Merge pull request #39 from MaterializeInc/remove-provider-config

Remove providers definition from root module

Author: alex-hunt-materialize

README.md

@@ -9,6 +9,56 @@ The module has been tested with:
 - PostgreSQL 15
 - Materialize Helm Operator Terraform Module v0.1.1
 
+## Providers Configuration
+
+The module requires the following providers to be configured:
+
+```hcl
+provider "aws" {
+  region = "us-east-1"
+  # Other AWS provider configuration as needed
+}
+
+# Required for EKS authentication
+provider "kubernetes" {
+  host                   = module.materialize_infrastructure.eks_cluster_endpoint
+  cluster_ca_certificate = base64decode(module.materialize_infrastructure.cluster_certificate_authority_data)
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["eks", "get-token", "--cluster-name", module.materialize_infrastructure.eks_cluster_name]
+    command     = "aws"
+  }
+}
+
+# Required for Materialize Operator installation
+provider "helm" {
+  kubernetes {
+    host                   = module.materialize_infrastructure.eks_cluster_endpoint
+    cluster_ca_certificate = base64decode(module.materialize_infrastructure.cluster_certificate_authority_data)
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      args        = ["eks", "get-token", "--cluster-name", module.materialize_infrastructure.eks_cluster_name]
+      command     = "aws"
+    }
+  }
+}
+
+module "materialize_infrastructure" {
+  source = "git::https://github.com/MaterializeInc/terraform-aws-materialize.git"
+  # Other required variables
+}
+```
+
+> **Note:** The Kubernetes and Helm providers are configured to use the AWS CLI for authentication with the EKS cluster. This requires that you have the AWS CLI installed and configured with access to the AWS account where the EKS cluster is deployed.
+
+You can also set the `AWS_PROFILE` environment variable to the name of the profile you want to use for authentication with the EKS cluster:
+
+```bash
+export AWS_PROFILE=your-profile-name
+```
+
 ## Requirements
 
 | Name | Version |
@@ -54,7 +104,7 @@ The module has been tested with:
 |------|-------------|------|---------|:--------:|
 | <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | List of availability zones | `list(string)` | <pre>[<br/>  "us-east-1a",<br/>  "us-east-1b",<br/>  "us-east-1c"<br/>]</pre> | no |
 | <a name="input_bucket_force_destroy"></a> [bucket\_force\_destroy](#input\_bucket\_force\_destroy) | Enable force destroy for the S3 bucket | `bool` | `true` | no |
-| <a name="input_bucket_lifecycle_rules"></a> [bucket\_lifecycle\_rules](#input\_bucket\_lifecycle\_rules) | List of lifecycle rules for the S3 bucket | <pre>list(object({<br/>    id                                 = string<br/>    enabled                            = bool<br/>    prefix                             = string<br/>    transition_days                    = number<br/>    transition_storage_class           = string<br/>    expiration_days                    = number<br/>    noncurrent_version_expiration_days = number<br/>  }))</pre> | <pre>[<br/>  {<br/>    "enabled": true,<br/>    "expiration_days": 365,<br/>    "id": "cleanup",<br/>    "noncurrent_version_expiration_days": 90,<br/>    "prefix": "",<br/>    "transition_days": 90,<br/>    "transition_storage_class": "STANDARD_IA"<br/>  }<br/>]</pre> | no |
+| <a name="input_bucket_lifecycle_rules"></a> [bucket\_lifecycle\_rules](#input\_bucket\_lifecycle\_rules) | List of lifecycle rules for the S3 bucket | <pre>list(object({<br/>    id                                 = string<br/>    enabled                            = bool<br/>    prefix                             = string<br/>    transition_days                    = number<br/>    transition_storage_class           = string<br/>    noncurrent_version_expiration_days = number<br/>  }))</pre> | <pre>[<br/>  {<br/>    "enabled": true,<br/>    "id": "cleanup",<br/>    "noncurrent_version_expiration_days": 90,<br/>    "prefix": "",<br/>    "transition_days": 90,<br/>    "transition_storage_class": "STANDARD_IA"<br/>  }<br/>]</pre> | no |
 | <a name="input_cluster_enabled_log_types"></a> [cluster\_enabled\_log\_types](#input\_cluster\_enabled\_log\_types) | List of desired control plane logging to enable | `list(string)` | <pre>[<br/>  "api",<br/>  "audit",<br/>  "authenticator",<br/>  "controllerManager",<br/>  "scheduler"<br/>]</pre> | no |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | Kubernetes version for the EKS cluster | `string` | `"1.32"` | no |
 | <a name="input_create_vpc"></a> [create\_vpc](#input\_create\_vpc) | Controls if VPC should be created (it affects almost all resources) | `bool` | `true` | no |
@@ -103,6 +153,7 @@ The module has been tested with:
 
 | Name | Description |
 |------|-------------|
+| <a name="output_cluster_certificate_authority_data"></a> [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster |
 | <a name="output_database_endpoint"></a> [database\_endpoint](#output\_database\_endpoint) | RDS instance endpoint |
 | <a name="output_eks_cluster_endpoint"></a> [eks\_cluster\_endpoint](#output\_eks\_cluster\_endpoint) | EKS cluster endpoint |
 | <a name="output_eks_cluster_name"></a> [eks\_cluster\_name](#output\_eks\_cluster\_name) | EKS cluster name |

