any` | n/a | yes | -| [basic\_actions](#input\_basic\_actions) | Action schemas definitions | `map(string)` | `{}` | no | -| [dimensions](#input\_dimensions) | service dimensions | `map(any)` | n/a | yes | -| [filters](#input\_filters) | Additional filters to add to the service notification channels | `any` | n/a | yes | -| [link\_assignable\_to](#input\_link\_assignable\_to) | link assignable to. Options: any, dimension, scope | `string` | `"any"` | no | -| [link\_attributes](#input\_link\_attributes) | link attributes json schema | `any` | n/a | yes | -| [link\_dimensions](#input\_link\_dimensions) | link dimensions | `map(any)` | n/a | yes | -| [link\_name](#input\_link\_name) | link name | `string` | n/a | yes | -| [link\_unique](#input\_link\_unique) | link is unique | `bool` | `false` | no | -| [name](#input\_name) | service name | `string` | n/a | yes | -| [notify\_channels](#input\_notify\_channels) | Notification channels configuration | 
object({
    github = object({
      enabled         = bool
      account         = string
      reference       = string
      repository      = string
      workflow_id     = string
      installation_id = string
    }),
    webhook = object({
      enabled = bool
      url     = string
      headers = map(string)
    }),
  })
| 
{
  "github": {
    "account": "",
    "enabled": false,
    "installation_id": "",
    "reference": "",
    "repository": "",
    "workflow_id": ""
  },
  "webhook": {
    "enabled": false,
    "headers": {},
    "url": ""
  }
}
| no | -| [selectors](#input\_selectors) | Service selectors configuration | `map(string)` | n/a | yes | -| [type](#input\_type) | service type | `string` | `"dependency"` | no | -| [visible\_to](#input\_visible\_to) | Visibility of the service specification | `list(string)` | 
[
  "organization=1:account=*"
]
| no | - -## Outputs - -| Name | Description | -|------|-------------| -| [link\_specification\_id](#output\_link\_specification\_id) | value of the link specification id | -| [service\_specification\_id](#output\_service\_specification\_id) | value of the service specification id | diff --git a/modules/nullplatform/service/actions_specification.tf b/modules/nullplatform/service/actions_specification.tf deleted file mode 100644 index 63e898a..0000000 --- a/modules/nullplatform/service/actions_specification.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "nullplatform_action_specification" "basic_actions" { - for_each = var.basic_actions - - name = each.value.name - type = each.key - service_specification_id = nullplatform_service_specification.service_specification.id - retryable = each.value.retryable - - parameters = jsonencode(each.value.parameters) - results = jsonencode(each.value.results) -} - diff --git a/modules/nullplatform/service/link_spec.tf b/modules/nullplatform/service/link_spec.tf deleted file mode 100644 index cf61a97..0000000 --- a/modules/nullplatform/service/link_spec.tf +++ /dev/null @@ -1,19 +0,0 @@ -resource "nullplatform_link_specification" "link_specification" { - name = var.link_name - assignable_to = var.link_assignable_to - specification_id = nullplatform_service_specification.service_specification.id - unique = var.link_unique - visible_to = var.visible_to - - dimensions = jsonencode(var.link_dimensions) - attributes = jsonencode(var.link_attributes) - - use_default_actions = length(keys(var.basic_actions)) == 0 - - selectors { - category = var.selectors.category - imported = var.selectors.imported - provider = var.selectors.provider - sub_category = var.selectors.sub_category - } -} diff --git a/modules/nullplatform/service/locals.tf b/modules/nullplatform/service/locals.tf deleted file mode 100644 index 799b3a2..0000000 --- a/modules/nullplatform/service/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - filters = jsonencode(merge({ "service.specification.id" : nullplatform_service_specification.service_specification.id }, var.filters)) -} diff --git a/modules/nullplatform/service/notifications.tf b/modules/nullplatform/service/notifications.tf deleted file mode 100644 index 0861511..0000000 --- a/modules/nullplatform/service/notifications.tf +++ /dev/null @@ -1,32 +0,0 @@ -resource "nullplatform_notification_channel" "github" { - for_each = var.notify_channels.github.enabled ? toset(var.visible_to) : toset([]) - nrn = each.key - type = "github" - source = ["service"] - filters = local.filters - - configuration { - github { - account = var.notify_channels.github.account - reference = var.notify_channels.github.reference - repository = var.notify_channels.github.repository - workflow_id = var.notify_channels.github.workflow_id - installation_id = var.notify_channels.github.installation_id - } - } -} - -resource "nullplatform_notification_channel" "webhook" { - for_each = var.notify_channels.webhook.enabled ? toset(var.visible_to) : toset([]) - nrn = each.key - type = "http" - source = ["service"] - filters = local.filters - - configuration { - http { - url = var.notify_channels.webhook.url - headers = var.notify_channels.webhook.headers - } - } -} diff --git a/modules/nullplatform/service/outputs.tf b/modules/nullplatform/service/outputs.tf deleted file mode 100644 index 6be919c..0000000 --- a/modules/nullplatform/service/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "service_specification_id" { - description = "value of the service specification id" - value = nullplatform_service_specification.service_specification.id -} - -output "link_specification_id" { - description = "value of the link specification id" - value = nullplatform_link_specification.link_specification.id -} diff --git a/modules/nullplatform/service/provider.tf b/modules/nullplatform/service/provider.tf deleted file mode 100644 index 8fc65ac..0000000 --- a/modules/nullplatform/service/provider.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - } - } -} -provider "nullplatform" { -} diff --git a/modules/nullplatform/service/service_specification.tf b/modules/nullplatform/service/service_specification.tf deleted file mode 100644 index f8eaab1..0000000 --- a/modules/nullplatform/service/service_specification.tf +++ /dev/null @@ -1,21 +0,0 @@ -# Resource: Service Specification -resource "nullplatform_service_specification" "service_specification" { - name = var.name - type = var.type - assignable_to = var.assignable_to - - visible_to = var.visible_to - - dimensions = jsonencode(var.dimensions) - - attributes = jsonencode(var.attributes) - - use_default_actions = length(keys(var.basic_actions)) == 0 - - selectors { - category = var.selectors.category - imported = var.selectors.imported - provider = var.selectors.provider - sub_category = var.selectors.sub_category - } -} diff --git a/modules/nullplatform/service/variables.tf b/modules/nullplatform/service/variables.tf deleted file mode 100644 index c5e58f6..0000000 --- a/modules/nullplatform/service/variables.tf +++ /dev/null @@ -1,110 +0,0 @@ -variable "name" { - description = "service name" - type = string -} - -variable "type" { - description = "service type" - type = string - default = "dependency" -} - -variable "assignable_to" { - description = "service assignable to. Options: any, dimension, scope" - type = string - default = "any" -} - -variable "visible_to" { - description = "Visibility of the service specification" - type = list(string) - default = [ - "organization=1:account=*", - ] -} - -variable "dimensions" { - description = "service dimensions" - type = map(any) -} - -variable "attributes" { - description = "service attributes json schema" - type = any -} - -variable "selectors" { - description = "Service selectors configuration" - type = map(string) -} - -variable "basic_actions" { - description = "Action schemas definitions" - default = {} -} - -variable "link_assignable_to" { - description = "link assignable to. Options: any, dimension, scope" - type = string - default = "any" -} - - -variable "link_name" { - description = "link name" - type = string -} - -variable "link_dimensions" { - description = "link dimensions" - type = map(any) -} - -variable "link_attributes" { - description = "link attributes json schema" - type = any -} - -variable "link_unique" { - description = "link is unique" - type = bool - default = false -} - -variable "filters" { - description = "Additional filters to add to the service notification channels" -} - -variable "notify_channels" { - description = "Notification channels configuration" - type = object({ - github = object({ - enabled = bool - account = string - reference = string - repository = string - workflow_id = string - installation_id = string - }), - webhook = object({ - enabled = bool - url = string - headers = map(string) - }), - }) - default = { - github = { - enabled = false - account = "" - reference = "" - repository = "" - workflow_id = "" - installation_id = "" - }, - webhook = { - enabled = false - url = "" - headers = {} - }, - } -} diff --git a/nullplatform/asset/docker-server/main.tf b/nullplatform/asset/docker-server/main.tf deleted file mode 100644 index 2c78234..0000000 --- a/nullplatform/asset/docker-server/main.tf +++ /dev/null @@ -1,14 +0,0 @@ -resource "nullplatform_provider_config" "docker_server" { - nrn = var.nrn - type = "docker-server" - dimensions = {} - attributes = jsonencode({ - "setup" : { - "server" : var.login_server, - "path" : var.path, - "username" : var.username, - "password" : var.password, - "use_namespace" : false - } - }) -} diff --git a/nullplatform/aws/agent/auth.tf b/nullplatform/aws/agent/auth.tf new file mode 100644 index 0000000..c3a57db --- /dev/null +++ b/nullplatform/aws/agent/auth.tf @@ -0,0 +1,29 @@ +resource "nullplatform_api_key" "nullplatform-agent-api-key" { + name = "NULLPLATFORM-AGENT-API-KEY" + + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "controlplane:agent" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "developer" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "ops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secrets-reader" + } + + tags { + key = "managed-by" + value = "IaC" + } +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/channel.tf b/nullplatform/aws/agent/channel.tf similarity index 92% rename from v2/nullplatform/aws/nullplatform_agent/channel.tf rename to nullplatform/aws/agent/channel.tf index 9a8121d..0b1fa66 100644 --- a/v2/nullplatform/aws/nullplatform_agent/channel.tf +++ b/nullplatform/aws/agent/channel.tf @@ -47,10 +47,10 @@ resource "nullplatform_notification_channel" "from_template" { data = { for k, v in agent.value.command.data : k => ( k == "environment" ? jsonencode({ - NP_ACTION_CONTEXT = "'$${NOTIFICATION_CONTEXT}'" - }) : ( - can(tostring(v)) ? tostring(v) : jsonencode(v) - ) + NP_ACTION_CONTEXT = "'$${NOTIFICATION_CONTEXT}'" + }) : ( + can(tostring(v)) ? tostring(v) : jsonencode(v) + ) ) } } diff --git a/v2/nullplatform/aws/nullplatform_agent/iam.tf b/nullplatform/aws/agent/iam.tf similarity index 68% rename from v2/nullplatform/aws/nullplatform_agent/iam.tf rename to nullplatform/aws/agent/iam.tf index 645a4d1..864dce8 100644 --- a/v2/nullplatform/aws/nullplatform_agent/iam.tf +++ b/nullplatform/aws/agent/iam.tf @@ -1,19 +1,19 @@ module "nullplatform-agent-role" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" - name = "nullplatform-agent-role" - use_name_prefix = false - + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" + name = "nullplatform-agent-role" + use_name_prefix = false + oidc_providers = { main = { provider_arn = var.aws_iam_openid_connect_provider_arn namespace_service_accounts = ["nullplatform-tools:nullplatform-agent"] } } - + policies = { "nullplatform-route53-policy" = aws_iam_policy.nullplatform-route53-policy.arn, - "nullplatform-eks-policy" = aws_iam_policy.nullplatform-eks-policy.arn, - "nullplatform-elb-policy" = aws_iam_policy.nullplatform-elb-policy.arn + "nullplatform-eks-policy" = aws_iam_policy.nullplatform-eks-policy.arn, + "nullplatform-elb-policy" = aws_iam_policy.nullplatform-elb-policy.arn } } @@ -21,23 +21,23 @@ resource "aws_iam_policy" "nullplatform-route53-policy" { name = "nullplatform-route53-policy" description = "Policy for managing Route53 DNS records" policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ + "Version" : "2012-10-17", + "Statement" : [ { - "Effect": "Allow", - "Action": [ + "Effect" : "Allow", + "Action" : [ "route53:ChangeResourceRecordSets", "route53:ListResourceRecordSets", "route53:GetHostedZone", "route53:ListHostedZones", "route53:ListHostedZonesByName" ], - "Resource": [ + "Resource" : [ "arn:aws:route53:::hostedzone/*" ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ + "Condition" : { + "StringEquals" : { + "aws:RequestedRegion" : [ "us-east-1", "us-west-2", "eu-west-1" @@ -54,18 +54,18 @@ resource "aws_iam_policy" "nullplatform-elb-policy" { description = "Policy for managing Elastic Load Balancer" policy = jsonencode( { - "Version": "2012-10-17", - "Statement": [ + "Version" : "2012-10-17", + "Statement" : [ { - "Effect": "Allow", - "Action": [ + "Effect" : "Allow", + "Action" : [ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups" ], - "Resource": "*", - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ + "Resource" : "*", + "Condition" : { + "StringEquals" : { + "aws:RequestedRegion" : [ "us-east-1", "us-west-2", "eu-west-1" @@ -74,19 +74,19 @@ resource "aws_iam_policy" "nullplatform-elb-policy" { } }, { - "Effect": "Allow", - "Action": [ + "Effect" : "Allow", + "Action" : [ "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeRules" ], - "Resource": [ + "Resource" : [ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/k8s-nullplatform-*", "arn:aws:elasticloadbalancing:*:*:targetgroup/k8s-nullplatform-*" ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ + "Condition" : { + "StringEquals" : { + "aws:RequestedRegion" : [ "us-east-1", "us-west-2", "eu-west-1" @@ -103,11 +103,11 @@ resource "aws_iam_policy" "nullplatform-eks-policy" { name = "nullplatform-eks-policy" description = "Policy for managing EKS clusters" policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ + "Version" : "2012-10-17", + "Statement" : [ { - "Effect": "Allow", - "Action": [ + "Effect" : "Allow", + "Action" : [ "eks:DescribeCluster", "eks:ListClusters", "eks:DescribeNodegroup", @@ -115,14 +115,14 @@ resource "aws_iam_policy" "nullplatform-eks-policy" { "eks:DescribeAddon", "eks:ListAddons" ], - "Resource": [ + "Resource" : [ "arn:aws:eks:*:*:cluster/*", "arn:aws:eks:*:*:nodegroup/*", "arn:aws:eks:*:*:addon/*" ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": [ + "Condition" : { + "StringEquals" : { + "aws:RequestedRegion" : [ "us-east-1", "us-west-2", "eu-west-1" diff --git a/v2/nullplatform/aws/nullplatform_agent/locals.tf b/nullplatform/aws/agent/locals.tf similarity index 50% rename from v2/nullplatform/aws/nullplatform_agent/locals.tf rename to nullplatform/aws/agent/locals.tf index efceb24..5039b07 100644 --- a/v2/nullplatform/aws/nullplatform_agent/locals.tf +++ b/nullplatform/aws/agent/locals.tf @@ -4,12 +4,12 @@ locals { final_list = distinct(concat(local.scope_list, local.repos_extra)) nullplatform_agent_values = templatefile("${path.module}/templates/nullplatform-agent-values.tmpl.yaml", { - agent_repos = join(",", local.final_list) - cluster_name = var.cluster_name - tags = var.tags - init_scripts = var.init_scripts - resource_identity = module.nullplatform-agent-role.arn - api_key = nullplatform_api_key.nullplatform-agent-api-key.api_key - namespace = var.namespace + agent_repos = join(",", local.final_list) + cluster_name = var.cluster_name + tags = var.tags + init_scripts = var.init_scripts + resource_identity = module.nullplatform-agent-role.arn + api_key = nullplatform_api_key.nullplatform-agent-api-key.api_key + namespace = var.namespace }) } \ No newline at end of file diff --git a/nullplatform/aws/agent/main.tf b/nullplatform/aws/agent/main.tf new file mode 100644 index 0000000..0d39a5e --- /dev/null +++ b/nullplatform/aws/agent/main.tf @@ -0,0 +1,24 @@ +resource "helm_release" "agent" { + name = "nullplatform-agent" + chart = "nullplatform-agent" + repository = "https://nullplatform.github.io/helm-charts" + namespace = var.namespace + version = var.nullplatform-agent-helm-version + create_namespace = true + + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 + + values = [local.nullplatform_agent_values] +} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/providers.tf b/nullplatform/aws/agent/providers.tf similarity index 100% rename from v2/nullplatform/aws/nullplatform_agent/providers.tf rename to nullplatform/aws/agent/providers.tf diff --git a/v2/nullplatform/aws/nullplatform_agent/scopes.tf b/nullplatform/aws/agent/scopes.tf similarity index 98% rename from v2/nullplatform/aws/nullplatform_agent/scopes.tf rename to nullplatform/aws/agent/scopes.tf index d5267c4..8c0e851 100644 --- a/v2/nullplatform/aws/nullplatform_agent/scopes.tf +++ b/nullplatform/aws/agent/scopes.tf @@ -40,8 +40,8 @@ resource "nullplatform_service_specification" "from_template" { name = local.service_spec_parsed.name visible_to = local.service_spec_parsed.visible_to assignable_to = local.service_spec_parsed.assignable_to - type = local.service_spec_parsed.type - attributes = jsonencode(local.service_spec_parsed.attributes) + type = local.service_spec_parsed.type + attributes = jsonencode(local.service_spec_parsed.attributes) use_default_actions = local.service_spec_parsed.use_default_actions selectors { diff --git a/v2/nullplatform/aws/nullplatform_agent/templates/nullplatform-agent-values.tmpl.yaml b/nullplatform/aws/agent/templates/nullplatform-agent-values.tmpl.yaml similarity index 100% rename from v2/nullplatform/aws/nullplatform_agent/templates/nullplatform-agent-values.tmpl.yaml rename to nullplatform/aws/agent/templates/nullplatform-agent-values.tmpl.yaml diff --git a/v2/nullplatform/aws/nullplatform_agent/variables.tf b/nullplatform/aws/agent/variables.tf similarity index 100% rename from v2/nullplatform/aws/nullplatform_agent/variables.tf rename to nullplatform/aws/agent/variables.tf diff --git a/nullplatform/aws/aws/README.md b/nullplatform/aws/aws/README.md deleted file mode 100644 index d718f90..0000000 --- a/nullplatform/aws/aws/README.md +++ /dev/null @@ -1,51 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [nullplatform](#requirement\_nullplatform) | ~> 0.0.63 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | n/a | -| [kubernetes](#provider\_kubernetes) | n/a | -| [nullplatform](#provider\_nullplatform) | ~> 0.0.63 | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_access_key.nullplatform_build_workflow_user_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource | -| [aws_iam_policy.nullplatform_ecr_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.nullplatform_application_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.ecr-manager-policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_user.nullplatform_build_workflow_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource | -| [aws_iam_user_policy_attachment.ecr-manager-policy-user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource | -| [kubernetes_ingress_v1.internal](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource | -| [kubernetes_ingress_v1.public](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/ingress_v1) | resource | -| [nullplatform_dimension.environment](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/dimension) | resource | -| [nullplatform_dimension_value.environment_value](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/dimension_value) | resource | -| [nullplatform_provider_config.aws](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | -| [nullplatform_provider_config.ecr](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | -| [nullplatform_provider_config.github](https://registry.terraform.io/providers/nullplatform/nullplatform/latest/docs/resources/provider_config) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [application\_manager\_assume\_role](#input\_application\_manager\_assume\_role) | ARN of the IAM role for application manager | `string` | `"arn:aws:iam::283477532906:role/application_manager"` | no | -| [certificate\_arn](#input\_certificate\_arn) | ARN of the SSL/TLS certificate for the network configuration | `string` | n/a | yes | -| [dimensions](#input\_dimensions) | Map of dimension values to configure Nullplatform | `map(string)` | `{}` | no | -| [domain\_name](#input\_domain\_name) | Domain name for the configuration | `string` | n/a | yes | -| [environment](#input\_environment) | Environment dimension value to which the configuration applies | `string` | n/a | yes | -| [environments](#input\_environments) | The list of environments | `list(string)` | 
[
  "development",
  "staging",
  "production"
]
