From d03b86ad6726d887e0179433403cd79eca1ac128 Mon Sep 17 00:00:00 2001 From: Bill Monkman Date: Tue, 23 Jun 2020 15:27:23 -0700 Subject: [PATCH 1/2] Added features necessary to support the new zero apply command Added optional auto approve in make targets Added checking for existing resources and skipping bootstrap steps Added random seed for secret suffixes Upgraded EKS version to 1.16 and module to 12.1.0 --- Makefile | 3 ++- templates/Makefile | 15 ++++++++------- templates/terraform/bootstrap/secrets/main.tf | 2 +- .../terraform/environments/production/main.tf | 2 +- templates/terraform/environments/staging/main.tf | 2 +- templates/terraform/modules/eks/main.tf | 2 +- templates/terraform/modules/secret/main.tf | 1 + templates/terraform/modules/secret/variables.tf | 8 ++++++-- zero-module.yml | 6 ++++++ 9 files changed, 27 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 841caf6..ae65654 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,4 @@ run: - @echo Done + cd $(PROJECT_DIR) && AUTO_APPROVE="-auto-approve" make + diff --git a/templates/Makefile b/templates/Makefile index e4011fc..0ffb0ee 100644 --- a/templates/Makefile +++ b/templates/Makefile @@ -2,28 +2,29 @@ ENVIRONMENT ?= staging apply: apply-remote-state apply-secrets apply-env apply-k8s-utils -## remove state file only if exit code 0 from terraform apply apply-remote-state: + aws s3 ls <% .Name %>-$(ENVIRONMENT)-terraform-state || (\ pushd terraform/bootstrap/remote-state && \ terraform init && \ - terraform apply -var "environment=$(ENVIRONMENT)" && \ - rm ./terraform.tfstate + terraform apply -var "environment=$(ENVIRONMENT)" $(AUTO_APPROVE) && \ + rm ./terraform.tfstate) apply-secrets: + aws iam list-access-keys --user-name <% .Name %>-ci-user > /dev/null || (\ pushd terraform/bootstrap/secrets && \ terraform init && \ - terraform apply && \ - rm ./terraform.tfstate + terraform apply $(AUTO_APPROVE) && \ + rm ./terraform.tfstate) apply-env: pushd terraform/environments/$(ENVIRONMENT); \ terraform init && \ - terraform apply + terraform apply $(AUTO_APPROVE) apply-k8s-utils: update-k8s-conf pushd kubernetes/terraform/environments/$(ENVIRONMENT) && \ terraform init && \ - terraform apply + terraform apply $(AUTO_APPROVE) update-k8s-conf: aws eks --region <% index .Params `region` %> update-kubeconfig --name <% .Name %>-$(ENVIRONMENT)-<% index .Params `region` %> diff --git a/templates/terraform/bootstrap/secrets/main.tf b/templates/terraform/bootstrap/secrets/main.tf index 8089891..0b90a68 100644 --- a/templates/terraform/bootstrap/secrets/main.tf +++ b/templates/terraform/bootstrap/secrets/main.tf @@ -26,7 +26,7 @@ resource "aws_iam_access_key" "ci_user" { module "ci_user_keys" { source = "../../modules/secret" - name_prefix = "ci-user-aws-keys" + name = "ci-user-aws-keys<% index .Params `randomSeed` %>" type = "map" values = map("access_key_id", aws_iam_access_key.ci_user.id, "secret_key", aws_iam_access_key.ci_user.secret) tags = map("project", local.project) diff --git a/templates/terraform/environments/production/main.tf b/templates/terraform/environments/production/main.tf index 2fee691..9b1ff9f 100644 --- a/templates/terraform/environments/production/main.tf +++ b/templates/terraform/environments/production/main.tf @@ -23,7 +23,7 @@ module "production" { ecr_repositories = [] # Should be created by the staging environment # EKS configuration - eks_cluster_version = "1.15" + eks_cluster_version = "1.16" eks_worker_instance_type = "t3.medium" eks_worker_asg_min_size = 2 eks_worker_asg_max_size = 4 diff --git a/templates/terraform/environments/staging/main.tf b/templates/terraform/environments/staging/main.tf index 5fb49ae..f6dbd1f 100644 --- a/templates/terraform/environments/staging/main.tf +++ b/templates/terraform/environments/staging/main.tf @@ -22,7 +22,7 @@ module "staging" { ecr_repositories = [ "<% .Name %>" ] # EKS configuration - eks_cluster_version = "1.15" + eks_cluster_version = "1.16" eks_worker_instance_type = "t3.medium" eks_worker_asg_min_size = 1 eks_worker_asg_max_size = 3 diff --git a/templates/terraform/modules/eks/main.tf b/templates/terraform/modules/eks/main.tf index 05a3e87..78525fc 100644 --- a/templates/terraform/modules/eks/main.tf +++ b/templates/terraform/modules/eks/main.tf @@ -16,7 +16,7 @@ provider "kubernetes" { module "eks" { source = "terraform-aws-modules/eks/aws" - version = "10.0.0" + version = "12.1.0" cluster_name = var.cluster_name cluster_version = var.cluster_version diff --git a/templates/terraform/modules/secret/main.tf b/templates/terraform/modules/secret/main.tf index 963038c..faafaf0 100644 --- a/templates/terraform/modules/secret/main.tf +++ b/templates/terraform/modules/secret/main.tf @@ -1,6 +1,7 @@ # Add the keys to AWS secrets manager resource "aws_secretsmanager_secret" "secret" { name_prefix = var.name_prefix + name = var.name tags = var.tags } diff --git a/templates/terraform/modules/secret/variables.tf b/templates/terraform/modules/secret/variables.tf index 11a46c1..70ce3d6 100644 --- a/templates/terraform/modules/secret/variables.tf +++ b/templates/terraform/modules/secret/variables.tf @@ -1,6 +1,10 @@ +variable "name" { + default = "" + description = "The name of the secret in Secrets Manager (only one of name or name_prefix can be specified)" +} variable "name_prefix" { - default = "secret-key" - description = "The name prefix of the secret in Secrets Manager" + default = "" + description = "The name prefix of the secret in Secrets Manager - a random suffix will be appended (only one of name or name_prefix can be specified)" } variable type { diff --git a/zero-module.yml b/zero-module.yml index a2fe47a..e3a1b2c 100644 --- a/zero-module.yml +++ b/zero-module.yml @@ -44,4 +44,10 @@ parameters: - field: eksWorkerAMI label: EKS Worker EC2 AMI ID execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.15/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"' + - field: eksWorkerAMI + label: EKS Worker EC2 AMI ID + execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.15/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"' + - field: randomSeed + label: Random seed that will be shared between projects to come up with deterministic resource names + execute: uuidgen From 2fd491844a61a05495b353fd124bfbd3b70c33cc Mon Sep 17 00:00:00 2001 From: Bill Monkman Date: Tue, 23 Jun 2020 15:51:48 -0700 Subject: [PATCH 2/2] Removed duplicate param in zero module and changed to use 1.16 eks ami --- zero-module.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/zero-module.yml b/zero-module.yml index e3a1b2c..cf06ab4 100644 --- a/zero-module.yml +++ b/zero-module.yml @@ -43,10 +43,7 @@ parameters: execute: aws sts get-caller-identity --query "Account" | tr -d '"' - field: eksWorkerAMI label: EKS Worker EC2 AMI ID - execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.15/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"' - - field: eksWorkerAMI - label: EKS Worker EC2 AMI ID - execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.15/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"' + execute: aws ssm get-parameters --names /aws/service/eks/optimized-ami/1.16/amazon-linux-2/recommended/image_id --region $region --query "Parameters[0].Value" | tr -d '"' - field: randomSeed label: Random seed that will be shared between projects to come up with deterministic resource names execute: uuidgen