docs/header.md

@@ -7,3 +7,53 @@ Terraform module for deploying Materialize on AWS Cloud Platform with all requir
 The module has been tested with:
 - PostgreSQL 15
 - Materialize Helm Operator Terraform Module v0.1.1
+
+## Providers Configuration
+
+The module requires the following providers to be configured:
+
+```hcl
+provider "aws" {
+  region = "us-east-1"
+  # Other AWS provider configuration as needed
+}
+
+# Required for EKS authentication
+provider "kubernetes" {
+  host                   = module.materialize_infrastructure.eks_cluster_endpoint
+  cluster_ca_certificate = base64decode(module.materialize_infrastructure.cluster_certificate_authority_data)
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    args        = ["eks", "get-token", "--cluster-name", module.materialize_infrastructure.eks_cluster_name]
+    command     = "aws"
+  }
+}
+
+# Required for Materialize Operator installation
+provider "helm" {
+  kubernetes {
+    host                   = module.materialize_infrastructure.eks_cluster_endpoint
+    cluster_ca_certificate = base64decode(module.materialize_infrastructure.cluster_certificate_authority_data)
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      args        = ["eks", "get-token", "--cluster-name", module.materialize_infrastructure.eks_cluster_name]
+      command     = "aws"
+    }
+  }
+}
+
+module "materialize_infrastructure" {
+  source = "git::https://github.com/MaterializeInc/terraform-aws-materialize.git"
+  # Other required variables
+}
+```
+
+> **Note:** The Kubernetes and Helm providers are configured to use the AWS CLI for authentication with the EKS cluster. This requires that you have the AWS CLI installed and configured with access to the AWS account where the EKS cluster is deployed.
+
+You can also set the `AWS_PROFILE` environment variable to the name of the profile you want to use for authentication with the EKS cluster:
+
+```bash
+export AWS_PROFILE=your-profile-name
+```

examples/simple/main.tf

@@ -2,11 +2,41 @@ provider "aws" {
   region = "us-east-1"
 }
 
+provider "kubernetes" {
+  host                   = module.materialize_infrastructure.eks_cluster_endpoint
+  cluster_ca_certificate = base64decode(module.materialize_infrastructure.cluster_certificate_authority_data)
+
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    args        = ["eks", "get-token", "--cluster-name", module.materialize_infrastructure.eks_cluster_name]
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = module.materialize_infrastructure.eks_cluster_endpoint
+    cluster_ca_certificate = base64decode(module.materialize_infrastructure.cluster_certificate_authority_data)
+
+    exec {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      args        = ["eks", "get-token", "--cluster-name", module.materialize_infrastructure.eks_cluster_name]
+    }
+  }
+}
+
 module "materialize_infrastructure" {
   # To pull this from GitHub, use the following:
   # source = "git::https://github.com/MaterializeInc/terraform-aws-materialize.git"
   source = "../../"
 
+  providers = {
+    aws        = aws
+    kubernetes = kubernetes
+    helm       = helm
+  }
+
   # The namespace and environment variables are used to construct the names of the resources
   # e.g. ${namespace}-${environment}-storage, ${namespace}-${environment}-db etc.
   namespace   = var.namespace
@@ -140,3 +170,9 @@ output "materialize_s3_role_arn" {
   description = "The ARN of the IAM role for Materialize"
   value       = module.materialize_infrastructure.materialize_s3_role_arn
 }
+
+output "cluster_certificate_authority_data" {
+  description = "The CA certificate for the EKS cluster"
+  value       = module.materialize_infrastructure.cluster_certificate_authority_data
+  sensitive   = true
+}

modules/storage/main.tf

@@ -49,10 +49,6 @@ resource "aws_s3_bucket_lifecycle_configuration" "materialize_storage" {
         storage_class = rule.value.transition_storage_class
       }
 
-      expiration {
-        days = rule.value.expiration_days
-      }
-
       noncurrent_version_expiration {
         noncurrent_days = rule.value.noncurrent_version_expiration_days
       }

modules/storage/variables.tf

@@ -34,7 +34,6 @@ variable "bucket_lifecycle_rules" {
     prefix                             = string
     transition_days                    = number
     transition_storage_class           = string
-    expiration_days                    = number
     noncurrent_version_expiration_days = number
   }))
 }

outputs.tf

@@ -13,6 +13,11 @@ output "eks_cluster_name" {
   value       = module.eks.cluster_name
 }
 
+output "cluster_certificate_authority_data" {
+  description = "Base64 encoded certificate data required to communicate with the cluster"
+  value       = module.eks.cluster_certificate_authority_data
+}
+
 output "database_endpoint" {
   description = "RDS instance endpoint"
   value       = module.database.db_instance_endpoint

providers.tf

@@ -218,7 +218,6 @@ variable "bucket_lifecycle_rules" {
     prefix                             = string
     transition_days                    = number
     transition_storage_class           = string
-    expiration_days                    = number
     noncurrent_version_expiration_days = number
   }))
   default = [{
@@ -227,7 +226,6 @@ variable "bucket_lifecycle_rules" {
     prefix                             = ""
     transition_days                    = 90
     transition_storage_class           = "STANDARD_IA"
-    expiration_days                    = 365
     noncurrent_version_expiration_days = 90
   }]
 }