├── .dockerignore ├── .gitattributes ├── .gitignore ├── .idea ├── .gitignore ├── .name ├── devOpsTask.iml ├── inspectionProfiles │ ├── Project_Default.xml │ └── profiles_settings.xml ├── misc.xml ├── modules.xml └── vcs.xml ├── Dockerfile ├── Images ├── devOpsAssignment.jpg └── projectStructure.png ├── Jenkins ├── Jenkinsfile ├── build.groovy └── push.groovy ├── README.md ├── main.py ├── requirements.txt ├── taskchart ├── .helmignore ├── Chart.yaml ├── templates │ ├── Ingress.yaml │ ├── NOTES.txt │ ├── _helpers.tpl │ └── deployment.yaml └── values.yaml └── terraform ├── README.md ├── main.tf ├── modules ├── ALB │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── ECR │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── EKS │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── RDS │ ├── main.tf │ ├── output.tf │ └── variables.tf └── VPC │ ├── main.tf │ ├── output.tf │ └── variables.tf ├── output.tf ├── provider.tf ├── terraform.tfvars └── variable.tf /.dockerignore: -------------------------------------------------------------------------------- 1 | #All files that are not required in our project. 2 | Dockerfile 3 | .dockerignore 4 | .gitignore 5 | 6 | #Artifacts that will be built during image creation 7 | venv 8 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | 4 | 5 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | share/python-wheels/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | MANIFEST 28 | 29 | # PyInstaller 30 | # Usually these files are written by a python script from a template 31 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 32 | *.manifest 33 | *.spec 34 | 35 | # Installer logs 36 | pip-log.txt 37 | pip-delete-this-directory.txt 38 | 39 | # Unit test / coverage reports 40 | htmlcov/ 41 | .tox/ 42 | .nox/ 43 | .coverage 44 | .coverage.* 45 | .cache 46 | nosetests.xml 47 | coverage.xml 48 | *.cover 49 | *.py,cover 50 | .hypothesis/ 51 | .pytest_cache/ 52 | cover/ 53 | 54 | # Translations 55 | *.mo 56 | *.pot 57 | 58 | # Django stuff: 59 | *.log 60 | local_settings.py 61 | db.sqlite3 62 | db.sqlite3-journal 63 | 64 | # Flask stuff: 65 | instance/ 66 | .webassets-cache 67 | 68 | # Scrapy stuff: 69 | .scrapy 70 | 71 | # Sphinx documentation 72 | docs/_build/ 73 | 74 | # PyBuilder 75 | .pybuilder/ 76 | target/ 77 | 78 | # Jupyter Notebook 79 | .ipynb_checkpoints 80 | 81 | # IPython 82 | profile_default/ 83 | ipython_config.py 84 | 85 | # pyenv 86 | # For a library or package, you might want to ignore these files since the code is 87 | # intended to run in multiple environments; otherwise, check them in: 88 | # .python-version 89 | 90 | # pipenv 91 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 92 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 93 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 94 | # install all needed dependencies. 95 | #Pipfile.lock 96 | 97 | # poetry 98 | # Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. 99 | # This is especially recommended for binary packages to ensure reproducibility, and is more 100 | # commonly ignored for libraries. 101 | # https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control 102 | #poetry.lock 103 | 104 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 105 | __pypackages__/ 106 | 107 | # Celery stuff 108 | celerybeat-schedule 109 | celerybeat.pid 110 | 111 | # SageMath parsed files 112 | *.sage.py 113 | 114 | # Environments 115 | .env 116 | .venv 117 | env/ 118 | venv/ 119 | ENV/ 120 | env.bak/ 121 | venv.bak/ 122 | 123 | # Spyder project settings 124 | .spyderproject 125 | .spyproject 126 | 127 | # Rope project settings 128 | .ropeproject 129 | 130 | # mkdocs documentation 131 | /site 132 | 133 | # mypy 134 | .mypy_cache/ 135 | .dmypy.json 136 | dmypy.json 137 | 138 | # Pyre type checker 139 | .pyre/ 140 | 141 | # pytype static type analyzer 142 | .pytype/ 143 | 144 | # Cython debug symbols 145 | cython_debug/ 146 | 147 | # PyCharm 148 | # JetBrains specific template is maintainted in a separate JetBrains.gitignore that can 149 | # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore 150 | # and can be added to the global gitignore or merged into this file. For a more nuclear 151 | # option (not recommended) you can uncomment the following to ignore the entire idea folder. 152 | #.idea/ 153 | *.csv 154 | Notes for task.txt 155 | .terraform 156 | .terraform.lock.hcl 157 | *.tfstate.backup 158 | *.tfstate 159 | -------------------------------------------------------------------------------- /.idea/.gitignore: -------------------------------------------------------------------------------- 1 | # Default ignored files 2 | /shelf/ 3 | /workspace.xml 4 | -------------------------------------------------------------------------------- /.idea/.name: -------------------------------------------------------------------------------- 1 | main.py -------------------------------------------------------------------------------- /.idea/devOpsTask.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /.idea/inspectionProfiles/Project_Default.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 12 | -------------------------------------------------------------------------------- /.idea/inspectionProfiles/profiles_settings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 6 | -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 7 | -------------------------------------------------------------------------------- /.idea/modules.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /.idea/vcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.10-slim-buster 2 | 3 | WORKDIR /app 4 | 5 | COPY . /app 6 | 7 | #Install the dependency 8 | RUN pip install -r requirements.txt 9 | 10 | # Expose the port that the application will listen on 11 | EXPOSE 5000 12 | 13 | # Start the application using the command passed in from the docker run command 14 | CMD ["sh", "-c", "PORT=${PORT:-5000} python main.py"] 15 | -------------------------------------------------------------------------------- /Images/devOpsAssignment.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0marSater/devOpsTask/f867568a92fa22be7a994457b1ba5e66567f7055/Images/devOpsAssignment.jpg -------------------------------------------------------------------------------- /Images/projectStructure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0marSater/devOpsTask/f867568a92fa22be7a994457b1ba5e66567f7055/Images/projectStructure.png -------------------------------------------------------------------------------- /Jenkins/Jenkinsfile: -------------------------------------------------------------------------------- 1 | 2 | pipeline { 3 | agent any 4 | environment{ 5 | IMAGE_NAME = "flask:v-1.0.0" 6 | 7 | // replace with your account id, with your region and with your repository name. 8 | REPO_NAME = ".dkr.ecr..amazonaws.com/" 9 | 10 | } 11 | 12 | stages { 13 | stage('Clone repository') { 14 | steps { 15 | script{ 16 | checkout scm 17 | } 18 | } 19 | } 20 | stage("Build image") { 21 | steps{ 22 | script{ 23 | // loading external build.groovy script 24 | def file= load "build.groovy" 25 | file.buildDockerImage() 26 | } 27 | } 28 | } 29 | 30 | stage("Push to ECR") { 31 | steps{ 32 | script{ 33 | // loading external push.groovy script 34 | def file = load "push.groovy" 35 | file.pushImage() 36 | } 37 | } 38 | } 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /Jenkins/build.groovy: -------------------------------------------------------------------------------- 1 | def buildDockerImage() { 2 | echo "Start building the docker image ... " 3 | sh "cd ${WORKSPACE} && docker build -t $IMAGE_NAME ." 4 | } 5 | 6 | 7 | return this 8 | -------------------------------------------------------------------------------- /Jenkins/push.groovy: -------------------------------------------------------------------------------- 1 | def pushImage(){ 2 | echo "Login to ecr ..." 3 | // replace with your account id, with your region, with your repository name, 4 | // and with ur credentials for iam jenkins on aws 5 | docker.withRegistry('https://.dkr.ecr..amazonaws.com/', 6 | 'ecr::'){ 7 | echo "Start pushing image $IMAGE_NAME ..." 8 | sh "docker tag $IMAGE_NAME $REPO_NAME:latest" 9 | sh "docker push $REPO_NAME:latest" 10 | } 11 | } 12 | 13 | return this 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # DevOps Assignment 2 | 3 | This project is a part of a DevOps assignment that aims to assess your knowledge in various DevOps topics and tools. The assignment is divided into three parts, as outlined below: 4 | 5 | ## Part 1: Infrastructure Provisioning with Terraform 6 | - EKS (Elastic Kubernetes Service) cluster 7 | - ECR (Elastic Container Registry) 8 | - RDS (Relational Database Service) 9 | - ALB (Application Load balancer controller) 10 | 11 | ## Part 2: Building a Simple Web Application and Setting up CI/CD Pipeline 12 | 13 | Here, you will develop a simple web application and establish a CI/CD pipeline for it. The web application will have the following APIs: 14 | 15 | - ***http//hostname/client-ip*** - Accepts client requests and saves the public IP in the RDS database. 16 | - ***http//hostname/client-ip/list*** - Displays the list of IPs saved in the RDS database. 17 | - Build a Docker image for the web application. 18 | - Automate the Docker image build and push process to the private ECR using scripts (in my case i did with two external groovy scripts) 19 | -> "__build.groovy__" and "__push.groovy__". 20 | 21 | ## Part 3: Deployment with Helm Chart on __AWS EKS__ 22 | - Create a Helm chart that includes all the necessary k8s resources to deploy the web application on AWS EKS. 23 | - The Helm chart can be found in the ***taskchart*** folder. 24 | 25 | ----------------------------------------------------------------------------------------------------------------------- 26 | 27 | 28 | For first part This repository contains the necessary resources for provisioning the infrastructure using Terraform. 29 | 30 | ## Getting Started 31 | 32 | 1. Navigate to the ***terraform*** folder. 33 | 2. Run `terraform init` to initialize all modules and providers. 34 | 3. Use `terraform apply --auto-approve` to create the entire infrastructure. 35 | 4. Once the infrastructure is created, two outputs will be displayed on your screen: ***db_instance_address*** and ***repository_url***. 36 | Copy these values and paste them in the appropriate locations in the build.groovy and push.groovy files. 37 | and in ***main.py*** file you will paste ***db_instance_address*** to enable your app to connect to the database. 38 | 39 | > For more information about the resources used, please refer to the README file inside the ***terraform*** folder. 40 | 41 | 42 | 43 | # Web App Development with Flask and Docker 44 | 45 | - I have developed a simple web app with two APIs ***(client-ip, client-ip)*** using __FLASK__. 