Skip to content

Commit

Permalink
tidy files up
Browse files Browse the repository at this point in the history
  • Loading branch information
@BrianEllwood
BrianEllwood committed Jan 10, 2025
1 parent ce3a508 commit a254b6f
Show file tree
Hide file tree
Showing 6 changed files with 0 additions and 269 deletions.
3 changes: 0 additions & 3 deletions terraform/aws/analytical-platform-data-production/airflow/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,3 @@ data "tls_certificate" "analytical_platform_development_eks_oidc_issuer" {
url = data.aws_eks_cluster.analytical_platform_development.identity[0].oidc[0].issuer
}

# data "tls_certificate" "airflow_dev_eks_cluster" {
# url = aws_eks_cluster.airflow_dev_eks_cluster.identity[0].oidc[0].issuer
# }
146 changes: 0 additions & 146 deletions terraform/aws/analytical-platform-data-production/airflow/eks.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,152 +16,6 @@ resource "aws_eks_cluster" "airflow_dev_eks_cluster" {
}
}

# resource "aws_security_group" "airflow_dev_cluster_additional_security_group" {
# name = var.dev_cluster_additional_sg_name
# description = "Managed by Pulumi"
# vpc_id = aws_vpc.airflow_dev.id
# ingress {
# description = "Allow pods to communicate with the cluster API Server"
# protocol = "tcp"
# from_port = 443
# to_port = 443
# security_groups = [var.dev_cluster_node_sg_id]
# }
# egress {
# description = "Allow internet access."
# protocol = "-1"
# cidr_blocks = ["0.0.0.0/0"]
# from_port = 0
# to_port = 0
# }
# }

# resource "aws_security_group" "airflow_dev_cluster_node_security_group" {
# name = var.dev_cluster_node_sg_name
# description = "Managed by Pulumi"
# vpc_id = aws_vpc.airflow_dev.id

# ingress {
# description = "Allow nodes to communicate with each other"
# protocol = "-1"
# from_port = 0
# to_port = 0
# security_groups = []
# self = true
# }
# ingress {
# description = "Allow worker Kubelets and pods to receive communication from the cluster control plane"
# protocol = "tcp"
# from_port = 1025
# to_port = 65535
# security_groups = [var.dev_cluster_additional_sg_id]
# }
# ingress {
# description = "Allow pods running extension API servers on port 443 to receive communication from cluster control plane"
# protocol = "tcp"
# from_port = 443
# to_port = 443
# security_groups = [var.dev_cluster_additional_sg_id]
# }

# egress {
# description = "Allow internet access."
# protocol = "-1"
# cidr_blocks = ["0.0.0.0/0"]
# from_port = 0
# to_port = 0
# }
# }

# output "endpoint" {
# value = aws_eks_cluster.airflow_dev_eks_cluster.endpoint
# }

# output "kubeconfig_certificate_authority_data" {
# value = aws_eks_cluster.airflow_dev_eks_cluster.certificate_authority[0].data
# }

# resource "aws_eks_node_group" "dev_node_group_standard" {
# cluster_name = aws_eks_cluster.airflow_dev_eks_cluster.name
# node_group_name = "standard"
# node_role_arn = aws_iam_role.airflow_dev_node_instance_role.arn
# subnet_ids = aws_subnet.dev_private_subnet[*].id

# launch_template {
# id = aws_launch_template.dev_standard.id
# version = aws_launch_template.dev_standard.latest_version
# }

# scaling_config {
# desired_size = 1
# max_size = 10
# min_size = 1
# }

# update_config {
# max_unavailable = 1
# }

# # Allow external changes without Terraform plan difference
# lifecycle {
# ignore_changes = [scaling_config[0].desired_size]
# }
# }

# resource "aws_eks_node_group" "dev_node_group_high_memory" {
# cluster_name = aws_eks_cluster.airflow_dev_eks_cluster.name
# node_group_name = "high-memory"
# node_role_arn = aws_iam_role.airflow_dev_node_instance_role.arn
# subnet_ids = aws_subnet.dev_private_subnet[*].id

# launch_template {
# id = aws_launch_template.dev_high_memory.id
# version = aws_launch_template.dev_high_memory.latest_version
# }

# scaling_config {
# desired_size = 0
# max_size = 1
# min_size = 0
# }

# update_config {
# max_unavailable = 1
# }

# # Allow external changes without Terraform plan difference
# lifecycle {
# ignore_changes = [scaling_config[0].desired_size]
# }

# taint {
# key = "high-memory"
# value = "true"
# effect = "NO_SCHEDULE"
# }

# labels = {
# high-memory = "true"
# }
# }


# resource "kubernetes_config_map" "dev_aws_auth_configmap" {
# provider = kubernetes.dev-airflow-cluster
# metadata {
# name = "aws-auth"
# namespace = "kube-system"
# labels = {
# "app.kubernetes.io/managed-by" = "terraform"
# }
# }

# data = {
# "mapRoles" = file("./files/dev/aws-auth-configmap.yaml")
# }

# }

######################################
########### EKS PRODUCTION ###########
######################################
Expand Down
33 changes: 0 additions & 33 deletions terraform/aws/analytical-platform-data-production/airflow/helm-charts.tf
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,5 @@
### Dev Resources

# resource "helm_release" "kyverno_dev" {
# name = "kyverno"
# repository = "https://kyverno.github.io/kyverno/"
# chart = "kyverno"
# version = "2.6.0"
# namespace = kubernetes_namespace.kyverno_dev.metadata[0].name
# provider = helm.dev-airflow-cluster
# values = [
# templatefile(
# "${path.module}/src/helm/kyverno/values.yml.tftpl", {}
# )
# ]
# }
/*
resource "helm_release" "kube2iam_dev" {
name = "kube2iam"
Expand Down Expand Up @@ -85,26 +72,6 @@ resource "kubernetes_manifest" "kyverno_policy_run_as_non_root_user" {
}
*/

# resource "kubectl_manifest" "kyverno_policy_disallow_escalation_dev" {
# provider = kubectl.dev-airflow-cluster
# yaml_body = file("${path.module}/files/kyverno_policies/kyv.privilege_escalation.yaml")

# depends_on = [helm_release.kyverno_dev]
# }

# resource "kubectl_manifest" "kyverno_policy_run_as_non_root_dev" {
# provider = kubectl.dev-airflow-cluster
# yaml_body = file("${path.module}/files/kyverno_policies/kyv.run_as_non_root.yaml")

# depends_on = [helm_release.kyverno_dev]
# }

# resource "kubectl_manifest" "kyverno_policy_run_as_non_root_user_dev" {
# provider = kubectl.dev-airflow-cluster
# yaml_body = file("${path.module}/files/kyverno_policies/kyv.run_as_non_root_user.yaml")

# depends_on = [helm_release.kyverno_dev]
# }

resource "kubectl_manifest" "kyverno_policy_disallow_escalation_prod" {
provider = kubectl.prod-airflow-cluster
Expand Down
10 changes: 0 additions & 10 deletions terraform/aws/analytical-platform-data-production/airflow/iam-openid-connect-providers.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,3 @@ resource "aws_iam_openid_connect_provider" "analytical_platform_development" {
thumbprint_list = [data.tls_certificate.analytical_platform_development_eks_oidc_issuer.certificates[0].sha1_fingerprint]
}

# resource "aws_iam_openid_connect_provider" "airflow_dev" {
# url = aws_eks_cluster.airflow_dev_eks_cluster.identity[0].oidc[0].issuer
# client_id_list = ["sts.amazonaws.com"]
# thumbprint_list = [data.tls_certificate.airflow_dev_eks_cluster.certificates[0].sha1_fingerprint]
# }

# import {
# to = aws_iam_openid_connect_provider.airflow_dev
# id = "arn:aws:iam::593291632749:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/59429428EBABBB9F911A173D7B8E8179"
# }
23 changes: 0 additions & 23 deletions terraform/aws/analytical-platform-data-production/airflow/iam-roles.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,29 +86,6 @@ resource "aws_iam_role" "airflow_dev_eks_role" {
]
}

#### Airflow Dev IRSA
# module "airflow_dev_monitoring_iam_role" {
# #checkov:skip=CKV_TF_1:Module registry does not support commit hashes for versions

# source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
# version = "5.52.1"

# create_role = true

# role_name = "airflow-monitoring-dev"

# role_policy_arns = {
# policy = module.airflow_dev_monitoring_iam_policy.arn
# }

# oidc_providers = {
# one = {
# provider_arn = resource.aws_iam_openid_connect_provider.airflow_dev.arn
# namespace_service_accounts = ["airflow:airflow"]
# }
# }
# }

####################################################################################
######################### AIRFLOW PRODUCTION INFRASTRUCTURE ########################
####################################################################################
Expand Down
54 changes: 0 additions & 54 deletions terraform/aws/analytical-platform-data-production/airflow/kubernetes-namespaces.tf
View file
Original file line number Diff line number Diff line change
@@ -1,57 +1,3 @@
# resource "kubernetes_namespace" "dev_kube2iam" {
# provider = kubernetes.dev-airflow-cluster
# metadata {
# annotations = {
# "iam.amazonaws.com/allowed-roles" = jsonencode(["*"])
# }
# labels = {
# "app.kubernetes.io/managed-by" = "terraform"
# }
# name = "kube2iam-system"
# }
# timeouts {}
# }

# resource "kubernetes_namespace" "dev_airflow" {
# provider = kubernetes.dev-airflow-cluster
# metadata {

# name = "airflow"
# annotations = {
# "iam.amazonaws.com/allowed-roles" = jsonencode(["airflow_dev*"])
# }
# labels = {
# "app.kubernetes.io/managed-by" = "Terraform"
# }
# }
# timeouts {}
# }

# resource "kubernetes_namespace" "kyverno_dev" {
# provider = kubernetes.dev-airflow-cluster
# metadata {
# name = "kyverno"
# labels = {
# "app.kubernetes.io/managed-by" = "Terraform"
# }
# }
# timeouts {}
# }

# resource "kubernetes_namespace" "cluster_autoscaler_system" {
# provider = kubernetes.dev-airflow-cluster
# metadata {
# name = "cluster-autoscaler-system"
# annotations = {
# "iam.amazonaws.com/allowed-roles" = jsonencode(["airflow-dev-cluster-autoscaler-role"])
# }
# labels = {
# "app.kubernetes.io/managed-by" = "Terraform"
# }
# }
# timeouts {}
# }

moved {
from = kubernetes_namespace.cluster-autoscaler-system
to = kubernetes_namespace.cluster_autoscaler_system
Expand Down

0 comments on commit a254b6f

Please sign in to comment.