Skip to content

Commit

Permalink
feat: add rds resource
Browse files Browse the repository at this point in the history
  • Loading branch information
mateuszjenek committed Jan 2, 2024
1 parent 4f2b3c2 commit 42acaff
Show file tree
Hide file tree
Showing 23 changed files with 1,291 additions and 0 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
.terraform
.terraform.lock.hcl
terraform.tfstate*
terraform.tfvars
100 changes: 100 additions & 0 deletions examples/rds/basic-mysql/eks.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
module "eks" {
source = "terraform-aws-modules/eks/aws"

cluster_name = var.name
cluster_version = "1.28"
cluster_endpoint_public_access = true

cluster_addons = {
kube-proxy = {
most_recent = true
}
vpc-cni = {
most_recent = true
}
coredns = {
most_recent = true
configuration_values = jsonencode({
computeType = "Fargate"
})
}
}

vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
control_plane_subnet_ids = module.vpc.intra_subnets

# Fargate profiles use the cluster primary security group so these are not utilized
create_cluster_security_group = false
create_node_security_group = false

cluster_security_group_additional_rules = {
ingress_all = {
protocol = "-1"
from_port = 0
to_port = 6555
type = "ingress"
}
egress_all = {
protocol = "-1"
from_port = 0
to_port = 6555
type = "egress"
}
}

fargate_profile_defaults = {
iam_role_additional_policies = {
additional = aws_iam_policy.additional.arn
}
}

fargate_profiles = merge(
{
example = {
name = "example"
selectors = [
{
namespace = "*"
}
]

# Using specific subnets instead of the subnets supplied for the cluster itself
subnet_ids = [module.vpc.private_subnets[1]]

tags = {
Owner = "secondary"
}

timeouts = {
create = "20m"
delete = "20m"
}
}
},
{ for i in range(3) :
"kube-system-${element(split("-", local.azs[i]), 2)}" => {
selectors = [
{ namespace = "kube-system" }
]
# We want to create a profile per AZ for high availability
subnet_ids = [element(module.vpc.private_subnets, i)]
}
}
)
}

resource "aws_iam_policy" "additional" {
name = "${var.name}-additional"

policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
"Effect" : "Allow"
"Action" : "*"
"Resource" : "*"
},
]
})
}
64 changes: 64 additions & 0 deletions examples/rds/basic-mysql/humanitec.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
resource "humanitec_application" "app" {
id = var.name
name = var.name
}

resource "humanitec_resource_definition" "cluster" {
id = "${var.name}-aws-cluster"
name = "${var.name}-aws-cluster"
type = "k8s-cluster"
driver_type = "humanitec/k8s-cluster-eks"

driver_inputs = {
values_string = jsonencode({
"loadbalancer" = module.eks.cluster_endpoint
"name" = module.eks.cluster_name
"region" = var.region
})
secrets_string = jsonencode({
"credentials" = {
"aws_access_key_id" : var.access_key
"aws_secret_access_key" : var.secret_key
}
})
}
}

module "rds" {
source = "../../../humanitec-resource-defs/rds/basic"

prefix = "${var.name}-"
resource_packs_aws_rev = var.resource_packs_aws_rev
resource_packs_aws_url = var.resource_packs_aws_url

access_key = var.access_key
secret_key = var.secret_key
region = var.region

name = "${var.name}-database"
database_name = "my_database"
username = "username"
password = "password"

type = "mysql"
engine = "mysql"
engine_version = "8.0"
group_family = "mysql8.0"
major_engine_version = "8.0"

create_db_subnet_group = true
db_subnet_group_name = "${var.name}-subnet-group"
subnet_ids = module.vpc.private_subnets

vpc_security_group_ids = [module.vpc.default_security_group_id]
}

resource "humanitec_resource_definition_criteria" "cluster" {
resource_definition_id = humanitec_resource_definition.cluster.id
app_id = humanitec_application.app.id
}