46 | 47 | The CI/CD pipeline for this project is implemented using Jenkins. It consists of three stages: 48 | 49 | 1. **Clone Repository:** Clone the project repository into the Jenkins pipeline workspace. 50 | 2. **Build Image:** Build the Docker image using the ***build.groovy*** script. 51 | 3. **Push to ECR:** Push the Docker image to a private ECR repository using the ***push.groovy*** script. 52 | 53 | ***NOTE: you should install AWS ECR and Docker plugins on Jnekins*** 54 | 55 | Refer to the ***Jenkinsfile*** inside Jenkins folder for more details about the CI/CD pipeline stages. 56 | 57 | 58 | 59 | ## Deploy web app on EKS using Helm chart 60 | - After filling both groovy files with ( ***db_instance_address*** and ***repository_url*** ) values. 61 | - Run `helm install myapp` ***./taskchart`*** and that will deploy the app and its related resource on ***EKS***. 62 | 63 | 64 | #To access the web app: 65 | ------------------------ 66 | 1. Run `kubectl get ingress`. 67 | 2. Locate the IP address in the output and navigate to that IP in your web browser. 68 | 69 | ----------------------------------------------------------------------------------------------------------- 70 | 71 | 72 | #Cleaning up all works 73 | --------------------- 74 | 1. `helm uninstall myapp` 75 | 2. Navigate to the ***terraform*** folder. 76 | 3. Run `terraform destroy --auto-approve` to destroy and clean up all resource. 77 | 78 | #Helpful commands you will use 79 | ------------------------------- 80 | - `aws congiure`: remotly connect to ur aws account with AWS_ACCESS_KEY_ID, AWS_SECRET_KEY_ID, and region. 81 | - `aws eks update-kubeconfig --region --name `: to update .kubeconfig in ur host with the created one on eks. 82 | - `kubectl config use-context `: to point and use the created eks cluster. 83 | 84 | 85 | 86 | 87 | 88 | -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, jsonify, request 2 | import mysql.connector 3 | import os 4 | 5 | app = Flask(__name__) 6 | 7 | # Suppose you export ur environment either on Windows os or Linux. 8 | config = { 9 | 'user': os.environ.get('DB_USER'), 10 | 'password': os.environ.get('DB_PASSWORD'), 11 | 'host': os.environ.get('DB_HOST'), 12 | 'database': os.environ.get('DB_DATABASE') 13 | } 14 | 15 | conn = mysql.connector.connect(**config) 16 | cur = conn.cursor() 17 | 18 | # Create a table to store the IP addresses if it doesn't exist 19 | cur.execute(''' 20 | CREATE TABLE IF NOT EXISTS ip_addresses ( 21 | id INT AUTO_INCREMENT PRIMARY KEY, 22 | ip_address VARCHAR(255) 23 | ) 24 | ''') 25 | 26 | 27 | @app.route('/', methods=['GET']) 28 | def land_page(): 29 | return jsonify("Hello!") 30 | 31 | 32 | @app.route('/client-ip', methods=['GET']) 33 | def save_client_ip(): 34 | # get the client IP address from the request 35 | client_ip_address = request.remote_addr 36 | # insert the IP address into database 37 | cur.execute('INSERT INTO ip_addresses (ip_address) VALUES (%s)', (client_ip_address,)) 38 | conn.commit() 39 | return jsonify("Your ip address added") 40 | 41 | 42 | @app.route('/client-ip/list', methods=['GET']) 43 | def get_list_ip(): 44 | # select * IP addresses from the database and return as a JSON object 45 | cur.execute('SELECT ip_address FROM ip_addresses') 46 | rows = cur.fetchall() 47 | ip_list = [row[0] for row in rows] 48 | return jsonify(ip_list) 49 | 50 | 51 | if __name__ == '__main__': 52 | app.run(debug=True, host='0.0.0.0') 53 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | Flask==2.2.3 2 | mysql-connector 3 | -------------------------------------------------------------------------------- /taskchart/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /taskchart/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: taskchart 3 | description: A Helm chart for Kubernetes 4 | type: application 5 | version: 0.1.0 6 | appVersion: "1.16.0" 7 | -------------------------------------------------------------------------------- /taskchart/templates/Ingress.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: Ingress 3 | metadata: 4 | name: {{ .Values.Ingress.ingressName }} 5 | annotations: 6 | alb.ingress.kubernetes.io/scheme: internet-facing 7 | alb.ingress.kubernetes.io/target-type: ip 8 | service.beta.kubernetes.io/aws-load-balancer-type: external 9 | spec: 10 | ingressClassName: alb 11 | rules: 12 | - http: 13 | paths: 14 | - path: / 15 | pathType: Prefix 16 | backend: 17 | service: 18 | name: {{ .Values.Service.serviceName }} 19 | port: 20 | number: {{ .Values.Service.ports.port }} 21 | 22 | -------------------------------------------------------------------------------- /taskchart/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Hello! 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "taskchart.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "taskchart.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "taskchart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "taskchart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 20 | echo "Visit http://127.0.0.1:8080 to use your application" 21 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /taskchart/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "taskchart.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "taskchart.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "taskchart.