| no | -| [hosted\_private\_zone\_id](#input\_hosted\_private\_zone\_id) | Hosted zone ID for private DNS | `string` | n/a | yes | -| [hosted\_public\_zone\_id](#input\_hosted\_public\_zone\_id) | Hosted zone ID for public DNS | `string` | n/a | yes | -| [include\_environment](#input\_include\_environment) | Whether to use Environment as a default dimension | `bool` | `true` | no | -| [nrn](#input\_nrn) | Identifier Nullplatform Resources Name | `string` | n/a | yes | -| [organization](#input\_organization) | Organization name for code repository configuration | `string` | n/a | yes | -| [organization\_installation\_id](#input\_organization\_installation\_id) | GitHub App installation ID for the organization | `string` | n/a | yes | -| [scope\_manager\_assume\_role](#input\_scope\_manager\_assume\_role) | ARN of the IAM role for scope and deploy manager | `string` | `"arn:aws:iam::283477532906:role/scope_and_deploy_manager"` | no | - \ No newline at end of file diff --git a/nullplatform/aws/aws/example.md b/nullplatform/aws/aws/example.md deleted file mode 100644 index 051102c..0000000 --- a/nullplatform/aws/aws/example.md +++ /dev/null @@ -1,64 +0,0 @@ -# Configuración Terraform - Nullplatform Configuration - -## Módulo - -```hcl -module "nullplatform_configuration" { - source = "./nullplatform/platform_config" - - domain_name = var.domain_name - environment = var.environment - hosted_private_zone_id = var.hosted_private_zone_id - hosted_public_zone_id = var.hosted_public_zone_id - nrn = var.nrn - organization = var.github_organization - organization_installation_id = var.github_organization_installation_id - certificate_arn = var.certificate_arn -} -``` - -## Variables - -```hcl -# Ejemplo con diferentes valores -domain_name = "acme-corp-services.nullapps.io" -environment = "production" -hosted_public_zone_id = "Z1234567890ABCDEFGH" -hosted_private_zone_id = "Z9876543210ZYXWVUTS" -nrn = "organization=2468013579:account=9876543210" -github_organization = "acme-corp" -github_organization_installation_id = "12345678" -certificate_arn = "arn:aws:acm:us-west-2:123456789012:certificate/a1b2c3d4-e5f6-7890-1234-56789abcdef0" -``` - -## Parámetros del Módulo - -| Variable | Valor Original | Valor de Ejemplo | Descripción | -|----------|------------------------------------------------------|------------------|-------------| -| `domain_name` | `kwik-e-mart-providers-test.nullapps.io` | `acme-corp-services.nullapps.io` | Nombre de dominio principal | -| `environment` | `""` (vacío) | `production` | Entorno de despliegue | -| `hosted_public_zone_id` | `Z1234567890ABCDEFGH` | `Z1234567890ABCDEFGH` | ID de la zona pública de Route53 | -| `hosted_private_zone_id` | `Z9876543210ZYXWVUTS` | `Z9876543210ZYXWVUTS` | ID de la zona privada de Route53 | -| `nrn` | `organization=2468013579:account=2468013579` | `organization=2468013579:account=9876543210` | Identificador de organización y cuenta | -| `github_organization` | `acme-corp` | `acme-corp` | Organización de GitHub | -| `github_organization_installation_id` | `2468013579` | `12345678` | ID de instalación de la GitHub App | -| `certificate_arn` | `arn:aws:acm:us-east-1:2468013579:certificate/...` | `arn:aws:acm:us-west-2:123456789012:certificate/...` | ARN del certificado SSL de AWS ACM | - -## Notas de Configuración - -### Dominios -- Los dominios siguen el patrón `{organization}-{service}.nullapps.io` -- Se recomienda usar subdominios descriptivos para diferentes entornos - -### Zonas de Route53 -- **Zona pública**: Para resolución DNS desde internet -- **Zona privada**: Para resolución DNS interna en VPC - -### GitHub Integration -- Requiere una GitHub App instalada en la organización -- El `organization_installation_id` se obtiene de la configuración de la GitHub App - -### Certificados SSL -- Deben estar en la región correcta según el uso -- Para CloudFront: certificados deben estar en `us-east-1` -- Para ALB regional: certificados pueden estar en cualquier región \ No newline at end of file diff --git a/nullplatform/aws/aws/iam-registry.tf b/nullplatform/aws/aws/iam-registry.tf deleted file mode 100644 index fb70a56..0000000 --- a/nullplatform/aws/aws/iam-registry.tf +++ /dev/null @@ -1,93 +0,0 @@ -resource "aws_iam_role" "nullplatform_application_role" { - name = "nullplatform-application-role" - - assume_role_policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Effect = "Allow", - Principal = { - AWS = var.application_manager_assume_role - }, - Action = "sts:AssumeRole", - Condition = { - StringEquals = { - "aws:RequestedRegion" = [ - "us-east-1", - "us-west-2", - "eu-west-1" - ] - }, - DateGreaterThan = { - "aws:CurrentTime" = "2024-01-01T00:00:00Z" - } - } - } - ] - }) -} - -resource "aws_iam_policy" "nullplatform_ecr_manager_policy" { - name = "nullplatform-ecr-manager-policy" - description = "Policy for managing ECR repositories with restricted access" - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Effect = "Allow", - Action = [ - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "ecr:CompleteLayerUpload", - "ecr:UploadLayerPart", - "ecr:InitiateLayerUpload", - "ecr:BatchCheckLayerAvailability", - "ecr:PutImage", - "ecr:CreateRepository", - "ecr:DeleteRepository", - "ecr:DescribeRepositories", - "ecr:TagResource" - ], - Resource = [ - "arn:aws:ecr:*:*:repository/*" - ], - Condition = { - StringEquals = { - "aws:RequestedRegion" = [ - "us-east-1", - "us-west-2", - "eu-west-1" - ] - } - } - }, - { - Effect = "Allow", - Action = [ - "sts:GetServiceBearerToken", - "ecr:GetAuthorizationToken" - ], - Resource = "*" - } - ] - }) -} - -resource "aws_iam_user" "nullplatform_build_workflow_user" { - name = "nullplatform-build-workflow-user" -} - -resource "aws_iam_access_key" "nullplatform_build_workflow_user_key" { - user = aws_iam_user.nullplatform_build_workflow_user.name -} - - -resource "aws_iam_role_policy_attachment" "ecr-manager-policy" { - role = aws_iam_role.nullplatform_application_role.name - policy_arn = aws_iam_policy.nullplatform_ecr_manager_policy.arn -} - -resource "aws_iam_user_policy_attachment" "ecr-manager-policy-user" { - user = aws_iam_user.nullplatform_build_workflow_user.name - policy_arn = aws_iam_policy.nullplatform_ecr_manager_policy.arn -} \ No newline at end of file diff --git a/nullplatform/aws/aws/locals.tf b/nullplatform/aws/aws/locals.tf deleted file mode 100644 index 1b50af0..0000000 --- a/nullplatform/aws/aws/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - dimensions = merge(var.include_environment ? { environment = var.environment } : {}, var.dimensions) -} \ No newline at end of file diff --git a/nullplatform/aws/aws/main.tf b/nullplatform/aws/aws/main.tf deleted file mode 100644 index 7258e48..0000000 --- a/nullplatform/aws/aws/main.tf +++ /dev/null @@ -1,167 +0,0 @@ -resource "nullplatform_provider_config" "aws" { - provider = nullplatform - nrn = var.nrn - type = "aws-configuration" - dimensions = local.dimensions - attributes = jsonencode({ - iam = { - #scope_workflow_role = aws_iam_role.nullplatform_scope_workflow_role.arn - } - account = { - id = data.aws_caller_identity.current.id - region = data.aws_region.current.region - } - networking = { - application_domain = false - domain_name = var.domain_name - hosted_zone_id = var.hosted_private_zone_id - hosted_public_zone_id = var.hosted_public_zone_id - } - }) - lifecycle { - ignore_changes = [attributes] - } -} - -resource "nullplatform_provider_config" "ecr" { - provider = nullplatform - nrn = var.nrn - type = "ecr" - dimensions = {} - attributes = jsonencode({ - "ci" : { - "region" : data.aws_region.current.region, - "access_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.id - "secret_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.secret - }, - "setup" : { - "region" : data.aws_region.current.region, - "role_arn" : aws_iam_role.nullplatform_application_role.arn - } - }) - lifecycle { - ignore_changes = [attributes] - } -} - -resource "nullplatform_provider_config" "github" { - nrn = replace(var.nrn, ":namespace=.*$", "") - type = "github-configuration" - dimensions = {} - attributes = jsonencode({ - "setup" : { - "organization" : var.organization, - "installation_id" : var.organization_installation_id - }, - } - ) -} - -resource "kubernetes_ingress_v1" "internal" { - metadata { - name = "initial-ingress-setup-internal" - namespace = "nullplatform" - - annotations = merge({ - "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ - type = "fixed-response" - fixedResponseConfig = { - contentType = "text/plain" - statusCode = "404" - messageBody = "404 scope not found or has not been deployed yet" - } - }) - "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internal" - "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" - "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internal" - "alb.ingress.kubernetes.io/scheme" = "internal" - "alb.ingress.kubernetes.io/ssl-redirect" = "443" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn - }) - } - - spec { - ingress_class_name = "alb" - - rule { - host = "setup.nullapps.io" - http { - path { - path = "/" - path_type = "Prefix" - - backend { - service { - name = "response-404" - port { - name = "use-annotation" - } - } - } - } - } - } - } -} - -resource "kubernetes_ingress_v1" "public" { - metadata { - name = "initial-ingress-setup-public" - namespace = "nullplatform" - - annotations = merge({ - "alb.ingress.kubernetes.io/actions.response-404" = jsonencode({ - type = "fixed-response" - fixedResponseConfig = { - contentType = "text/plain" - statusCode = "404" - messageBody = "404 scope not found or has not been deployed yet" - } - }) - "alb.ingress.kubernetes.io/group.name" = "k8s-nullplatform-internet-facing" - "alb.ingress.kubernetes.io/listen-ports" = "[{\"HTTP\":80},{\"HTTPS\":443}]" - "alb.ingress.kubernetes.io/load-balancer-name" = "k8s-nullplatform-internet-facing" - "alb.ingress.kubernetes.io/scheme" = "internet-facing" - "alb.ingress.kubernetes.io/ssl-redirect" = "443" - "alb.ingress.kubernetes.io/target-type" = "ip" - "alb.ingress.kubernetes.io/certificate-arn" = var.certificate_arn - }) - } - - spec { - ingress_class_name = "alb" - - rule { - host = "setup.nullapps.io" - http { - path { - path = "/" - path_type = "Prefix" - - backend { - service { - name = "response-404" - port { - name = "use-annotation" - } - } - } - } - } - } - } -} - -resource "nullplatform_dimension" "environment" { - name = "Environment" - order = 1 - nrn = var.nrn -} - -resource "nullplatform_dimension_value" "environment_value" { - for_each = toset(var.environments) - dimension_id = nullplatform_dimension.environment.id - name = each.value - nrn = var.nrn -} diff --git a/nullplatform/aws/aws/variables.tf b/nullplatform/aws/aws/variables.tf deleted file mode 100644 index 7c99a65..0000000 --- a/nullplatform/aws/aws/variables.tf +++ /dev/null @@ -1,75 +0,0 @@ -variable "scope_manager_assume_role" { - description = "ARN of the IAM role for scope and deploy manager" - type = string - default = "arn:aws:iam::283477532906:role/scope_and_deploy_manager" -} - -variable "nrn" { - description = "Identifier Nullplatform Resources Name" - type = string -} - -variable "include_environment" { - description = "Whether to use Environment as a default dimension" - type = bool - default = true -} - -variable "domain_name" { - description = "Domain name for the configuration" - type = string -} - -variable "hosted_private_zone_id" { - description = "Hosted zone ID for private DNS" - type = string -} - -variable "hosted_public_zone_id" { - description = "Hosted zone ID for public DNS" - type = string -} - -variable "environment" { - description = "Environment dimension value to which the configuration applies" - type = string -} - -variable "dimensions" { - description = "Map of dimension values to configure Nullplatform" - type = map(string) - default = {} -} -######### -# Registry Variables -######### -variable "application_manager_assume_role" { - description = "ARN of the IAM role for application manager" - type = string - default = "arn:aws:iam::283477532906:role/application_manager" -} -####### -# Code respositoy -####3 -variable "organization" { - description = "Organization name for code repository configuration" - type = string -} - -variable "organization_installation_id" { - description = "GitHub App installation ID for the organization" - type = string -} -######### -# Ingress Default -###### -variable "certificate_arn" { - description = "ARN of the SSL/TLS certificate for the network configuration" - type = string -} - -variable "environments" { - type = list(string) - description = "The list of environments" - default = ["development", "staging", "production"] -} \ No newline at end of file diff --git a/nullplatform/aws/base/auth.tf b/nullplatform/aws/base/auth.tf new file mode 100644 index 0000000..0574a76 --- /dev/null +++ b/nullplatform/aws/base/auth.tf @@ -0,0 +1,29 @@ +resource "nullplatform_api_key" "nullplatform-base-api-key" { + name = "NULLPLATFORM-BASE-API-KEY" + + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "controlplane:agent" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "developer" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "ops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secops" + } + grants { + nrn = replace(var.nrn, ":namespace=.