Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add example tf files for custom vpc, sql, redis, eks #208

Merged
merged 5 commits into from
Jul 8, 2024
Merged

feat: Add example tf files for custom vpc, sql, redis, eks #208

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
00c48cf
add example tf files for custom vpc, sql, redis
velotioaastha May 8, 2024
0991401
add standard examples tf
velotioaastha May 10, 2024
2abc787
add standard & custom examples tf
velotioaastha May 13, 2024
e36d8db
Merge branch 'main' into aastha/example-tf
May 15, 2024
c0b4f40
Merge branch 'main' into aastha/example-tf
velotioaastha Jun 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
258 changes: 258 additions & 0 deletions examples/byo-vpc-eks-sql-redis/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,258 @@
provider "aws" {
region = "us-east-1"


default_tags {
tags = {
GithubRepo = "terraform-aws-wandb"
GithubOrg = "wandb"
Enviroment = "Example"
Example = "BYO-VPC-EKS-SQL-REDIS"
}
}
}
data "aws_s3_bucket" "file_storage" {
depends_on = [module.file_storage]
bucket = local.bucket_name
}

data "aws_sqs_queue" "file_storage" {
count = local.use_internal_queue ? 0 : 1
depends_on = [module.file_storage]
name = local.bucket_queue_name
}

data "aws_eks_cluster" "app_cluster" {
name = var.eks_cluster_name
}

data "aws_eks_cluster_auth" "app_cluster" {
name = var.eks_cluster_name
}

provider "kubernetes" {
host = data.aws_eks_cluster.app_cluster.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.app_cluster.certificate_authority[0].data)
token = data.aws_eks_cluster_auth.app_cluster.token
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.app_cluster.name]
command = "aws"
}
}

provider "helm" {
kubernetes {
host = data.aws_eks_cluster.app_cluster.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.app_cluster.certificate_authority[0].data)
token = data.aws_eks_cluster_auth.app_cluster.token
exec {
api_version = "client.authentication.k8s.io/v1beta1"
args = ["eks", "get-token", "--cluster-name", data.aws_eks_cluster.app_cluster.name]
command = "aws"
}
}
}

locals {
kms_key_arn = var.kms_key_arn
use_external_bucket = var.bucket_name != ""
use_internal_queue = local.use_external_bucket || var.use_internal_queue
}

module "file_storage" {
count = var.create_bucket ? 1 : 0
source = "../../modules/file_storage"

create_queue = !local.use_internal_queue
deletion_protection = var.deletion_protection
kms_key_arn = local.kms_key_arn
namespace = var.namespace
sse_algorithm = "aws:kms"
}

locals {
bucket_name = local.use_external_bucket ? var.bucket_name : module.file_storage.0.bucket_name
bucket_queue_name = local.use_internal_queue ? null : module.file_storage.0.bucket_queue_name
}

locals {
network_id = var.network_id
network_public_subnets = var.network_public_subnets
network_private_subnets = var.network_private_subnets
}

locals {
create_certificate = var.public_access && var.acm_certificate_arn == null

fqdn = var.subdomain == null ? var.domain_name : "${var.subdomain}.${var.domain_name}"
}

# Create SSL Ceritifcation if applicable
module "acm" {
source = "terraform-aws-modules/acm/aws"
version = "~> 3.0"

create_certificate = local.create_certificate

subject_alternative_names = var.extra_fqdn

domain_name = var.external_dns ? local.fqdn : var.domain_name
zone_id = var.zone_id

wait_for_validation = true
}

locals {
acm_certificate_arn = local.create_certificate ? module.acm.acm_certificate_arn : var.acm_certificate_arn
url = local.acm_certificate_arn == null ? "http://${local.fqdn}" : "https://${local.fqdn}"
domain_filter = var.custom_domain_filter == null || var.custom_domain_filter == "" ? local.fqdn : var.custom_domain_filter
internal_app_port = 32543
}

locals {
full_fqdn = var.enable_dummy_dns ? "old.${local.fqdn}" : local.fqdn
extra_fqdn = var.enable_dummy_dns ? [for fqdn in var.extra_fqdn : "old.${fqdn}"] : var.extra_fqdn
}

module "app_lb" {
source = "../../modules/app_lb"