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "taskchart.labels" -}} 37 | helm.sh/chart: {{ include "taskchart.chart" . }} 38 | {{ include "taskchart.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "taskchart.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "taskchart.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "taskchart.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "taskchart.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /taskchart/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ .Values.appName }} 5 | labels: 6 | app: {{ .Values.appName }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | app: {{ .Values.appName }} 12 | template: 13 | metadata: 14 | labels: 15 | app: {{ .Values.appName }} 16 | spec: 17 | containers: 18 | - name: {{ .Values.appName }} 19 | image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}" #image name = repo name + tag 20 | imagePullPolicy: {{ .Values.image.imagePullPolicy }} 21 | ports: 22 | - containerPort: {{ .Values.image.ports.containerPort }} 23 | 24 | --- 25 | apiVersion: v1 26 | kind: Service 27 | metadata: 28 | name: {{ .Values.Service.serviceName }} 29 | spec: 30 | type: LoadBalancer 31 | selector: 32 | app: {{ .Values.appName }} 33 | ports: 34 | - protocol: {{ .Values.Service.ports.protocol }} 35 | port: {{ .Values.Service.ports.port }} 36 | targetPort: {{ .Values.image.ports.containerPort }} 37 | -------------------------------------------------------------------------------- /taskchart/values.yaml: -------------------------------------------------------------------------------- 1 | 2 | #Deployment info 3 | appName: devops-task 4 | namespace: default 5 | replicaCount: 1 6 | 7 | #Image info 8 | image: 9 | # replace with your account id, with your region and with your repository name. 10 | repo: .dkr.ecr..amazonaws.com/ 11 | tag: latest 12 | imagePullPolicy: IfNotPresent 13 | ports: 14 | containerPort: 5000 15 | 16 | #Service info 17 | Service: 18 | serviceName: task-service 19 | ports: 20 | protocol: TCP 21 | port: 5000 22 | 23 | #Ingress info 24 | Ingress: 25 | ingressName: devopstask-ingress 26 | ingress: 27 | enabled: true 28 | 29 | 30 | -------------------------------------------------------------------------------- /terraform/README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | ## Project Structure 4 | 5 | The project structure is organized as follows: 6 | 7 | ![Project strcuture](../Images/projectStructure.png) 8 | 9 | 10 | The `modules` directory contains subfolders for each module. Each module has its `main.tf`, `variables.tf`, and `output.tf` files, which define the module's configuration, input variables, and output values, respectively. 11 | 12 | The root directory contains the following files: 13 | 14 | - `main.tf`: The main configuration file that declares all the modules used in the project. 15 | - `variables.tf`: The file where you can define and customize variables used across the project. 16 | - `output.tf`: The file specifying the outputs to be displayed after provisioning the infrastructure. 17 | - `terraform.tfvars`: The file where you can set the values for the variables defined in `variables.tf`. 18 | 19 | ## Usage 20 | 21 | To use this Terraform project: 22 | ``` 23 | terraform init 24 | terraform plan 25 | terraform apply 26 | -------------------------------------------------------------------------------- /terraform/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_availability_zones" "azs" {} 2 | module "VPC" { 3 | source = "./modules/VPC" 4 | region = var.region 5 | vpc_name = var.vpc_name 6 | vpc_cidr_block = var.vpc_cidr_block 7 | private_subnets_cidr_blocks = var.private_subnets_cidr_blocks 8 | public_subnets_cidr_blocks = var.public_subnets_cidr_blocks 9 | enable_nat_gateway = var.enable_nat_gateway 10 | single_nat_gateway = var.single_nat_gateway 11 | enable_dns_hostnames = var.enable_dns_hostnames 12 | 13 | } 14 | 15 | module "RDS" { 16 | source = "./modules/RDS" 17 | instance_name = var.instance_name 18 | instance_class = var.instance_class 19 | allocated_storage = var.allocated_storage 20 | db_name = var.db_name 21 | username = var.username 22 | password = var.password 23 | port = var.port 24 | env_tag = var.env_tag 25 | delete_automated_backups = var.delete_automated_backups 26 | skip_final_snapshot = var.skip_final_snapshot 27 | publicly_accessible = var.publicly_accessible 28 | } 29 | 30 | module "ECR" { 31 | source = "./modules/ECR" 32 | repo_name = var.repo_name 33 | env_tag = var.env_tag 34 | } 35 | 36 | module "EKS" { 37 | source = "./modules/EKS" 38 | cluster_name = var.cluster_name 39 | cluster_version = var.cluster_version 40 | vpc_id = module.VPC.vpc_id 41 | private_subnets = module.VPC.private_subnets 42 | env_tag = var.env_tag 43 | min_size = var.min_size 44 | max_size = var.max_size 45 | desired_size = var.desired_size 46 | instance_types = var.instance_types 47 | coredns_version = var.coredns_version 48 | kube_proxy_version = var.kube_proxy_version 49 | vpc_cni_version = var.vpc_cni_version 50 | cluster_endpoint_public_access = var.cluster_endpoint_public_access 51 | } 52 | 53 | module "ALB" { 54 | source = "./modules/ALB" 55 | service_account_name = var.service_account_name 56 | cluster_name = module.EKS.cluster_name 57 | policy_name = var.policy_name 58 | iam_role_name = var.iam_role_name 59 | namespace = var.namespace 60 | cluster_oidc_issuer_url = module.EKS.cluster_oidc_issuer_url 61 | oidc_provider = module.EKS.oidc_provider 62 | cluster_certificate_authority_data = module.EKS.cluster_certificate_authority_data 63 | cluster_endpoint = module.EKS.cluster_endpoint 64 | vpc_id = module.VPC.vpc_id 65 | region = var.region 66 | } 67 | 68 | 69 | 70 | 71 | 72 | 73 | -------------------------------------------------------------------------------- /terraform/modules/ALB/main.tf: -------------------------------------------------------------------------------- 1 | 2 | data "aws_caller_identity" "current" {} 3 | 4 | 5 | 6 | resource "aws_eks_identity_provider_config" "my-oidc" { 7 | cluster_name = var.cluster_name 8 | oidc { 9 | client_id = "sts.amazonaws.com" 10 | identity_provider_config_name = "task" 11 | issuer_url = var.cluster_oidc_issuer_url 12 | } 13 | } 14 | 15 | data "http" "lbc_iam_policy" { 16 | url = "https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/main/docs/install/iam_policy.json" 17 | request_headers = { 18 | Accept = "application/json" 19 | } 20 | } 21 | 22 | 23 | # Resource: Create AWS Load Balancer Controller IAM Policy 24 | resource "aws_iam_policy" "lbc_iam_policy" { 25 | name = var.policy_name 26 | path = "/" 27 | description = "AWS Load Balancer Controller IAM Policy" 28 | policy = data.http.lbc_iam_policy.body 29 | } 30 | 31 | # Resource: Create IAM Role 32 | resource "aws_iam_role" "lbc_iam_role" { 33 | name = var.iam_role_name 34 | 35 | # Terraform's "jsonencode" function converts a Terraform expression result to valid JSON syntax. 36 | assume_role_policy = jsonencode({ 37 | Version = "2012-10-17" 38 | Statement = [ 39 | { 40 | Effect = "Allow" 41 | Principal = { 42 | #edit_1 43 | Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${var.oidc_provider}" 44 | }, 45 | Action = "sts:AssumeRoleWithWebIdentity" 46 | Condition = { 47 | StringEquals = { 48 | "${var.oidc_provider}:aud" : "sts.amazonaws.com", 49 | "${var.oidc_provider}:sub" : "system:serviceaccount:${var.namespace}:${var.service_account_name}" 50 | } 51 | } 52 | }, 53 | ] 54 | }) 55 | 56 | tags = { 57 | tag-key = "AWSLoadBalancerControllerIAMPolicy" 58 | } 59 | } 60 | 61 | # Associate Load Balanacer Controller IAM Policy to IAM Role 62 | resource "aws_iam_role_policy_attachment" "lbc_iam_role_policy_attach" { 63 | policy_arn = aws_iam_policy.lbc_iam_policy.arn 64 | role = aws_iam_role.lbc_iam_role.name 65 | } 66 | 67 | 68 | # HELM Provider 69 | provider "helm" { 70 | kubernetes { 71 | host = var.cluster_endpoint 72 | cluster_ca_certificate = base64decode(var.cluster_certificate_authority_data) 73 | exec { 74 | api_version = "client.authentication.k8s.io/v1beta1" 75 | args = ["eks", "get-token", "--cluster-name", var.cluster_name] 76 | command = "aws" 77 | } 78 | } 79 | } 80 | 81 | 82 | 83 | resource "helm_release" "loadbalancer_controller" { 84 | depends_on = [aws_iam_role.lbc_iam_role] 85 | name = "aws-load-balancer-controller" 86 | repository = "https://aws.github.io/eks-charts" 87 | chart = "aws-load-balancer-controller" 88 | namespace = var.namespace 89 | 90 | set { 91 | name = "image.tag" 92 | value = "v2.5.1" 93 | } 94 | 95 | set { 96 | name = "serviceAccount.create" 97 | value = "true" 98 | } 99 | 100 | set { 101 | name = "serviceAccount.name" 102 | value = var.service_account_name 103 | } 104 | 105 | set { 106 | name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" 107 | value = aws_iam_role.lbc_iam_role.arn 108 | } 109 | 110 | set { 111 | name = "vpcId" 112 | value = var.vpc_id 113 | } 114 | 115 | set { 116 | name = "region" 117 | value = var.region 118 | } 119 | 120 | set { 121 | name = "clusterName" 122 | value = var.cluster_name 123 | } 124 | 125 | } -------------------------------------------------------------------------------- /terraform/modules/ALB/output.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0marSater/devOpsTask/f867568a92fa22be7a994457b1ba5e66567f7055/terraform/modules/ALB/output.tf -------------------------------------------------------------------------------- /terraform/modules/ALB/variables.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | type = string 3 | description = "The name of the cluster." 4 | } 5 | 6 | variable "policy_name" { 7 | type = string 8 | description = "The name of policy which will be attach to the role." 9 | } 10 | 11 | variable "iam_role_name" { 12 | type = string 13 | description = "The name of iam role that will be attahced to the service account." 14 | } 15 | 16 | variable "cluster_oidc_issuer_url" { 17 | type = string 18 | description = "The URL of the OIDC issuer for the cluster." 19 | } 20 | 21 | variable "oidc_provider" { 22 | type = string 23 | description = "The name of the OIDC provider associated with the cluster." 24 | } 25 | 26 | variable "cluster_endpoint" { 27 | type = string 28 | description = "The endpoint URL for the cluster." 29 | } 30 | 31 | variable "cluster_certificate_authority_data" { 32 | type = string 33 | description = "The certificate authority data for the cluster." 34 | } 35 | 36 | variable "namespace" { 37 | type = string 38 | description = "The namespace where aws load balancer controller exist." 39 | } 40 | 41 | variable "service_account_name" { 42 | type = string 43 | description = "The name of the service account for the cluster." 44 | } 45 | 46 | variable "vpc_id" { 47 | type = string 48 | description = "The ID of (VPC) associated with the cluster." 