Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 17:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 83

Add sandbox dev stuff (#7782)

Browse source
This commit is contained in:
Zachary Winnerman 2022-09-15 13:33:49 -04:00 committed by GitHub
parent a1a80c775f
commit ac47c50ee8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 60 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
infrastructure/sandbox/SharedInfrastructure/alb.tf
View file

@ -108,7 +108,7 @@ resource "cloudflare_record" "cert" {
resource "cloudflare_record" "main" {
zone_id = data.cloudflare_zone.main.id
name = "sandbox"
name = local.env_specific[data.aws_caller_identity.current.account_id]["dns_name"]
type = "CNAME"
value = aws_lb.main.dns_name
proxied = false
@ -116,7 +116,7 @@ resource "cloudflare_record" "main" {
resource "cloudflare_record" "wildcard" {
zone_id = data.cloudflare_zone.main.id
name = "*.sandbox"
name = "*.${local.env_specific[data.aws_caller_identity.current.account_id]["dns_name"]}"
type = "CNAME"
value = aws_lb.main.dns_name
proxied = false

11
infrastructure/sandbox/SharedInfrastructure/eks.tf
View file

@ -27,7 +27,8 @@ locals {
cluster_version = "1.21"
account_role_mapping = {
# Add nonprod or other deployed accounts here
411315989055 = "AWSReservedSSO_SandboxProdAdmins_9ccaa4f25c2eada0"
411315989055 = "AWSReservedSSO_SandboxDevAdmins_6cfa1b6052653825"
968703308407 = "AWSReservedSSO_SandboxProdAdmins_9ccaa4f25c2eada0"
}
# Role Generated by SSO but needs admin to EKS
# This hack is needed because "aws_iam_role" returns an unsusable ARN for EKS on SSO roles.
@ -35,6 +36,14 @@ locals {
id = local.account_role_mapping[data.aws_caller_identity.current.account_id]
arn = join("", ["arn:aws:iam::", data.aws_caller_identity.current.account_id, ":role/", local.account_role_mapping[data.aws_caller_identity.current.account_id]])
}
env_specific = {
411315989055 = {
"dns_name" = "sandbox",
}
968703308407 = {
"dns_name" = "sandbox-dev",
}
}
}
output "eks_cluster" {

59
infrastructure/sandbox/main.tf
View file

@ -30,7 +30,7 @@ provider "aws" {
tags = {
environment = "fleet-demo-${terraform.workspace}"
terraform = "https://github.com/fleetdm/fleet/tree/main/infrastructure/sandbox"
state = "s3://fleet-terraform-state20220408141538466600000002/fleet-cloud-sandbox-prod/sandbox/terraform.tfstate"
state = "s3://fleet-terraform-state20220408141538466600000002/${local.env_specific[data.aws_caller_identity.current.account_id]["state_name"]}/sandbox/terraform.tfstate"
}
}
}
@ -41,11 +41,16 @@ provider "aws" {
tags = {
environment = "fleet-demo-${terraform.workspace}"
terraform = "https://github.com/fleetdm/fleet/tree/main/infrastructure/sandbox"
state = "s3://fleet-terraform-state20220408141538466600000002/fleet-cloud-sandbox-prod/sandbox/terraform.tfstate"
state = "s3://fleet-terraform-state20220408141538466600000002/${local.env_specific[data.aws_caller_identity.current.account_id]["state_name"]}/sandbox/terraform.tfstate"
}
}
}
provider "aws" {
alias = "tmp"
region = "us-east-2"
}
provider "cloudflare" {}
provider "random" {}
@ -62,15 +67,31 @@ provider "docker" {
provider "git" {}
data "aws_caller_identity" "current" {}
data "aws_caller_identity" "current" {
provider = aws.tmp
}
data "git_repository" "tf" {
path = "${path.module}/../../"
}
locals {
prefix = "sandbox-prod"
base_domain = "sandbox.fleetdm.com"
env_specific = {
411315989055 = {
"state_name" = "fleet-cloud-sandbox-prod"
"prefix" = "sandbox-prod",
"base_domain" = "sandbox.fleetdm.com",
"subnet" = "11",
},
968703308407 = {
"state_name" = "fleet-cloud-sandbox-dev"
"prefix" = "sandbox-dev",
"base_domain" = "sandbox-dev.fleetdm.com",
"subnet" = "13",
},
}
prefix = local.env_specific[data.aws_caller_identity.current.account_id]["prefix"]
base_domain = local.env_specific[data.aws_caller_identity.current.account_id]["base_domain"]
}
data "aws_iam_policy_document" "kms" {
@ -109,14 +130,30 @@ module "vpc" {
version = "3.12.0"
name = local.prefix
cidr = "10.11.0.0/16"
cidr = "10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.0.0/16"
# TODO hard coded AZs
azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
private_subnets = ["10.11.16.0/20", "10.11.32.0/20", "10.11.48.0/20"]
public_subnets = ["10.11.128.0/24", "10.11.129.0/24", "10.11.130.0/24"]
database_subnets = ["10.11.131.0/24", "10.11.132.0/24", "10.11.133.0/24"]
elasticache_subnets = ["10.11.134.0/24", "10.11.135.0/24", "10.11.136.0/24"]
azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
private_subnets = [
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.16.0/20",
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.32.0/20",
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.48.0/20",
]
public_subnets = [
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.128.0/24",
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.129.0/24",
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.130.0/24",
]
database_subnets = [
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.131.0/24",
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.132.0/24",
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.133.0/24",
]
elasticache_subnets = [
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.134.0/24",
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.135.0/24",
"10.${local.env_specific[data.aws_caller_identity.current.account_id]["subnet"]}.136.0/24",
]
create_database_subnet_group = false
create_database_subnet_route_table = true