namespace = var.namespace
load_balancing_scheme = var.public_access ? "PUBLIC" : "PRIVATE"
acm_certificate_arn = local.acm_certificate_arn
zone_id = var.zone_id

fqdn = local.full_fqdn
extra_fqdn = local.extra_fqdn
allowed_inbound_cidr = var.allowed_inbound_cidr
allowed_inbound_ipv6_cidr = var.allowed_inbound_ipv6_cidr
target_port = local.internal_app_port

network_id = local.network_id
network_private_subnets = local.network_private_subnets
network_public_subnets = local.network_public_subnets
}

module "private_link" {
count = length(var.private_link_allowed_account_ids) > 0 ? 1 : 0
source = "../../modules/private_link"

namespace = var.namespace
allowed_account_ids = var.private_link_allowed_account_ids
deletion_protection = var.deletion_protection
network_private_subnets = local.network_private_subnets
alb_name = local.lb_name_truncated
vpc_id = local.network_id

depends_on = [
module.wandb
]
}

resource "aws_autoscaling_attachment" "autoscaling_attachment" {
for_each = var.autoscaling_group_names
autoscaling_group_name = each.value
lb_target_group_arn = module.app_lb.tg_app_arn
}

locals {
max_lb_name_length = 32 - length("-alb-k8s")
lb_name_truncated = "${substr(var.namespace, 0, local.max_lb_name_length)}-alb-k8s"
}

module "wandb" {
source = "wandb/wandb/helm"
version = "1.2.0"

depends_on = [
module.app_lb,
]
operator_chart_version = "1.1.2"
controller_image_tag = "1.10.1"

spec = {
values = {
global = {
host = local.url
license = var.license

extraEnv = var.other_wandb_env

bucket = {
provider = "s3"
name = local.bucket_name
region = data.aws_s3_bucket.file_storage.region
kmsKey = local.use_external_bucket ? var.bucket_kms_key_arn : local.kms_key_arn
}

mysql = {
host = var.database_endpoint
password = var.database_master_password
user = var.database_master_username
database = var.database_name
port = var.database_port
}

redis = {
host = var.redis_host
port = "${var.redis_port}?tls=true&ttlInSeconds=604800"
}
}

ingress = {
class = "alb"

additionalHosts = concat(var.extra_fqdn, length(var.private_link_allowed_account_ids) > 0 ? [""] : [])

annotations = merge({
"alb.ingress.kubernetes.io/load-balancer-name" = local.lb_name_truncated
"alb.ingress.kubernetes.io/inbound-cidrs" = <<-EOF
${join("\\,", var.allowed_inbound_cidr)}
EOF
"external-dns.alpha.kubernetes.io/ingress-hostname-source" = "annotation-only"
"alb.ingress.kubernetes.io/scheme" = var.kubernetes_alb_internet_facing ? "internet-facing" : "internal"
"alb.ingress.kubernetes.io/target-type" = "ip"
"alb.ingress.kubernetes.io/listen-ports" = "[{\\\"HTTPS\\\": 443}]"
"alb.ingress.kubernetes.io/certificate-arn" = local.acm_certificate_arn
},
length(var.extra_fqdn) > 0 && var.enable_dummy_dns ? {
"external-dns.alpha.kubernetes.io/hostname" = <<-EOF
${local.fqdn}\,${join("\\,", var.extra_fqdn)}\,${local.fqdn}
EOF
} : {
"external-dns.alpha.kubernetes.io/hostname" = var.enable_operator_alb ? local.fqdn : ""
},
length(var.kubernetes_alb_subnets) > 0 ? {
"alb.ingress.kubernetes.io/subnets" = <<-EOF
${join("\\,", var.kubernetes_alb_subnets)}
EOF
} : {})

}

app = var.enable_operator_alb ? {} : {
extraEnv = merge({
"GORILLA_GLUE_LIST" = "true"
}, var.app_wandb_env)
}

mysql = { install = false }
redis = { install = false }

weave = {
persistence = {
provider = "efs"
efs = {
fileSystemId = var.efs_id
}
}
extraEnv = var.weave_wandb_env
}

parquet = {
extraEnv = var.parquet_wandb_env
}
}
}
}
Loading
Loading