49 | } 50 | 51 | variable "region" { 52 | type = string 53 | description = "The region where the cluster is located." 54 | } 55 | -------------------------------------------------------------------------------- /terraform/modules/ECR/main.tf: -------------------------------------------------------------------------------- 1 | 2 | data "aws_caller_identity" "current" {} 3 | 4 | module "ecr" { 5 | source = "terraform-aws-modules/ecr/aws" 6 | version = "1.6.0" 7 | repository_name = var.repo_name 8 | # force_destroy = true #need test 9 | 10 | repository_read_write_access_arns = [data.aws_caller_identity.current.arn] 11 | repository_lifecycle_policy = jsonencode({ 12 | rules = [ 13 | { 14 | rulePriority = 1, 15 | description = "Keep last 30 images", 16 | selection = { 17 | tagStatus = "tagged", 18 | tagPrefixList = ["v"], 19 | countType = "imageCountMoreThan", 20 | countNumber = 30 21 | }, 22 | action = { 23 | type = "expire" 24 | } 25 | } 26 | ] 27 | }) 28 | 29 | tags = { 30 | environment = var.env_tag 31 | } 32 | 33 | } 34 | 35 | 36 | -------------------------------------------------------------------------------- /terraform/modules/ECR/output.tf: -------------------------------------------------------------------------------- 1 | output "repository_url" { 2 | description = "The URL of the repository" 3 | value = module.ecr.repository_url 4 | } -------------------------------------------------------------------------------- /terraform/modules/ECR/variables.tf: -------------------------------------------------------------------------------- 1 | variable "repo_name" { 2 | type = string 3 | description = "ECR repo name." 4 | } 5 | 6 | variable "env_tag" { 7 | type = string 8 | description = "The environment tag for the repo." 9 | } -------------------------------------------------------------------------------- /terraform/modules/EKS/main.tf: -------------------------------------------------------------------------------- 1 | #catch the vpc_id from local terraform remote state file to pass it to the eks root module. 2 | 3 | #root EKS module 4 | module "eks" { 5 | source = "terraform-aws-modules/eks/aws" 6 | version = "19.14.0" 7 | cluster_name = var.cluster_name 8 | cluster_version = var.cluster_version 9 | vpc_id = var.vpc_id 10 | subnet_ids = var.private_subnets 11 | cluster_endpoint_public_access = var.cluster_endpoint_public_access 12 | 13 | 14 | tags = { 15 | environment = var.env_tag 16 | } 17 | 18 | # specify one or two worker nodes with different type if u want 19 | eks_managed_node_groups = { 20 | dev = { 21 | min_size = var.min_size 22 | max_size = var.max_size 23 | desired_size = var.desired_size 24 | 25 | instance_types = var.instance_types 26 | } 27 | } 28 | 29 | # requried addons 30 | cluster_addons = { 31 | coredns = { 32 | addon_version = var.coredns_version 33 | resolve_conflicts = "OVERWRITE" 34 | } 35 | kube-proxy = { 36 | addon_version = var.kube_proxy_version 37 | resolve_conflicts = "OVERWRITE" 38 | } 39 | vpc-cni = { 40 | addon_version = var.vpc_cni_version 41 | resolve_conflicts = "OVERWRITE" 42 | } 43 | } 44 | } 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /terraform/modules/EKS/output.tf: -------------------------------------------------------------------------------- 1 | #EKS root environment output 2 | output "cluster_name" { 3 | description = "The name of the cluster." 4 | value = module.eks.cluster_name 5 | } 6 | 7 | 8 | output "cluster_oidc_issuer_url" { 9 | description = "The cluster oidc issuer url." 10 | value = module.eks.cluster_oidc_issuer_url 11 | } 12 | 13 | 14 | output "oidc_provider" { 15 | description = "The cluster oidc provider." 16 | value = module.eks.oidc_provider 17 | } 18 | 19 | 20 | 21 | output "cluster_endpoint" { 22 | description = "The cluster endpoint." 23 | value = module.eks.cluster_endpoint 24 | } 25 | 26 | 27 | output "cluster_certificate_authority_data" { 28 | description = "The cluster certificate authority data." 29 | value = module.eks.cluster_certificate_authority_data 30 | } -------------------------------------------------------------------------------- /terraform/modules/EKS/variables.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | type = string 3 | description = "Cluster name." 4 | } 5 | 6 | variable "cluster_version" { 7 | type = string 8 | description = "Cluster version." 9 | } 10 | 11 | variable "env_tag" { 12 | type = string 13 | description = "The environment tag for the cluster." 14 | } 15 | 16 | variable "min_size" { 17 | type = number 18 | description = "The minimum number of worker node." 19 | } 20 | 21 | variable "max_size" { 22 | type = number 23 | description = "The maximum number of worker node." 24 | } 25 | 26 | variable "desired_size" { 27 | type = number 28 | description = "The desire number of worker node." 29 | } 30 | 31 | variable "instance_types" { 32 | type = list(string) 33 | description = "The list of instance types for the cluster nodes." 34 | } 35 | 36 | variable "coredns_version" { 37 | type = string 38 | description = "The version of CoreDns." 39 | } 40 | 41 | variable "kube_proxy_version" { 42 | type = string 43 | description = "The version of kube-proxy." 44 | } 45 | 46 | variable "vpc_cni_version" { 47 | type = string 48 | description = "The version of VPC CNI plugin for the cluster." 49 | } 50 | 51 | variable "cluster_endpoint_public_access" { 52 | type = bool 53 | description = "Specify if the cluster endpoint should be publicly accessible." 