*$", "") + role_slug = "secrets-reader" + } + + tags { + key = "managed-by" + value = "IaC" + } +} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_base/locals.tf b/nullplatform/aws/base/locals.tf similarity index 60% rename from v2/nullplatform/nullplatform_base/locals.tf rename to nullplatform/aws/base/locals.tf index ed71fce..eb828e7 100644 --- a/v2/nullplatform/nullplatform_base/locals.tf +++ b/nullplatform/aws/base/locals.tf @@ -1,5 +1,5 @@ locals { nullplatform_base_values = templatefile("${path.module}/templates/nullplatform-base-values.tmpl.yaml", { - api_key = nullplatform_api_key.nullplatform-base-api-key.api_key + api_key = nullplatform_api_key.nullplatform-base-api-key.api_key }) } diff --git a/nullplatform/aws/base/main.tf b/nullplatform/aws/base/main.tf new file mode 100644 index 0000000..37b9eb7 --- /dev/null +++ b/nullplatform/aws/base/main.tf @@ -0,0 +1,24 @@ +resource "helm_release" "base" { + name = "nullplatform-base" + chart = "nullplatform-base" + repository = "https://nullplatform.github.io/helm-charts" + namespace = var.namespace + version = var.nullplatform-base-helm-version + create_namespace = true + + disable_webhooks = true + force_update = true + wait = true + wait_for_jobs = true + timeout = 600 + atomic = true + cleanup_on_fail = true + replace = false + recreate_pods = false + reset_values = false + reuse_values = false + dependency_update = true + max_history = 10 + + values = [local.nullplatform_base_values] +} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_base/providers.tf b/nullplatform/aws/base/providers.tf similarity index 100% rename from v2/nullplatform/nullplatform_base/providers.tf rename to nullplatform/aws/base/providers.tf diff --git a/v2/nullplatform/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml b/nullplatform/aws/base/templates/nullplatform-base-values.tmpl.yaml similarity index 100% rename from v2/nullplatform/nullplatform_base/templates/nullplatform-base-values.tmpl.yaml rename to nullplatform/aws/base/templates/nullplatform-base-values.tmpl.yaml diff --git a/v2/nullplatform/nullplatform_base/variables.tf b/nullplatform/aws/base/variables.tf similarity index 100% rename from v2/nullplatform/nullplatform_base/variables.tf rename to nullplatform/aws/base/variables.tf diff --git a/nullplatform/aws/aws/data.tf b/nullplatform/aws/cloud/data.tf similarity index 100% rename from nullplatform/aws/aws/data.tf rename to nullplatform/aws/cloud/data.tf diff --git a/nullplatform/aws/cloud/main.tf b/nullplatform/aws/cloud/main.tf new file mode 100644 index 0000000..30f5634 --- /dev/null +++ b/nullplatform/aws/cloud/main.tf @@ -0,0 +1,25 @@ +resource "nullplatform_provider_config" "aws" { + provider = nullplatform + nrn = var.nrn + type = "aws-configuration" + dimensions = {} + attributes = jsonencode({ + iam = { + #scope_workflow_role = aws_iam_role.nullplatform_scope_workflow_role.arn + } + account = { + id = data.aws_caller_identity.current.id + region = data.aws_region.current.region + } + networking = { + application_domain = false + domain_name = var.domain_name + hosted_zone_id = var.hosted_private_zone_id + hosted_public_zone_id = var.hosted_public_zone_id + } + }) + lifecycle { + ignore_changes = [attributes] + } +} + diff --git a/v2/nullplatform/aws/nullplatform_providers/providers.tf b/nullplatform/aws/cloud/providers.tf similarity index 100% rename from v2/nullplatform/aws/nullplatform_providers/providers.tf rename to nullplatform/aws/cloud/providers.tf diff --git a/v2/nullplatform/aws/nullplatform_providers/variables.tf b/nullplatform/aws/cloud/variables.tf similarity index 50% rename from v2/nullplatform/aws/nullplatform_providers/variables.tf rename to nullplatform/aws/cloud/variables.tf index 8c26c7d..2a5f621 100644 --- a/v2/nullplatform/aws/nullplatform_providers/variables.tf +++ b/nullplatform/aws/cloud/variables.tf @@ -30,58 +30,15 @@ variable "hosted_public_zone_id" { type = string } -variable "environment" { - description = "Environment dimension value to which the configuration applies" - type = string -} - variable "dimensions" { description = "Map of dimension values to configure Nullplatform" type = map(string) default = {} } -######### -# Registry Variables -######### -variable "application_manager_assume_role" { - description = "ARN of the IAM role for application manager" - type = string - default = "arn:aws:iam::283477532906:role/application_manager" -} -####### -# Code respositoy -####3 -variable "organization" { - description = "Organization name for code repository configuration" - type = string -} - -variable "organization_installation_id" { - description = "GitHub App installation ID for the organization" - type = string -} -######### -# Ingress Default -###### -variable "certificate_arn" { - description = "ARN of the SSL/TLS certificate for the network configuration" - type = string -} - -variable "environments" { - type = list(string) - description = "The list of environments" - default = ["development", "staging", "production"] -} # NRN Patch Configuration variable "np_api_key" { type = string sensitive = true description = "Nullplatform API key for authentication" -} - -variable "namespaces" { - type = list(string) - default = ["nullplatform"] } \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_account/main.tf b/nullplatform/commons/account/main.tf similarity index 100% rename from v2/nullplatform/nullplatform_account/main.tf rename to nullplatform/commons/account/main.tf diff --git a/v2/nullplatform/nullplatform_account/providers.tf b/nullplatform/commons/account/providers.tf similarity index 100% rename from v2/nullplatform/nullplatform_account/providers.tf rename to nullplatform/commons/account/providers.tf diff --git a/nullplatform/commons/account/variables.tf b/nullplatform/commons/account/variables.tf new file mode 100644 index 0000000..89a41f3 --- /dev/null +++ b/nullplatform/commons/account/variables.tf @@ -0,0 +1,12 @@ +variable "nullplatform_accounts" { + type = map(object({ + name = string + repository_prefix = optional(string, "poc-account") + repository_provider = optional(string, "github") + slug = optional(string, "poc-account") + })) +} + +variable "np_api_key" { + +} \ No newline at end of file diff --git a/modules/nullplatform/provider/asset/docker-server/main.tf b/nullplatform/commons/asset/docker-server/main.tf similarity index 100% rename from modules/nullplatform/provider/asset/docker-server/main.tf rename to nullplatform/commons/asset/docker-server/main.tf diff --git a/nullplatform/asset/docker-server/provider.tf b/nullplatform/commons/asset/docker-server/provider.tf similarity index 100% rename from nullplatform/asset/docker-server/provider.tf rename to nullplatform/commons/asset/docker-server/provider.tf diff --git a/nullplatform/asset/docker-server/variables.tf b/nullplatform/commons/asset/docker-server/variables.tf similarity index 96% rename from nullplatform/asset/docker-server/variables.tf rename to nullplatform/commons/asset/docker-server/variables.tf index f8e5b0a..a5cda15 100644 --- a/nullplatform/asset/docker-server/variables.tf +++ b/nullplatform/commons/asset/docker-server/variables.tf @@ -26,6 +26,6 @@ variable "password" { } variable "np_api_key" { - type = string - + type = string + } \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/data.tf b/nullplatform/commons/asset/ecr/data.tf similarity index 100% rename from v2/nullplatform/aws/nullplatform_providers/data.tf rename to nullplatform/commons/asset/ecr/data.tf diff --git a/v2/nullplatform/aws/nullplatform_providers/iam-registry.tf b/nullplatform/commons/asset/ecr/iam.tf similarity index 95% rename from v2/nullplatform/aws/nullplatform_providers/iam-registry.tf rename to nullplatform/commons/asset/ecr/iam.tf index fb70a56..8785640 100644 --- a/v2/nullplatform/aws/nullplatform_providers/iam-registry.tf +++ b/nullplatform/commons/asset/ecr/iam.tf @@ -74,11 +74,11 @@ resource "aws_iam_policy" "nullplatform_ecr_manager_policy" { } resource "aws_iam_user" "nullplatform_build_workflow_user" { - name = "nullplatform-build-workflow-user" + name = "nullplatform-build-workflow-user" } resource "aws_iam_access_key" "nullplatform_build_workflow_user_key" { - user = aws_iam_user.nullplatform_build_workflow_user.name + user = aws_iam_user.nullplatform_build_workflow_user.name } diff --git a/nullplatform/commons/asset/ecr/main.tf b/nullplatform/commons/asset/ecr/main.tf new file mode 100644 index 0000000..e771780 --- /dev/null +++ b/nullplatform/commons/asset/ecr/main.tf @@ -0,0 +1,20 @@ +resource "nullplatform_provider_config" "ecr" { + provider = nullplatform + nrn = var.nrn + type = "ecr" + dimensions = {} + attributes = jsonencode({ + "ci" : { + "region" : data.aws_region.current.region, + "access_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.id + "secret_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.secret + }, + "setup" : { + "region" : data.aws_region.current.region, + "role_arn" : aws_iam_role.nullplatform_application_role.arn + } + }) + lifecycle { + ignore_changes = [attributes] + } +} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_users/providers.tf b/nullplatform/commons/asset/ecr/providers.tf similarity index 100% rename from v2/nullplatform/nullplatform_users/providers.tf rename to nullplatform/commons/asset/ecr/providers.tf diff --git a/nullplatform/commons/asset/ecr/variables.tf b/nullplatform/commons/asset/ecr/variables.tf new file mode 100644 index 0000000..598aef3 --- /dev/null +++ b/nullplatform/commons/asset/ecr/variables.tf @@ -0,0 +1,16 @@ +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} + +variable "application_manager_assume_role" { + description = "ARN of the IAM role for application manager" + type = string + default = "arn:aws:iam::283477532906:role/application_manager" +} \ No newline at end of file diff --git a/nullplatform/code_repository/locals.tf b/nullplatform/commons/code_repository/locals.tf similarity index 100% rename from nullplatform/code_repository/locals.tf rename to nullplatform/commons/code_repository/locals.tf diff --git a/nullplatform/code_repository/main.tf b/nullplatform/commons/code_repository/main.tf similarity index 95% rename from nullplatform/code_repository/main.tf rename to nullplatform/commons/code_repository/main.tf index d3119ed..4761c63 100644 --- a/nullplatform/code_repository/main.tf +++ b/nullplatform/commons/code_repository/main.tf @@ -10,10 +10,10 @@ resource "nullplatform_provider_config" "gitlab" { "access_token" : var.access_token, "installation_url" : var.installation_url }, - "access": var.collaborators_config - } + "access" : var.collaborators_config + } ) - + } /* If the git_provider variable is set to gitlab, create this resource. resource "nullplatform_account" "gitlab_account" { @@ -35,6 +35,6 @@ resource "nullplatform_provider_config" "github" { "organization" : var.organization, "installation_id" : var.organization_installation_id }, - } + } ) } diff --git a/nullplatform/code_repository/provider.tf b/nullplatform/commons/code_repository/provider.tf similarity index 100% rename from nullplatform/code_repository/provider.tf rename to nullplatform/commons/code_repository/provider.tf diff --git a/nullplatform/code_repository/variables.tf b/nullplatform/commons/code_repository/variables.tf similarity index 65% rename from nullplatform/code_repository/variables.tf rename to nullplatform/commons/code_repository/variables.tf index f37ca99..8d561d8 100644 --- a/nullplatform/code_repository/variables.tf +++ b/nullplatform/commons/code_repository/variables.tf @@ -1,27 +1,27 @@ variable "group_path" { - type = string - + type = string + } variable "access_token" { - type = string - sensitive = true - + type = string + sensitive = true + } variable "installation_url" { - type = string - + type = string + } variable "np_api_key" { - type = string - sensitive = true - + type = string + sensitive = true + } variable "nrn" { - type = string - + type = string + } variable "collaborators_config" { @@ -35,34 +35,34 @@ variable "collaborators_config" { } variable "gitlab_repository_prefix" { - type = string - + type = string + } variable "gitlab_name" { - type = string - + type = string + } variable "repository_provider" { - type = string - + type = string + } variable "gitlab_slug" { - type = string - + type = string + } variable "git_provider" { - type = string + type = string description = "gitlab or github" } variable "organization" { - type = string - default = "" - + type = string + default = "" + } variable "organization_installation_id" { - type = string - default = "" - + type = string + default = "" + } \ No newline at end of file diff --git a/modules/nullplatform/dimensions/main.tf b/nullplatform/commons/dimensions/main.tf similarity index 99% rename from modules/nullplatform/dimensions/main.tf rename to nullplatform/commons/dimensions/main.tf index 037e8b4..0a07e2c 100644 --- a/modules/nullplatform/dimensions/main.tf +++ b/nullplatform/commons/dimensions/main.tf @@ -9,4 +9,4 @@ resource "nullplatform_dimension_value" "environment_value" { dimension_id = nullplatform_dimension.environment.id name = each.value nrn = var.nrn -} +} \ No newline at end of file diff --git a/nullplatform/aws/aws/providers.tf b/nullplatform/commons/dimensions/providers.tf similarity index 71% rename from nullplatform/aws/aws/providers.tf rename to nullplatform/commons/dimensions/providers.tf index 4e925e3..cb79686 100644 --- a/nullplatform/aws/aws/providers.tf +++ b/nullplatform/commons/dimensions/providers.tf @@ -5,4 +5,8 @@ terraform { version = "~> 0.0.63" } } +} + +provider "nullplatform" { + api_key = var.np_api_key } \ No newline at end of file diff --git a/nullplatform/commons/dimensions/variables.tf b/nullplatform/commons/dimensions/variables.tf new file mode 100644 index 0000000..e69b14d --- /dev/null +++ b/nullplatform/commons/dimensions/variables.tf @@ -0,0 +1,15 @@ +variable "environments" { + type = list(string) + description = "The list of environments" + default = ["development", "staging", "production"] +} +variable "nrn" { + description = "Identifier Nullplatform Resources Name" + type = string +} + +variable "np_api_key" { + type = string + sensitive = true + description = "Nullplatform API key for authentication" +} \ No newline at end of file diff --git a/workloads/prometheus/README.md b/nullplatform/commons/prometheus/README.md similarity index 100% rename from workloads/prometheus/README.md rename to nullplatform/commons/prometheus/README.md diff --git a/workloads/prometheus/locals.tf b/nullplatform/commons/prometheus/locals.tf similarity index 100% rename from workloads/prometheus/locals.tf rename to nullplatform/commons/prometheus/locals.tf diff --git a/workloads/prometheus/main.tf b/nullplatform/commons/prometheus/main.tf similarity index 93% rename from workloads/prometheus/main.tf rename to nullplatform/commons/prometheus/main.tf index 08df4da..0486be7 100644 --- a/workloads/prometheus/main.tf +++ b/nullplatform/commons/prometheus/main.tf @@ -5,7 +5,7 @@ resource "helm_release" "prometheus" { namespace = var.prometheus_namespace create_namespace = true - values = [ local.prometheus_values ] + values = [local.prometheus_values] } resource "nullplatform_provider_config" "prometheus" { diff --git a/workloads/prometheus/providers.tf b/nullplatform/commons/prometheus/providers.tf similarity index 99% rename from workloads/prometheus/providers.tf rename to nullplatform/commons/prometheus/providers.tf index d954757..6985ecd 100644 --- a/workloads/prometheus/providers.tf +++ b/nullplatform/commons/prometheus/providers.tf @@ -4,7 +4,7 @@ terraform { source = "nullplatform/nullplatform" version = "~> 0.0.63" } - + helm = { source = "hashicorp/helm" version = "~> 3.0" diff --git a/workloads/prometheus/templates/prometheus-values.tmpl.yaml b/nullplatform/commons/prometheus/templates/prometheus-values.tmpl.yaml similarity index 100% rename from workloads/prometheus/templates/prometheus-values.tmpl.yaml rename to nullplatform/commons/prometheus/templates/prometheus-values.tmpl.yaml diff --git a/workloads/prometheus/variables.tf b/nullplatform/commons/prometheus/variables.tf similarity index 61% rename from workloads/prometheus/variables.tf rename to nullplatform/commons/prometheus/variables.tf index 3844842..11529f4 100644 --- a/workloads/prometheus/variables.tf +++ b/nullplatform/commons/prometheus/variables.tf @@ -10,16 +10,16 @@ variable "np_api_key" { } variable "nullplatform_port" { - type = number + type = number default = 2021 } variable "kubeconfig_path" { - type = string - default = "~/.kube/config" + type = string + default = "~/.kube/config" } variable "kube_context" { - type = string - default = null # o el nombre de tu context + type = string + default = null # o el nombre de tu context } diff --git a/nullplatform/commons/users/main.tf b/nullplatform/commons/users/main.tf new file mode 100644 index 0000000..8e9f32e --- /dev/null +++ b/nullplatform/commons/users/main.tf @@ -0,0 +1,24 @@ +resource "nullplatform_user" "nullplatform_user" { + for_each = var.nullplatform_users + + email = each.value.email + first_name = each.value.first_name + last_name = each.value.last_name +} + +resource "nullplatform_authz_grant" "nullplatform_user_role" { + for_each = merge([ + for user_key, user_data in var.nullplatform_users : { + for role in user_data.role_slug : + "${user_key}-${role}" => { + user_id = nullplatform_user.nullplatform_user[user_key].id + role_slug = role + nrn = user_data.nrn + } + } + ]...) + + user_id = each.value.user_id + role_slug = each.value.role_slug + nrn = each.value.nrn +} \ No newline at end of file diff --git a/nullplatform/commons/users/providers.tf b/nullplatform/commons/users/providers.tf new file mode 100644 index 0000000..cb79686 --- /dev/null +++ b/nullplatform/commons/users/providers.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + nullplatform = { + source = "nullplatform/nullplatform" + version = "~> 0.0.63" + } + } +} + +provider "nullplatform" { + api_key = var.np_api_key +} \ No newline at end of file diff --git a/nullplatform/commons/users/variables.tf b/nullplatform/commons/users/variables.tf new file mode 100644 index 0000000..2b30aba --- /dev/null +++ b/nullplatform/commons/users/variables.tf @@ -0,0 +1,12 @@ +variable "nullplatform_users" { + type = map(object({ + email = string + first_name = string + last_name = string + role_slug = list(string) + nrn = string + })) +} + +variable "np_api_key" { +} \ No newline at end of file diff --git a/nullplatform/gcp/agent/locals.tf b/nullplatform/gcp/agent/locals.tf index a15bee7..0f45a80 100644 --- a/nullplatform/gcp/agent/locals.tf +++ b/nullplatform/gcp/agent/locals.tf @@ -1,7 +1,7 @@ locals { - scope_list = compact([trimspace(coalesce(var.agent_repos_scope, ""))]) - repos_extra = compact([for s in split(",", try(coalesce(var.agent_repos_extra, ""), "")) : trimspace(s)]) - final_list = distinct(concat(local.scope_list, local.repos_extra)) + scope_list = compact([trimspace(coalesce(var.agent_repos_scope, ""))]) + repos_extra = compact([for s in split(",", try(coalesce(var.agent_repos_extra, ""), "")) : trimspace(s)]) + final_list = distinct(concat(local.scope_list, local.repos_extra)) nrn_without_namespace = join(":", slice(split(":", var.nrn), 0, 2)) nullplatform_agent_values = templatefile("${path.module}/templates/nullplatform-agent-values.tmpl.yaml", { diff --git a/nullplatform/gcp/cloud/gcp/variables.tf b/nullplatform/gcp/cloud/gcp/variables.tf index c73d0ba..04c9b87 100644 --- a/nullplatform/gcp/cloud/gcp/variables.tf +++ b/nullplatform/gcp/cloud/gcp/variables.tf @@ -48,16 +48,16 @@ variable "np_api_key" { } variable "private_dns_zone_name" { - type = string + type = string default = "" } variable "public_dns_zone_name" { - type = string + type = string default = "" } variable "service_account_key" { - type = string + type = string default = "" } \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/iam.tf b/v2/foundations/aws/alb-controller/iam.tf deleted file mode 100644 index 921374d..0000000 --- a/v2/foundations/aws/alb-controller/iam.tf +++ /dev/null @@ -1,28 +0,0 @@ -module "aws-load-balancer-controller-role" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts" - version = "~> 6.0" - name = "AWSLoadBalancerControllerIAMRole" - attach_load_balancer_controller_policy = true - use_name_prefix = false - oidc_providers = { - main = { - provider_arn = var.aws_iam_openid_connect_provider - namespace_service_accounts = ["kube-system:aws-load-balancer-controller"] - } - } -} - -resource "kubernetes_service_account" "aws-load-balancer-controller-sa" { - metadata { - name = "aws-load-balancer-controller" - namespace = "kube-system" - labels = { - "app.kubernetes.io/name" = "aws-load-balancer-controller" - "app.kubernetes.io/component" = "controller" - } - annotations = { - "eks.amazonaws.com/role-arn" = module.aws-load-balancer-controller-role.arn - "eks.amazonaws.com/sts-regional-endpoints" = "true" - } - } -} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/locals.tf b/v2/foundations/aws/alb-controller/locals.tf deleted file mode 100644 index 3decfa3..0000000 --- a/v2/foundations/aws/alb-controller/locals.tf +++ /dev/null @@ -1,7 +0,0 @@ -locals { - aws-load-balancer-controller-values = templatefile("${path.module}/templates/aws-load-balancer-controller-values.tmpl.yaml", { - cluster_name = var.cluster_name - service_account_name = kubernetes_service_account.aws-load-balancer-controller-sa.metadata[0].name - vpc_id = var.vpc_id - }) -} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/main.tf