Added HPA with helm

Author: MarwanTamerMo

Terraform/1-provider.tf

@@ -1,4 +1,4 @@
 # Configure the AWS Provider
 provider "aws" {
   region = "us-east-1"
-}
+}

Terraform/modules/eks/main.tf

@@ -1,11 +1,11 @@
 resource "aws_eks_cluster" "main" {
-  name          = var.cluster_name
-  version       = var.cluster_version
-  role_arn      = aws_iam_role.cluster.arn
+  name     = var.cluster_name
+  version  = var.cluster_version
+  role_arn = aws_iam_role.cluster.arn
 
   access_config {
-    authentication_mode                           = "API_AND_CONFIG_MAP"
-    bootstrap_cluster_creator_admin_permissions   = true
+    authentication_mode                         = "API_AND_CONFIG_MAP"
+    bootstrap_cluster_creator_admin_permissions = true
   }
 
   vpc_config {
@@ -72,11 +72,11 @@ resource "aws_iam_role_policy_attachment" "node_policy" {
 
 
 resource "aws_eks_node_group" "main" {
-  for_each          = var.node_groups
-  cluster_name      = aws_eks_cluster.main.name
-  node_group_name   = each.key
-  node_role_arn     = aws_iam_role.node.arn
-  subnet_ids        = var.subnet_ids
+  for_each        = var.node_groups
+  cluster_name    = aws_eks_cluster.main.name
+  node_group_name = each.key
+  node_role_arn   = aws_iam_role.node.arn
+  subnet_ids      = var.subnet_ids
 
   scaling_config {
     desired_size = each.value.scaling_config.desired_size
@@ -92,4 +92,3 @@ resource "aws_eks_node_group" "main" {
     aws_iam_role_policy_attachment.node_policy
   ]
 }
-

argocd/application.yml

@@ -22,10 +22,6 @@ spec:
     automated:
       prune: true
       selfHeal: true
-    syncOptions:
-      - CreateNamespace=true
-      - PrunePropagationPolicy=foreground
-      - ApplyOutOfSyncOnly=true
 
   ignoreDifferences:
     - group: ""

backend/main.tf

@@ -20,9 +20,9 @@ resource "aws_s3_bucket" "terraform_state" {
 
 # DynamoDB Table for state locking
 resource "aws_dynamodb_table" "terraform_locks" {
-  name           = "solar-system-terraform-locks"
-  billing_mode   = "PAY_PER_REQUEST"
-  hash_key       = "LockID"
+  name         = "solar-system-terraform-locks"
+  billing_mode = "PAY_PER_REQUEST"
+  hash_key     = "LockID"
 
   attribute {
     name = "LockID"
@@ -37,8 +37,8 @@ resource "aws_dynamodb_table" "terraform_locks" {
 # IAM OIDC Provider for GitHub
 # ----------------------------
 resource "aws_iam_openid_connect_provider" "github" {
-  url            = "https://token.actions.githubusercontent.com"
-  client_id_list = ["sts.amazonaws.com"]
+  url             = "https://token.actions.githubusercontent.com"
+  client_id_list  = ["sts.amazonaws.com"]
   thumbprint_list = ["1c58a3a8518e8759bf075b76b750d4f2df264fcd"]
 }
 
@@ -96,7 +96,7 @@ resource "aws_iam_role_policy" "github_actions_infra_policy" {
           "s3:DeleteBucket",
           "s3:GetBucketLocation",
           "s3:ListAllMyBuckets",
-          
+
           # DynamoDB for state locking
           "dynamodb:GetItem",
           "dynamodb:PutItem",
@@ -107,13 +107,13 @@ resource "aws_iam_role_policy" "github_actions_infra_policy" {
           "dynamodb:TagResource",
           "dynamodb:UntagResource",
           "dynamodb:ListTagsOfResource",
-          
+
           # EC2/VPC permissions
           "ec2:*",
-          
+
           # EKS permissions
           "eks:*",
-          
+
           # IAM permissions (be more specific in production)
           "iam:CreateRole",
           "iam:DeleteRole",
@@ -146,7 +146,7 @@ resource "aws_iam_role_policy" "github_actions_infra_policy" {
           "iam:TagRole",
           "iam:UntagRole",
           "iam:ListRoleTags",
-          
+
           # Additional permissions for EKS
           "autoscaling:*",
           "logs:*",
@@ -156,4 +156,4 @@ resource "aws_iam_role_policy" "github_actions_infra_policy" {
       }
     ]
   })
-}
+}

helm/templates/deployment.yaml

@@ -14,21 +14,12 @@ spec:
       labels:
         app: {{ .Release.Name }}
     spec:
-      securityContext:
-        runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
       containers:
         - name: {{ .Release.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - containerPort: {{ .Values.service.targetPort }}
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            readOnlyRootFilesystem: true
           env:
             - name: MONGO_URI
               valueFrom:
@@ -44,4 +35,4 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: mongo-secrets
-                  key: MONGO_PASSWORD
+                  key: MONGO_PASSWORD