54 | } 55 | 56 | variable "vpc_id" { 57 | type = string 58 | description = "The ID vpc associated with the cluster." 59 | } 60 | 61 | variable "private_subnets" { 62 | type = list(string) 63 | description = "The list of private subnets where the cluster nodes will be deployed." 64 | } 65 | -------------------------------------------------------------------------------- /terraform/modules/RDS/main.tf: -------------------------------------------------------------------------------- 1 | module "rds" { 2 | source = "terraform-aws-modules/rds/aws" 3 | version = "5.9.0" 4 | engine = "mysql" 5 | engine_version = "8.0" 6 | major_engine_version = "8.0" 7 | family = "mysql8.0" 8 | instance_class = var.instance_class 9 | identifier = var.instance_name 10 | allocated_storage = var.allocated_storage 11 | db_name = var.db_name 12 | username = var.username 13 | password = var.password 14 | port = var.port 15 | delete_automated_backups = var.delete_automated_backups 16 | skip_final_snapshot = var.skip_final_snapshot 17 | publicly_accessible = var.publicly_accessible 18 | 19 | tags = { 20 | environment = var.env_tag 21 | } 22 | } 23 | 24 | -------------------------------------------------------------------------------- /terraform/modules/RDS/output.tf: -------------------------------------------------------------------------------- 1 | #RDS root environment output 2 | output "db_instance_address" { 3 | description = "The address of the RDS instance." 4 | value = module.rds.db_instance_address 5 | } -------------------------------------------------------------------------------- /terraform/modules/RDS/variables.tf: -------------------------------------------------------------------------------- 1 | variable "instance_name" { 2 | type = string 3 | description = "The name of the instance." 4 | } 5 | 6 | variable "instance_class" { 7 | type = string 8 | description = "The class of the instance." 9 | } 10 | 11 | variable "allocated_storage" { 12 | type = number 13 | description = "The allocated storage for the instance." 14 | } 15 | 16 | variable "db_name" { 17 | type = string 18 | description = "The name of the database." 19 | } 20 | 21 | variable "username" { 22 | type = string 23 | description = "The username for accessing the database." 24 | } 25 | 26 | variable "password" { 27 | type = string 28 | description = "The password for accessing the database." 29 | } 30 | 31 | variable "port" { 32 | type = number 33 | description = "The port number for database access." 34 | } 35 | 36 | variable "env_tag" { 37 | type = string 38 | description = "The environment tag for the instance." 39 | } 40 | 41 | variable "delete_automated_backups" { 42 | type = bool 43 | description = "Specify if automated backups should be deleted when the instance is deleted." 44 | } 45 | 46 | #to avoide an error while delation process. 47 | variable "skip_final_snapshot" { 48 | type = bool 49 | description = "Specify if a final snapshot should be skipped when the instance is deleted." 50 | } 51 | 52 | variable "publicly_accessible" { 53 | type = bool 54 | description = "Specify if the instance should be publicly accessible." 55 | } 56 | -------------------------------------------------------------------------------- /terraform/modules/VPC/main.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | 5 | #retrive the azs from specific region exist in provider --> eu-west-2 6 | data "aws_availability_zones" "azs" {} 7 | 8 | module "vpc" { 9 | source = "terraform-aws-modules/vpc/aws" 10 | version = "4.0.2" 11 | name = var.vpc_name 12 | cidr = var.vpc_cidr_block 13 | private_subnets = var.private_subnets_cidr_blocks 14 | public_subnets = var.public_subnets_cidr_blocks 15 | azs = slice(data.aws_availability_zones.azs.names, 0, 2) #retrive only 2 azs 16 | enable_nat_gateway = var.enable_nat_gateway 17 | single_nat_gateway = var.single_nat_gateway 18 | enable_dns_hostnames = var.enable_dns_hostnames 19 | 20 | #tags for vpc, to let know cloud control manager which vpc used for cluster 21 | tags = { 22 | "kubernetes.io/cluster/myapp-eks-cluster" = "shared" 23 | } 24 | 25 | #tag subnets 26 | public_subnet_tags = { 27 | "kubernetes.io/cluster/myapp-eks-cluster" = "shared" 28 | "kubernetes.io/role/elb" = 1 29 | 30 | } 31 | 32 | private_subnet_tags = { 33 | "kubernetes.io/cluster/myapp-eks-cluster" = "shared" 34 | "kubernetes.io/role/internal-elb" = 1 35 | } 36 | 37 | } 38 | 39 | -------------------------------------------------------------------------------- /terraform/modules/VPC/output.tf: -------------------------------------------------------------------------------- 1 | output "azs" { 2 | description = "name of azs" 3 | value = module.vpc.azs 4 | } 5 | 6 | output "vpc_id" { 7 | description = "name of vpc" 8 | value = module.vpc.vpc_id 9 | } 10 | 11 | 12 | output "private_subnets" { 13 | description = "name of vpc" 14 | value = module.vpc.private_subnets 15 | } -------------------------------------------------------------------------------- /terraform/modules/VPC/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | description = "VPC region." 4 | } 5 | 6 | variable "vpc_name" { 7 | type = string 8 | description = "VPC name." 9 | } 10 | 11 | variable "vpc_cidr_block" { 12 | type = string 13 | description = "The CIDR block for the VPC." 14 | } 15 | 16 | variable "private_subnets_cidr_blocks" { 17 | type = list(string) 18 | description = "The CIDR blocks for the private subnets." 