b/v2/foundations/aws/alb-controller/main.tf deleted file mode 100644 index fbd96ff..0000000 --- a/v2/foundations/aws/alb-controller/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "helm_release" "aws-load-balancer-controller" { - name = "aws-load-balancer-controller" - repository = "https://aws.github.io/eks-charts" - chart = "aws-load-balancer-controller" - version = var.aws-load-balancer-controller-version - namespace = "kube-system" - - disable_webhooks = true - force_update = true - wait = true - wait_for_jobs = true - timeout = 600 - atomic = true - cleanup_on_fail = true - replace = false - recreate_pods = false - reset_values = false - reuse_values = false - dependency_update = true - max_history = 10 - - - values = [local.aws-load-balancer-controller-values] -} \ No newline at end of file diff --git a/v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml b/v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml deleted file mode 100644 index bb1161a..0000000 --- a/v2/foundations/aws/alb-controller/templates/aws-load-balancer-controller-values.tmpl.yaml +++ /dev/null @@ -1,5 +0,0 @@ -clusterName: "${cluster_name}" -serviceAccount: - create: false - name: "${service_account_name}" -vpcId: "${vpc_id}" diff --git a/v2/foundations/aws/alb-controller/variables.tf b/v2/foundations/aws/alb-controller/variables.tf deleted file mode 100644 index 0d7bc8c..0000000 --- a/v2/foundations/aws/alb-controller/variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -variable "cluster_name" { - description = "Name of the EKS cluster" - type = string -} - -variable "vpc_id" { - description = "VPC ID where load balancers controller will be deployed" - type = string -} - -variable "aws-load-balancer-controller-version" { - description = "Version of the AWS Load Balancer Controller Helm chart" - type = string - default = "1.13.4" -} - -variable "aws_iam_openid_connect_provider" { - -} \ No newline at end of file diff --git a/v2/foundations/aws/backend/main.tf b/v2/foundations/aws/backend/main.tf deleted file mode 100644 index a4b6d7e..0000000 --- a/v2/foundations/aws/backend/main.tf +++ /dev/null @@ -1,46 +0,0 @@ -data "aws_vpc" "vpc" { - id = var.vpc_id -} - - -provider "aws" { - region = data.aws_vpc.vpc.region -} - -resource "random_id" "bucket_suffix" { - byte_length = 8 -} - -resource "aws_s3_bucket" "tf_state" { - bucket = "tf-state-${lower(random_id.bucket_suffix.hex)}" - object_lock_enabled = true - force_destroy = true -} - -resource "aws_s3_bucket_versioning" "tf_state_versioning" { - bucket = aws_s3_bucket.tf_state.id - - versioning_configuration { - status = "Enabled" - } -} - -resource "aws_s3_bucket_server_side_encryption_configuration" "tf_state_sse" { - bucket = aws_s3_bucket.tf_state.id - - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" - } - } -} - -resource "aws_s3_bucket_object_lock_configuration" "tf_state_lock" { - bucket = aws_s3_bucket.tf_state.id - rule { - default_retention { - mode = "COMPLIANCE" - days = 1 - } - } -} diff --git a/v2/foundations/aws/backend/variables.tf b/v2/foundations/aws/backend/variables.tf deleted file mode 100644 index 2c7c73a..0000000 --- a/v2/foundations/aws/backend/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "vpc_id" { - type = string - description = "A account name" -} \ No newline at end of file diff --git a/v2/foundations/aws/eks/main.tf b/v2/foundations/aws/eks/main.tf deleted file mode 100644 index 60ca228..0000000 --- a/v2/foundations/aws/eks/main.tf +++ /dev/null @@ -1,43 +0,0 @@ -module "eks" { - source = "terraform-aws-modules/eks/aws" - version = "~> 21.0" - - name = var.name - kubernetes_version = var.kubernetes_version - - create_cloudwatch_log_group = false - - addons = { - coredns = {} - eks-pod-identity-agent = { - before_compute = true - } - kube-proxy = {} - vpc-cni = { - before_compute = true - } - } - - # Optional - endpoint_public_access = true - - # Optional: Adds the current caller identity as an administrator via cluster access entry - enable_cluster_creator_admin_permissions = true - - vpc_id = var.aws_vpc_vpc_id - subnet_ids = var.aws_subnets_private_ids - control_plane_subnet_ids = var.aws_subnets_private_ids - - # EKS Managed Node Group(s) - eks_managed_node_groups = { - nullplatform = { - # Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups - ami_type = var.ami_type - instance_types = [var.instance_types] - - min_size = 2 - max_size = 10 - desired_size = 2 - } - } -} \ No newline at end of file diff --git a/v2/foundations/aws/eks/providers.tf b/v2/foundations/aws/eks/providers.tf deleted file mode 100644 index 4eaaf21..0000000 --- a/v2/foundations/aws/eks/providers.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 6.0" - } - helm = { - source = "hashicorp/helm" - version = "~> 3.0" - } - } -} \ No newline at end of file diff --git a/v2/foundations/aws/eks/variables.tf b/v2/foundations/aws/eks/variables.tf deleted file mode 100644 index 2c41762..0000000 --- a/v2/foundations/aws/eks/variables.tf +++ /dev/null @@ -1,25 +0,0 @@ -variable "name" { - type = string - description = "A name of cluster" -} - -variable "ami_type" { - type = string - description = "The ami type to use with node" - default = "AL2023_x86_64_STANDARD" -} - -variable "instance_types" { - type = string - description = "The instance type to use" - default = "t3.medium" -} - -variable "kubernetes_version" { - type = string - description = "The version of K8s to use" - default = "1.32" -} - -variable "aws_vpc_vpc_id" {} -variable "aws_subnets_private_ids" {} \ No newline at end of file diff --git a/v2/foundations/aws/route53/main.tf b/v2/foundations/aws/route53/main.tf deleted file mode 100644 index 578fb7f..0000000 --- a/v2/foundations/aws/route53/main.tf +++ /dev/null @@ -1,17 +0,0 @@ -resource "aws_route53_zone" "public_zone" { - name = var.domain_name -} - -resource "aws_route53_zone" "private_zone" { - name = var.domain_name - vpc { - vpc_id = var.vpc_id - } -} - -module "aws_route53_acm" { - source = "../acm" - domain_name = var.domain_name - zone_id = aws_route53_zone.public_zone.id - subject_alternative_names = [] -} diff --git a/v2/foundations/aws/route53/output.tf b/v2/foundations/aws/route53/output.tf deleted file mode 100644 index 3aa9385..0000000 --- a/v2/foundations/aws/route53/output.tf +++ /dev/null @@ -1,19 +0,0 @@ -output "public_zone_id" { - description = "The ID of the Public Route 53 Hosted Zone" - value = aws_route53_zone.public_zone.zone_id -} - -output "public_zone_name" { - description = "The domain name of the Public Route 53 Hosted Zone" - value = aws_route53_zone.public_zone.name -} - -output "private_zone_id" { - description = "The ID of the Private Route 53 Hosted Zone" - value = aws_route53_zone.private_zone.zone_id -} - -output "private_zone_name" { - description = "The domain name of the Private Route 53 Hosted Zone" - value = aws_route53_zone.private_zone.name -} \ No newline at end of file diff --git a/v2/foundations/aws/route53/varaibles.tf b/v2/foundations/aws/route53/varaibles.tf deleted file mode 100644 index ecf2671..0000000 --- a/v2/foundations/aws/route53/varaibles.tf +++ /dev/null @@ -1,8 +0,0 @@ -variable "vpc_id" { - type = string - description = "The VPC id" -} -variable "domain_name" { - type = string - description = "The domains to project" -} \ No newline at end of file diff --git a/v2/foundations/aws/vpc/main.tf b/v2/foundations/aws/vpc/main.tf deleted file mode 100644 index 25aefde..0000000 --- a/v2/foundations/aws/vpc/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 6.0" - - name = "${var.organization}-${var.account}" - cidr = var.vpc.cidr_block - - enable_dns_hostnames = true - - azs = var.vpc.azs - private_subnets = var.vpc.private_subnets - public_subnets = var.vpc.public_subnets - - enable_nat_gateway = true - single_nat_gateway = true - - public_subnet_tags = { - "kubernetes.io/role/elb" = 1 - } - - private_subnet_tags = { - "kubernetes.io/role/internal-elb" = 1 - } -} diff --git a/v2/foundations/aws/vpc/variables.tf b/v2/foundations/aws/vpc/variables.tf deleted file mode 100644 index 326fae6..0000000 --- a/v2/foundations/aws/vpc/variables.tf +++ /dev/null @@ -1,19 +0,0 @@ -variable "vpc" { - description = "Configuración de la VPC" - type = object({ - cidr_block = string - azs = list(string) - private_subnets = list(string) - public_subnets = list(string) - }) -} - -variable "organization" { - type = string - description = "A organization name" -} - -variable "account" { - type = string - description = "The account name" -} \ No newline at end of file diff --git a/v2/foundations/azure/acr/README.md b/v2/foundations/azure/acr/README.md deleted file mode 100644 index f32c551..0000000 --- a/v2/foundations/azure/acr/README.md +++ /dev/null @@ -1,42 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 1.6 | -| [azurerm](#requirement\_azurerm) | =4.41.0 | - -## Providers - -| Name | Version | -|------|---------| -| [azurerm](#provider\_azurerm) | =4.41.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [containerregistry](#module\_containerregistry) | azure/avm-res-containerregistry-registry/azurerm | v0.4.0 | - -## Resources - -| Name | Type | -|------|------| - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [containerregistry\_name](#input\_containerregistry\_name) | The name of your ACR | `string` | n/a | yes | -| [location](#input\_location) | The location/region where the resource group should be created | `string` | n/a | yes | -| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group | `string` | n/a | yes | -| [subscription\_id](#input\_subscription\_id) | The ID of your Azure Suscription | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [acr\_admin\_password](#output\_acr\_admin\_password) | Password admin del ACR. | -| [acr\_admin\_username](#output\_acr\_admin\_username) | Usuario admin del ACR. | -| [acr\_login\_server](#output\_acr\_login\_server) | FQDN del login server del ACR. | - \ No newline at end of file diff --git a/v2/foundations/azure/acr/datasource.tf b/v2/foundations/azure/acr/datasource.tf deleted file mode 100644 index 169f758..0000000 --- a/v2/foundations/azure/acr/datasource.tf +++ /dev/null @@ -1,5 +0,0 @@ -data "azurerm_container_registry" "acr" { - name = var.containerregistry_name - resource_group_name = var.resource_group_name - depends_on = [module.containerregistry] -} \ No newline at end of file diff --git a/v2/foundations/azure/acr/main.tf b/v2/foundations/azure/acr/main.tf deleted file mode 100644 index f9b9fc2..0000000 --- a/v2/foundations/azure/acr/main.tf +++ /dev/null @@ -1,10 +0,0 @@ -module "containerregistry" { - source = "azure/avm-res-containerregistry-registry/azurerm" - version = "v0.4.0" - name = var.containerregistry_name - resource_group_name = var.resource_group_name - location = var.location - admin_enabled = true - -} - diff --git a/v2/foundations/azure/acr/output.tf b/v2/foundations/azure/acr/output.tf deleted file mode 100644 index 7cd2e76..0000000 --- a/v2/foundations/azure/acr/output.tf +++ /dev/null @@ -1,15 +0,0 @@ -output "acr_login_server" { - description = "FQDN del login server del ACR." - value = data.azurerm_container_registry.acr.login_server -} - -output "acr_admin_username" { - description = "Usuario admin del ACR." - value = data.azurerm_container_registry.acr.admin_username - sensitive = true -} -output "acr_admin_password" { - description = "Password admin del ACR." - value = data.azurerm_container_registry.acr.admin_password - sensitive = true -} \ No newline at end of file diff --git a/v2/foundations/azure/acr/provider.tf b/v2/foundations/azure/acr/provider.tf deleted file mode 100644 index 514092e..0000000 --- a/v2/foundations/azure/acr/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = "~> 1.6" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "=4.41.0" - } - } -} - -provider "azurerm" { - features {} - resource_provider_registrations = "none" - use_cli = true - subscription_id = var.subscription_id -} - diff --git a/v2/foundations/azure/acr/variables.tf b/v2/foundations/azure/acr/variables.tf deleted file mode 100644 index 042bcbe..0000000 --- a/v2/foundations/azure/acr/variables.tf +++ /dev/null @@ -1,21 +0,0 @@ -variable "location" { - type = string - description = "The location/region where the resource group should be created" -} - -variable "resource_group_name" { - type = string - description = "The name of the resource group" -} - -variable "containerregistry_name" { - type = string - description = "The name of your ACR" - -} - -variable "subscription_id" { - type = string - description = "The ID of your Azure Suscription" - -} \ No newline at end of file diff --git a/v2/foundations/azure/dns/README.md b/v2/foundations/azure/dns/README.md deleted file mode 100644 index 06fefe9..0000000 --- a/v2/foundations/azure/dns/README.md +++ /dev/null @@ -1,38 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 1.6 | -| [azurerm](#requirement\_azurerm) | =4.41.0 | - -## Providers - -| Name | Version | -|------|---------| -| [azurerm](#provider\_azurerm) | =4.41.0 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_dns_zone.public_dns_zone](https://registry.terraform.io/providers/hashicorp/azurerm/4.41.0/docs/resources/dns_zone) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [domain\_name](#input\_domain\_name) | The domain name to use for the DNS zone | `string` | n/a | yes | -| [resource\_group](#input\_resource\_group) | The name of the resource group | `string` | n/a | yes | -| [subscription\_id](#input\_subscription\_id) | The Azure subscription Id. | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [dns\_zone\_id](#output\_dns\_zone\_id) | The ID of the DNS Zone | -| [dns\_zone\_name](#output\_dns\_zone\_name) | The name of the created DNS Zone | -| [name\_servers](#output\_name\_servers) | A list of name servers | -| [private\_dns\_zone\_id](#output\_private\_dns\_zone\_id) | The ID of the private DNS Zone | -| [private\_dns\_zone\_name](#output\_private\_dns\_zone\_name) | The name of the private created DNS Zone | - \ No newline at end of file diff --git a/v2/foundations/azure/dns/main.tf b/v2/foundations/azure/dns/main.tf deleted file mode 100644 index b755856..0000000 --- a/v2/foundations/azure/dns/main.tf +++ /dev/null @@ -1,4 +0,0 @@ -resource "azurerm_dns_zone" "public_dns_zone" { - name = var.domain_name - resource_group_name = var.resource_group -} diff --git a/v2/foundations/azure/dns/output.tf b/v2/foundations/azure/dns/output.tf deleted file mode 100644 index 3562336..0000000 --- a/v2/foundations/azure/dns/output.tf +++ /dev/null @@ -1,24 +0,0 @@ -output "dns_zone_name" { - description = "The name of the created DNS Zone" - value = azurerm_dns_zone.public_dns_zone.name -} - -output "dns_zone_id" { - description = "The ID of the DNS Zone" - value = azurerm_dns_zone.public_dns_zone.id -} - -output "private_dns_zone_name" { - description = "The name of the private created DNS Zone" - value = azurerm_dns_zone.public_dns_zone.name -} - -output "private_dns_zone_id" { - description = "The ID of the private DNS Zone" - value = azurerm_dns_zone.public_dns_zone.id -} - -output "name_servers" { - description = "A list of name servers" - value = azurerm_dns_zone.public_dns_zone.name_servers -} diff --git a/v2/foundations/azure/dns/provider.tf b/v2/foundations/azure/dns/provider.tf deleted file mode 100644 index 514092e..0000000 --- a/v2/foundations/azure/dns/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = "~> 1.6" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "=4.41.0" - } - } -} - -provider "azurerm" { - features {} - resource_provider_registrations = "none" - use_cli = true - subscription_id = var.subscription_id -} - diff --git a/v2/foundations/azure/dns/variables.tf b/v2/foundations/azure/dns/variables.tf deleted file mode 100644 index 2d325f1..0000000 --- a/v2/foundations/azure/dns/variables.tf +++ /dev/null @@ -1,14 +0,0 @@ -variable "resource_group" { - type = string - description = "The name of the resource group" -} - -variable "domain_name" { - type = string - description = "The domain name to use for the DNS zone" -} - -variable "subscription_id" { - type = string - description = "The Azure subscription Id." -} diff --git a/v2/foundations/azure/resource_group/README.md b/v2/foundations/azure/resource_group/README.md deleted file mode 100644 index abbbca9..0000000 --- a/v2/foundations/azure/resource_group/README.md +++ /dev/null @@ -1,36 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 1.6 | -| [azurerm](#requirement\_azurerm) | =4.41.0 | - -## Providers - -| Name | Version | -|------|---------| -| [azurerm](#provider\_azurerm) | =4.41.0 | - -## Resources - -| Name | Type | -|------|------| -| [azurerm_resource_group.nullplatform_resource_group](https://registry.terraform.io/providers/hashicorp/azurerm/4.41.0/docs/resources/resource_group) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [location](#input\_location) | n/a | `string` | n/a | yes | -| [resource\_group\_name](#input\_resource\_group\_name) | n/a | `string` | n/a | yes | -| [subscription\_id](#input\_subscription\_id) | n/a | `string` | n/a | yes | -| [tags](#input\_tags) | n/a | `map(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [resource\_group\_location](#output\_resource\_group\_location) | The location of the created resource group | -| [resource\_group\_name](#output\_resource\_group\_name) | The name of the created resource group | - \ No newline at end of file diff --git a/v2/foundations/azure/resource_group/main.tf b/v2/foundations/azure/resource_group/main.tf deleted file mode 100644 index 6a05d88..0000000 --- a/v2/foundations/azure/resource_group/main.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "azurerm_resource_group" "nullplatform_resource_group" { - name = var.resource_group_name - location = var.location - tags = var.tags -} \ No newline at end of file diff --git a/v2/foundations/azure/resource_group/output.tf b/v2/foundations/azure/resource_group/output.tf deleted file mode 100644 index cf762cf..0000000 --- a/v2/foundations/azure/resource_group/output.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "resource_group_name" { - description = "The name of the created resource group" - value = azurerm_resource_group.nullplatform_resource_group.name -} - -output "resource_group_location" { - description = "The location of the created resource group" - value = azurerm_resource_group.nullplatform_resource_group.location -} \ No newline at end of file diff --git a/v2/foundations/azure/resource_group/provider.tf b/v2/foundations/azure/resource_group/provider.tf deleted file mode 100644 index 514092e..0000000 --- a/v2/foundations/azure/resource_group/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = "~> 1.6" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "=4.41.0" - } - } -} - -provider "azurerm" { - features {} - resource_provider_registrations = "none" - use_cli = true - subscription_id = var.subscription_id -} - diff --git a/v2/foundations/azure/resource_group/variable.tf b/v2/foundations/azure/resource_group/variable.tf deleted file mode 100644 index fb14009..0000000 --- a/v2/foundations/azure/resource_group/variable.tf +++ /dev/null @@ -1,16 +0,0 @@ -variable "resource_group_name" { - type = string -} - -variable "location" { - type = string -} - -variable "tags" { - type = map(string) - -} -variable "subscription_id" { - type = string - -} \ No newline at end of file diff --git a/v2/foundations/azure/vnet/README.md b/v2/foundations/azure/vnet/README.md deleted file mode 100644 index aabb85f..0000000 --- a/v2/foundations/azure/vnet/README.md +++ /dev/null @@ -1,31 +0,0 @@ - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 1.6 | -| [azurerm](#requirement\_azurerm) | =4.41.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [avm-res-network-virtualnetwork](#module\_avm-res-network-virtualnetwork) | azure/avm-res-network-virtualnetwork/azurerm | v0.10.0 | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [address\_space](#input\_address\_space) | The cidr of your vnet | `set(string)` | n/a | yes | -| [location](#input\_location) | The location/region where the resource group should be created | `string` | n/a | yes | -| [resource\_group\_name](#input\_resource\_group\_name) | The name of the resource group | `string` | n/a | yes | -| [subnets\_definition](#input\_subnets\_definition) | The subnet definition for the vnet | 
map(object({
    name             = string
    address_prefixes = list(string)
  }))
| n/a | yes | -| [subscription\_id](#input\_subscription\_id) | The id of your azure suscription | `string` | n/a | yes | -| [vnet\_name](#input\_vnet\_name) | The name of your vnet | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [resource\_id](#output\_resource\_id) | The resource ID of the virtual network. | - \ No newline at end of file diff --git a/v2/foundations/azure/vnet/main.tf b/v2/foundations/azure/vnet/main.tf deleted file mode 100644 index dd6fdec..0000000 --- a/v2/foundations/azure/vnet/main.tf +++ /dev/null @@ -1,12 +0,0 @@ - -module "avm-res-network-virtualnetwork" { - source = "azure/avm-res-network-virtualnetwork/azurerm" - version = "v0.10.0" - address_space = var.address_space - name = var.vnet_name - location = var.location - resource_group_name = var.resource_group_name - subnets = var.subnets_definition -} - - diff --git a/v2/foundations/azure/vnet/output.tf b/v2/foundations/azure/vnet/output.tf deleted file mode 100644 index 1b025c1..0000000 --- a/v2/foundations/azure/vnet/output.tf +++ /dev/null @@ -1,5 +0,0 @@ - -output "resource_id" { - description = "The resource ID of the virtual network." - value = module.avm-res-network-virtualnetwork.resource_id -} \ No newline at end of file diff --git a/v2/foundations/azure/vnet/provider.tf b/v2/foundations/azure/vnet/provider.tf deleted file mode 100644 index 514092e..0000000 --- a/v2/foundations/azure/vnet/provider.tf +++ /dev/null @@ -1,17 +0,0 @@ -terraform { - required_version = "~> 1.6" - required_providers { - azurerm = { - source = "hashicorp/azurerm" - version = "=4.41.0" - } - } -} - -provider "azurerm" { - features {} - resource_provider_registrations = "none" - use_cli = true - subscription_id = var.subscription_id -} - diff --git a/v2/foundations/azure/vnet/variables.tf b/v2/foundations/azure/vnet/variables.tf deleted file mode 100644 index 80db5e9..0000000 --- a/v2/foundations/azure/vnet/variables.tf +++ /dev/null @@ -1,46 +0,0 @@ -variable "location" { - type = string - description = "The location/region where the resource group should be created" -} - -variable "resource_group_name" { - type = string - description = "The name of the resource group" -} - -variable "vnet_name" { - type = string - description = "The name of your vnet" -} - -variable "address_space" { - type = set(string) - description = "The cidr of your vnet" -} - -variable "subnets_definition" { - type = map(object({ - name = string - address_prefixes = list(string) - })) - description = "The subnet definition for the vnet" -} -/* - for example - { - "subnet1" = { - name = "subnet1" - address_prefixes = ["10.0.0.0/24"] - } - "subnet2" = { - name = "subnet2" - address_prefixes = ["10.0.1.0/24"] - } - } - */ - -variable "subscription_id" { - type = string - description = "The id of your azure suscription" - -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/auth.tf b/v2/nullplatform/aws/nullplatform_agent/auth.tf deleted file mode 100644 index df1b230..