resource "humanitec_resource_definition_criteria" "rds" {
resource_definition_id = module.rds.id
app_id = humanitec_application.app.id
}
23 changes: 23 additions & 0 deletions examples/rds/basic-mysql/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
humanitec = {
source = "humanitec/humanitec"
}
}
}

provider "aws" {
region = var.region
access_key = var.access_key
secret_key = var.secret_key
}

provider "humanitec" {
host = var.humanitec_host
org_id = var.humanitec_org_id
token = var.humanitec_token
}
40 changes: 40 additions & 0 deletions examples/rds/basic-mysql/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
variable "name" {
type = string
}

variable "access_key" {
type = string
}

variable "secret_key" {
type = string
}

variable "region" {
type = string
}

variable "humanitec_org_id" {
type = string
}

variable "humanitec_token" {
type = string
}

variable "resource_packs_aws_url" {
description = "AWS Resource Pack git url"
type = string
default = "https://github.com/humanitec-architecture/resource-packs-aws.git"
}

variable "resource_packs_aws_rev" {
description = "AWS Resource Pack git branch"
type = string
default = "refs/heads/main"
}

variable "humanitec_host" {
type = string
default = "https://api.humanitec.io"
}
48 changes: 48 additions & 0 deletions examples/rds/basic-mysql/vpc.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
data "aws_availability_zones" "available" {}

locals {
vpc_cidr = "10.0.0.0/16"
azs = slice(data.aws_availability_zones.available.names, 0, 3)
}

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 4.0"

name = var.name
cidr = local.vpc_cidr

azs = local.azs
private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)]

enable_nat_gateway = true
single_nat_gateway = true

default_security_group_egress = [
{
cidr_blocks = "0.0.0.0/0"
protocol = "-1"
from_port = 0
to_port = 0
}
]

default_security_group_ingress = [
{
cidr_blocks = "0.0.0.0/0"
protocol = "-1"
from_port = 0
to_port = 0
}
]

public_subnet_tags = {
"kubernetes.io/role/elb" = 1
}

private_subnet_tags = {
"kubernetes.io/role/internal-elb" = 1
}
}
100 changes: 100 additions & 0 deletions examples/rds/basic-postgres/eks.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
module "eks" {
source = "terraform-aws-modules/eks/aws"

cluster_name = var.name
cluster_version = "1.28"
cluster_endpoint_public_access = true

cluster_addons = {
kube-proxy = {
most_recent = true
}
vpc-cni = {
most_recent = true
}
coredns = {
most_recent = true
configuration_values = jsonencode({
computeType = "Fargate"
})
}
}

vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
control_plane_subnet_ids = module.vpc.intra_subnets

# Fargate profiles use the cluster primary security group so these are not utilized
create_cluster_security_group = false
create_node_security_group = false

cluster_security_group_additional_rules = {
ingress_all = {
protocol = "-1"
from_port = 0
to_port = 6555
type = "ingress"
}
egress_all = {
protocol = "-1"
from_port = 0
to_port = 6555
type = "egress"
}
}

fargate_profile_defaults = {
iam_role_additional_policies = {
additional = aws_iam_policy.additional.arn
}
}

fargate_profiles = merge(
{
example = {
name = "example"
selectors = [
{
namespace = "*"
}
]

# Using specific subnets instead of the subnets supplied for the cluster itself
subnet_ids = [module.vpc.private_subnets[1]]

tags = {
Owner = "secondary"
}

timeouts = {
create = "20m"
delete = "20m"
}
}
},
{ for i in range(3) :
"kube-system-${element(split("-", local.azs[i]), 2)}" => {
selectors = [
{ namespace = "kube-system" }
]
# We want to create a profile per AZ for high availability
subnet_ids = [element(module.vpc.private_subnets, i)]
}
}
)
}

resource "aws_iam_policy" "additional" {
name = "${var.name}-additional"

policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
"Effect" : "Allow"
"Action" : "*"
"Resource" : "*"
},
]
})
}
Loading

0 comments on commit 42acaff

Please sign in to comment.