1- provider "aws" {
2- # TODO: Change this
3- profile = " opszero"
4- # TODO: Change this
5- region = " us-west-2"
6- }
1+ # provider "aws" {
2+ # # TODO: Change this
3+ # profile = "opszero"
4+ # # TODO: Change this
5+ # region = "us-west-2"
6+ # }
77
88locals {
9- environment_name = " appcensus-dev "
10- profile = " appcensus-staging"
9+ environment_name = " auguria-pj5za11 "
10+ # profile = "appcensus-staging"
1111}
1212
1313provider "aws" {
14- profile = . profile
15- region = " us-east-1"
14+ # profile = local.profile
15+ region = " us-east-1"
1616}
1717
1818provider "helm" {
1919 kubernetes {
20- config_path = " . /kubeconfig"
20+ config_path = " ~ /kubeconfig"
2121 }
2222}
2323
2424provider "kubernetes" {
25- config_path = " . /kubeconfig"
25+ config_path = " ~ /kubeconfig"
2626}
2727
2828
29+ data "aws_caller_identity" "current" {}
2930
3031module "opszero-eks" {
31- source = " github.com/opszero/terraform-aws-kubespot "
32+ source = " ./../.. "
3233
3334 zones =
3435 " us-east-1a"
@@ -37,19 +38,30 @@ module "opszero-eks" {
3738
3839 cluster_version = " 1.31"
3940 environment_name = . environment_name
40- iam_users =
41- " abhi@opszero.com" = {
42- rbac_groups = [
43- " system:masters"
44- ]
45- },
46- " bitbucket-deployer" = {
47- rbac_groups = [
48- " system:masters"
49- ]
41+ # iam_users = {
42+ # "abhi@opszero.com" = {
43+ # rbac_groups = [
44+ # "system:masters"
45+ # ]
46+ # },
47+ # "bitbucket-deployer" = {
48+ # rbac_groups = [
49+ # "system:masters"
50+ # ]
51+ # },
52+ #
53+ # }
54+ cluster_authentication_mode = " API"
55+
56+ access_policies =
57+ {
58+ principal_arn = " arn:aws:iam::${ data . aws_caller_identity . current . account_id } :role/OrganizationAccountAccessRole"
59+ policy_arn = " arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
60+ access_scope = {
61+ type = " cluster"
62+ }
5063 },
51-
52- }
64+ ]
5365 cidr_block = " 10.3.0.0/16"
5466 cidr_block_public_subnet =
5567 " 10.3.0.0/18"
@@ -61,27 +73,27 @@ module "opszero-eks" {
6173 ]
6274
6375 node_groups =
64- " t3a-medium-spot" = {
65- # Have to use a custom launch template to get encrypted root volumes.
66- instance_types = [
67- " t3a.medium"
68- ]
69- capacity_type = " SPOT"
70- nodes_in_public_subnet = false
71- node_desired_capacity = 3 ,
72- nodes_max_size = 3 ,
73- nodes_min_size = 3
74- ami_type = " CUSTOM"
75- node_disk_encrypted = true
76- },
76+ # "t3a-medium-spot" = {
77+ # # Have to use a custom launch template to get encrypted root volumes.
78+ # instance_types = [
79+ # "t3a.medium",
80+ # ]
81+ # capacity_type = "SPOT"
82+ # nodes_in_public_subnet = false
83+ # node_desired_capacity = 3,
84+ # nodes_max_size = 3,
85+ # nodes_min_size = 3
86+ # ami_type = "CUSTOM"
87+ # node_disk_encrypted = true
88+ # },
7789 " t3a-medium-spot2" = {
7890 instance_types = [
7991 " t3a.medium"
8092 ]
8193 node_disk_size = 32
8294 nodes_in_public_subnet = false
83- node_desired_capacity = 1 ,
84- nodes_max_size = 1 ,
95+ node_desired_capacity = 3 ,
96+ nodes_max_size = 3 ,
8597 nodes_min_size = 1
8698 node_disk_encrypted = true
8799 }
@@ -96,14 +108,14 @@ module "opszero-eks" {
96108 efs_enabled = false
97109 # csi
98110 s3_csi_driver_enabled = false
99- s3_csi_bucket_names = " test-6647373dd " # name of s3
111+ s3_csi_bucket_names = " test-66472373dd " # name of s3
100112}
101113
102- module "helm-common" {
103- source = " github.com/opszero/terraform-helm-kubespot"
104- cert_manager_email = " ops@opszero.com"
105-
106- nginx_min_replicas = 1
107- nginx_max_replicas = 3
108- }
114+ # module "helm-common" {
115+ # source = "github.com/opszero/terraform-helm-kubespot"
116+ # cert_manager_email = "ops@opszero.com"
117+ #
118+ # nginx_min_replicas = 1
119+ # nginx_max_replicas = 3
120+ # }
109121
0 commit comments