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/auth.tf +++ /dev/null @@ -1,29 +0,0 @@ -resource "nullplatform_api_key" "nullplatform-agent-api-key" { - name = "NULLPLATFORM-AGENT-API-KEY" - - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "controlplane:agent" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "developer" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "ops" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "secops" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "secrets-reader" - } - - tags { - key = "managed-by" - value = "IaC" - } -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_agent/main.tf b/v2/nullplatform/aws/nullplatform_agent/main.tf deleted file mode 100644 index 31d0351..0000000 --- a/v2/nullplatform/aws/nullplatform_agent/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "helm_release" "agent" { - name = "nullplatform-agent" - chart = "nullplatform-agent" - repository = "https://nullplatform.github.io/helm-charts" - namespace = var.namespace - version = var.nullplatform-agent-helm-version - create_namespace = true - - disable_webhooks = true - force_update = true - wait = true - wait_for_jobs = true - timeout = 600 - atomic = true - cleanup_on_fail = true - replace = false - recreate_pods = false - reset_values = false - reuse_values = false - dependency_update = true - max_history = 10 - - values = [local.nullplatform_agent_values] -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/dimensions.tf b/v2/nullplatform/aws/nullplatform_providers/dimensions.tf deleted file mode 100644 index 037e8b4..0000000 --- a/v2/nullplatform/aws/nullplatform_providers/dimensions.tf +++ /dev/null @@ -1,12 +0,0 @@ -resource "nullplatform_dimension" "environment" { - name = "Environment" - order = 1 - nrn = var.nrn -} - -resource "nullplatform_dimension_value" "environment_value" { - for_each = toset(var.environments) - dimension_id = nullplatform_dimension.environment.id - name = each.value - nrn = var.nrn -} diff --git a/v2/nullplatform/aws/nullplatform_providers/main.tf b/v2/nullplatform/aws/nullplatform_providers/main.tf deleted file mode 100644 index a517af8..0000000 --- a/v2/nullplatform/aws/nullplatform_providers/main.tf +++ /dev/null @@ -1,58 +0,0 @@ -resource "nullplatform_provider_config" "aws" { - provider = nullplatform - nrn = var.nrn - type = "aws-configuration" - dimensions = {} - attributes = jsonencode({ - iam = { - #scope_workflow_role = aws_iam_role.nullplatform_scope_workflow_role.arn - } - account = { - id = data.aws_caller_identity.current.id - region = data.aws_region.current.region - } - networking = { - application_domain = false - domain_name = var.domain_name - hosted_zone_id = var.hosted_private_zone_id - hosted_public_zone_id = var.hosted_public_zone_id - } - }) - lifecycle { - ignore_changes = [attributes] - } -} - -resource "nullplatform_provider_config" "ecr" { - provider = nullplatform - nrn = var.nrn - type = "ecr" - dimensions = {} - attributes = jsonencode({ - "ci" : { - "region" : data.aws_region.current.region, - "access_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.id - "secret_key" : aws_iam_access_key.nullplatform_build_workflow_user_key.secret - }, - "setup" : { - "region" : data.aws_region.current.region, - "role_arn" : aws_iam_role.nullplatform_application_role.arn - } - }) - lifecycle { - ignore_changes = [attributes] - } -} - -resource "nullplatform_provider_config" "github" { - nrn = replace(var.nrn, ":namespace=.*$", "") - type = "github-configuration" - dimensions = {} - attributes = jsonencode({ - "setup" : { - "organization" : var.organization, - "installation_id" : var.organization_installation_id - }, - } - ) -} \ No newline at end of file diff --git a/v2/nullplatform/aws/nullplatform_providers/namespaces.tf b/v2/nullplatform/aws/nullplatform_providers/namespaces.tf deleted file mode 100644 index cdf9400..0000000 --- a/v2/nullplatform/aws/nullplatform_providers/namespaces.tf +++ /dev/null @@ -1,7 +0,0 @@ -resource "kubernetes_namespace" "nullplatform_namespaces" { - for_each = toset(var.namespaces) - - metadata { - name = each.key - } -} diff --git a/v2/nullplatform/nullplatform_account/variables.tf b/v2/nullplatform/nullplatform_account/variables.tf deleted file mode 100644 index 9c5996e..0000000 --- a/v2/nullplatform/nullplatform_account/variables.tf +++ /dev/null @@ -1,12 +0,0 @@ -variable "nullplatform_accounts" { - type = map(object({ - name = string - repository_prefix = optional(string, "poc-account") - repository_provider = optional(string, "github") - slug = optional(string, "poc-account") - })) -} - -variable "np_api_key" { - -} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_base/auth.tf b/v2/nullplatform/nullplatform_base/auth.tf deleted file mode 100644 index a1a312a..0000000 --- a/v2/nullplatform/nullplatform_base/auth.tf +++ /dev/null @@ -1,29 +0,0 @@ -resource "nullplatform_api_key" "nullplatform-base-api-key" { - name = "NULLPLATFORM-BASE-API-KEY" - - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "controlplane:agent" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "developer" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "ops" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "secops" - } - grants { - nrn = replace(var.nrn, ":namespace=.*$", "") - role_slug = "secrets-reader" - } - - tags { - key = "managed-by" - value = "IaC" - } -} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_base/main.tf b/v2/nullplatform/nullplatform_base/main.tf deleted file mode 100644 index 45d9ba6..0000000 --- a/v2/nullplatform/nullplatform_base/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "helm_release" "base" { - name = "nullplatform-base" - chart = "nullplatform-base" - repository = "https://nullplatform.github.io/helm-charts" - namespace = var.namespace - version = var.nullplatform-base-helm-version - create_namespace = true - - disable_webhooks = true - force_update = true - wait = true - wait_for_jobs = true - timeout = 600 - atomic = true - cleanup_on_fail = true - replace = false - recreate_pods = false - reset_values = false - reuse_values = false - dependency_update = true - max_history = 10 - - values = [local.nullplatform_base_values] -} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_users/main.tf b/v2/nullplatform/nullplatform_users/main.tf deleted file mode 100644 index 0afdafe..0000000 --- a/v2/nullplatform/nullplatform_users/main.tf +++ /dev/null @@ -1,7 +0,0 @@ -resource "nullplatform_user" "nullplatform_user" { - for_each = var.nullplatform_users - - email = each.value.email - first_name = each.value.first_name - last_name = each.value.last_name -} \ No newline at end of file diff --git a/v2/nullplatform/nullplatform_users/variables.tf b/v2/nullplatform/nullplatform_users/variables.tf deleted file mode 100644 index e9b6ac5..0000000 --- a/v2/nullplatform/nullplatform_users/variables.tf +++ /dev/null @@ -1,10 +0,0 @@ -variable "nullplatform_users" { - type = map(object({ - email = string - first_name = string - last_name = string - })) -} - -variable "np_api_key" { -} \ No newline at end of file diff --git a/v2/workload/prometheus/locals.tf b/v2/workload/prometheus/locals.tf deleted file mode 100644 index af88fec..0000000 --- a/v2/workload/prometheus/locals.tf +++ /dev/null @@ -1,4 +0,0 @@ -locals { - prometheus-values = templatefile("${path.module}/templates/prometheus-values.tmpl.yaml", { - }) -} \ No newline at end of file diff --git a/v2/workload/prometheus/main.tf b/v2/workload/prometheus/main.tf deleted file mode 100644 index 5d9e5f8..0000000 --- a/v2/workload/prometheus/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -resource "helm_release" "prometheus" { - name = "prometheus" - repository = "https://prometheus-community.github.io/helm-charts" - chart = "prometheus" - namespace = var.namespace - create_namespace = true - - values = [ local.prometheus-values ] -} - -resource "nullplatform_provider_config" "prometheus" { - nrn = var.nrn - type = "prometheus" - attributes = jsonencode({ - "server" : { - "url" : "http://prometheus-server.${var.namespace}.svc.cluster.local:80" - } - }) - dimensions = {} - - lifecycle { - ignore_changes = [attributes] - } -} \ No newline at end of file diff --git a/v2/workload/prometheus/providers.tf b/v2/workload/prometheus/providers.tf deleted file mode 100644 index fb31c5a..0000000 --- a/v2/workload/prometheus/providers.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - nullplatform = { - source = "nullplatform/nullplatform" - version = "~> 0.0.63" - } - aws = { - source = "hashicorp/aws" - version = "~> 6.0" - } - helm = { - source = "hashicorp/helm" - version = "~> 3.0" - } - } -} \ No newline at end of file diff --git a/v2/workload/prometheus/templates/prometheus-values.tmpl.yaml b/v2/workload/prometheus/templates/prometheus-values.tmpl.yaml deleted file mode 100644 index 300b731..0000000 --- a/v2/workload/prometheus/templates/prometheus-values.tmpl.yaml +++ /dev/null @@ -1,25 +0,0 @@ -alertmanager: - persistence: - enabled: false -server: - persistentVolume: - enabled: false -extraScrapeConfigs: | - # Métricas de Null Platform desde nodos K8s - - job_name: null-platform-metrics - kubernetes_sd_configs: - - role: node - metrics_path: /metrics - scheme: http - relabel_configs: - # Cambiar puerto de kubelet (10250) a null-platform (2021) - - source_labels: [ __address__ ] - regex: '(.*):10250' - target_label: __address__ - replacement: '$1:2021' - # Mapear labels de nodos K8s - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - # Añadir nombre del nodo - - source_labels: [ __meta_kubernetes_node_name ] - target_label: node \ No newline at end of file diff --git a/v2/workload/prometheus/variables.tf b/v2/workload/prometheus/variables.tf deleted file mode 100644 index 6371c8d..0000000 --- a/v2/workload/prometheus/variables.tf +++ /dev/null @@ -1,7 +0,0 @@ -variable "namespace" { - default = "prometheus" -} - -variable "cluster_name" {} - -variable "nrn" {} \ No newline at end of file