19 | } 20 | 21 | variable "public_subnets_cidr_blocks" { 22 | type = list(string) 23 | description = "The CIDR blocks for the public subnets." 24 | } 25 | 26 | variable "enable_nat_gateway" { 27 | type = string 28 | description = "Specify if NAT gateways should be enabled for the subnets." 29 | } 30 | 31 | #true 32 | variable "single_nat_gateway" { 33 | type = string 34 | description = "Specify if a single NAT gateway should be used for all private subnets." 35 | } 36 | 37 | variable "enable_dns_hostnames" { 38 | type = string 39 | description = "Specify if DNS hostnames should be enabled for the VPC." 40 | } 41 | -------------------------------------------------------------------------------- /terraform/output.tf: -------------------------------------------------------------------------------- 1 | #rds 2 | output "db_instance_address" { 3 | description = "The address of the RDS instance" 4 | value = module.RDS.db_instance_address 5 | } 6 | 7 | #eks 8 | output "cluster_name" { 9 | description = "The name of the cluster" 10 | value = module.EKS.cluster_name 11 | } 12 | 13 | 14 | #ecr 15 | output "repository_url" { 16 | description = "The URL of the repository" 17 | value = module.ECR.repository_url 18 | } 19 | 20 | -------------------------------------------------------------------------------- /terraform/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~> 4.0" 6 | } 7 | } 8 | } 9 | 10 | -------------------------------------------------------------------------------- /terraform/terraform.tfvars: -------------------------------------------------------------------------------- 1 | #vpc 2 | region = "eu-west-2" 3 | vpc_name = "myapp-vpc" 4 | vpc_cidr_block = "10.0.0.0/16" 5 | private_subnets_cidr_blocks = ["10.0.1.0/24", "10.0.2.0/24"] 6 | public_subnets_cidr_blocks = ["10.0.3.0/24", "10.0.4.0/24"] 7 | enable_nat_gateway = true 8 | single_nat_gateway = true 9 | enable_dns_hostnames = true 10 | 11 | #rds 12 | instance_name = "task-db" 13 | instance_class = "db.t3.micro" 14 | allocated_storage = 20 15 | db_name = "ipAdresses" 16 | username = "admin" 17 | password = "12345678db" 18 | port = 3306 19 | delete_automated_backups = true 20 | skip_final_snapshot = true 21 | publicly_accessible = true 22 | 23 | #eks 24 | cluster_name = "myapp-eks-cluster" 25 | cluster_version = "1.26" 26 | env_tag = "dev" 27 | min_size = 1 28 | max_size = 1 29 | desired_size = 1 30 | instance_types = ["t2.medium"] 31 | coredns_version = "v1.9.3-eksbuild.2" 32 | kube_proxy_version = "v1.26.2-eksbuild.1" 33 | vpc_cni_version = "v1.12.5-eksbuild.2" 34 | cluster_endpoint_public_access = true 35 | 36 | #ecr 37 | repo_name = "task-repo" 38 | 39 | #alb 40 | service_account_name = "aws-load-balancer-controller-sa" 41 | policy_name = "load-balancer-controller-iam-policy" 42 | iam_role_name = "load-balancer-role-terraform" 43 | namespace = "kube-system" 44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /terraform/variable.tf: -------------------------------------------------------------------------------- 1 | #vpc 2 | variable "region" { 3 | type = string 4 | } 5 | variable "vpc_name" { 6 | type = string 7 | } 8 | variable "vpc_cidr_block" { 9 | type = string 10 | } 11 | variable "private_subnets_cidr_blocks" {} 12 | variable "public_subnets_cidr_blocks" {} 13 | variable "enable_nat_gateway" { 14 | type = string 15 | } 16 | variable "single_nat_gateway" { 17 | type = string 18 | } 19 | variable "enable_dns_hostnames" { 20 | type = string 21 | } 22 | 23 | 24 | #rds 25 | variable "instance_name" { 26 | type = string 27 | } 28 | variable "instance_class" { 29 | type = string 30 | } 31 | variable "allocated_storage" { 32 | type = number 33 | } 34 | variable "db_name" { 35 | type = string 36 | } 37 | variable "username" { 38 | type = string 39 | } 40 | variable "password" { 41 | type = string 42 | } 43 | variable "port" { 44 | type = number 45 | } 46 | variable "env_tag" { 47 | type = string 48 | } 49 | variable "delete_automated_backups" { 50 | type = bool 51 | } 52 | 53 | variable "skip_final_snapshot" { 54 | type = bool 55 | } 56 | 57 | variable "publicly_accessible" { 58 | type = bool 59 | } 60 | 61 | 62 | #eks 63 | variable "cluster_name" { 64 | type = string 65 | } 66 | 67 | variable "cluster_version" { 68 | type = string 69 | } 70 | 71 | 72 | variable "min_size" { 73 | type = number 74 | } 75 | 76 | variable "max_size" { 77 | type = number 78 | } 79 | 80 | variable "desired_size" { 81 | type = number 82 | } 83 | 84 | variable "instance_types" { 85 | type = list(string) 86 | } 87 | 88 | variable "coredns_version" { 89 | type = string 90 | } 91 | 92 | variable "kube_proxy_version" { 93 | type = string 94 | } 95 | 96 | variable "vpc_cni_version" { 97 | type = string 98 | } 99 | 100 | variable "cluster_endpoint_public_access" { 101 | type = bool 102 | } 103 | 104 | 105 | #ecr 106 | variable "repo_name" { 107 | type = string 108 | } 109 | 110 | 111 | #alb 112 | variable "service_account_name" { 113 | type = string 114 | } 115 | 116 | variable "policy_name" { 117 | type = string 118 | } 119 | 120 | variable "iam_role_name" { 121 | type = string 122 | } 123 | 124 | variable "namespace" { 125 | type = string 126 | } 127 | 128 | --------------------------------------------------------------------------------