This repository has been archived by the owner on Jan 31, 2021. It is now read-only.
Initial Implementation #1
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This will hold our global config to be used in other resources
joshmyers
force-pushed
the
initial_implementation
branch
2 times, most recently
from
7a09b5d to
7fc4711
Compare
This commit has largely been lifted from our backing services module for Postgres Aurora. It creates a Postgres Aurora cluster and writes the outputs of that to SSM. If no master username / password is given, these are generated as a random strings and saved to SSM using SecureString where necessary. If not postgres_name is given, it defaults to using using the terraform-null-label outputted id.
This is part of terraform-root-modules backing service but I think we will likely want to create the VPC outside of this module and pass it in. I’ve left in for now but we can take out later.
This is used to pull information from our kops cluser by doing a load of data lookups based on some tags. We can then pass things like Kops node security groups around to be used by other modules.
This commit adds ActiveMQ broker and config for CodeFresh Enterprise. An admin user is created and credentials stored encrypted in SSM. A DNS hostname is created for the ActiveMQ endpoints. Note that unlike the other backing modules in here, AmazonMQ resources are not currently their own module. There are only a handful of resources for this AmazonMQ stuff but we can pull it out into a module if we so wish. The default ActiveMQ config [1] has been added. This is optional in the `aws_mq_broker` but due to Terraform not supporting conditional blocks beyond a basic count, it is a pain to conditionally add this. The schema can be found [2] [1] http://svn.apache.org/repos/asf/activemq/trunk/assembly/src/release/conf/activemq.xml [2] https://s3-us-west-2.amazonaws.com/amazon-mq-docs/XML/amazon-mq-active-mq-5.15.0.xsd
We will be injecting these resources into an existing VPC
3.2.10 doesn’t support encryption, see below: ``` Error creating Elasticache Replication Group: InvalidParameterCombination: Encryption features are not supported for engine version 3.2.10. Please use engine version 3.2.6 ```
joshmyers
force-pushed
the
initial_implementation
branch
from
7fc4711 to
abaee64
Compare
aknysh
reviewed
Jan 17, 2019
aknysh
reviewed
Jan 17, 2019
aknysh
reviewed
Jan 17, 2019
aurora-postgres.tf
Outdated
| @@ -0,0 +1,188 @@ | |||
| variable "postgres_name" { | |||
There was a problem hiding this comment.
@osterman should we move all variables from all files into variables.tf for consistency?
since this is a low-level module and not part of terraform-root-modules (where we include variables into the main files)
There was a problem hiding this comment.
and also all outputs to outputs.tf
aknysh
reviewed
Jan 18, 2019
aknysh
reviewed
Jan 18, 2019
aurora-postgres.tf
Outdated
| variable "postgres_cluster_family" { | ||
| type = "string" | ||
| default = "aurora-postgresql9.6" | ||
| description = "Postgres cluster DB family. Currently supported values are aurora-postgresql9.6 / aurora-postgresql10" |
There was a problem hiding this comment.
Suggested change
| description = "Postgres cluster DB family. Currently supported values are aurora-postgresql9.6 / aurora-postgresql10" | |
| description = "Postgres cluster DB family. Currently supported values are `aurora-postgresql9.6` and `aurora-postgresql10`" |
aknysh
reviewed
Jan 18, 2019
aknysh
reviewed
Jan 18, 2019
aknysh
reviewed
Jan 18, 2019
aknysh
reviewed
Jan 18, 2019
aknysh
reviewed
Jan 18, 2019
aknysh
reviewed
Jan 18, 2019
mq.t2.micro is likely not what you want in production.
It is in use in all the submodule we call and we delegate down to them for naming.
joshmyers
changed the title
joshmyers
force-pushed
the
initial_implementation
branch
from
a6dc16e to
7e06728
Compare
To ensure we can use enabled flags on it
Since we have the initial PR merged and have cut a release
Bump aws-mq-broker to 0.3.0, which does not feature enabled flags, so remove them. In its current incarnation the terraform-aws-mq-broker does not support the enabled variable allowing for boolean creation of resources in the module, see [1] for more context. [1] cloudposse/terraform-aws-mq-broker#4
This commit adds variables to enable overriding what VPC and subnet that EFS runs in. If you don’t provide them, it default back to the `var.vpc_id` and `var.subnet_ids` values. During testing of this module, we found something interesting. We were deploying EFS to the backing services VPC, which is a different VPC to the k8s cluster. Our pods were unable to resolve the DNS endpoint of the EFS cluster, despite there being VPC peering between the two, with DNS lookups between them enabled. AWS documentation [1] states that in this scenario, you have a few options: 1) Use the EFS IP address directly (no thanks) 2) Create a DNS entry in Route53 CNAME’ing to the EFS DNS endpoint in a private hosted zone The underlying EFS module does already create a Route53 DNS entry CNAME to the EFS DNS endpoint, but it isn’t in a private zone. The pod could not resolve the Route53 DNS. Deploying EFS into the _same_ VPC as the k8s nodes worked a treat and finally the pods were able to resolve and mount EFS volumes. [1] https://docs.aws.amazon.com/efs/latest/ug/manage-fs-access-vpc-peering.html
goruha
suggested changes
Jan 25, 2019
|
Remove |
|
Remove |
|
Fix To be honest I'm not sure I set |
osterman
reviewed
Jan 25, 2019
CodeFresh Enterprise is not compatible with AmazonMQ on the protocol level and EFS will be moved into a general Kops backing service.
These should be in the caller module, not this generic module.
goruha
previously requested changes
Jan 25, 2019
README.yaml
Outdated
| - AWS Elasticache Redis | ||
| - AWS AmazonMQ (ActiveMQ) | ||
| - AWS S3 bucket with associated user and permissions | ||
| - AWS EFS |
|
|
||
| variable "redis_cluster_enabled" { | ||
| type = "string" | ||
| default = "" |
There was a problem hiding this comment.
Suggested change
| default = "" | |
| default = "true" |
There was a problem hiding this comment.
@goruha This is not needed and will fall back on enabled for the whole module if we don't override a specific service enabled flag like this. It was done like this so we could turn enable/disable individual services if we needed, rather than the entire module enable/disabled
|
|
||
| variable "postgres_cluster_enabled" { | ||
| type = "string" | ||
| default = "" |
There was a problem hiding this comment.
Suggested change
| default = "" | |
| default = "true" |
There was a problem hiding this comment.
@goruha This is not needed and will fall back on enabled for the whole module if we don't override a specific service enabled flag like this. It was done like this so we could turn enable/disable individual services if we needed, rather than the entire module enable/disabled
There was a problem hiding this comment.
For terraform-root-modules I 💯 agree. For this module, I am on the fence.
osterman
changed the title
osterman
changed the title
osterman
previously approved these changes
Jan 25, 2019
|
|
||
| variable "postgres_cluster_enabled" { | ||
| type = "string" | ||
| default = "" |
There was a problem hiding this comment.
For terraform-root-modules I 💯 agree. For this module, I am on the fence.
osterman
approved these changes
Jan 25, 2019
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
what
This PR is a standalone Terraform module to create CodeFresh Enterprise backing services:
Note that this is WIP until cloudposse/terraform-aws-s3-bucket#1 and https://github.com/cloudposse/terraform-aws-mq-broker have been addressed.
why
So we can run CodeFresh Enterprise in Kops clusters.
testing
Given the below variable tfvars:
Note that when ActiveMQ is running in
ACTIVE_STANDBY_MULTI_AZmode, it only takes 2 subnets and will error if more are given. We could just usesubnet_idsand pick 2 of the list.Running the thing:
Note that values are written into SSM as so: