Add common tagging of aws resources (#7)

* added tags to AWS resources where supported * update readme for common tagging * fixed conflict - variable additional_certificates * refactored tagging * added tags to new S3 object for optional certificate
Jnig · Mar 20, 2018 · 4fdfe91 · 4fdfe91
1 parent f373891
commit 4fdfe91
Show file tree

Hide file tree

Showing 10 changed files with 227 additions and 102 deletions.
diff --git a/README.md b/README.md
@@ -16,40 +16,44 @@ resource "aws_key_pair" "ssh" {
 }
 
 module "kubernetes" {
-    source = "github.com/Jnig/terraform-kubernetes-aws?ref=v0.6"
-    name = "devops-dev-cluster"
+  source = "github.com/Jnig/terraform-kubernetes-aws?ref=v0.6"
+  name = "devops-dev-cluster"
 
-    ssh_key = "${aws_key_pair.ssh.key_name}"
+  ssh_key = "${aws_key_pair.ssh.key_name}"
 
-    master_instance_type = "t2.medium"
+  master_instance_type = "t2.medium"
 
-    node_instance_type = "t2.large"
-    node_asg_min = 1
-    node_asg_max = 2
-    node_asg_desired = 2
+  node_instance_type = "t2.large"
+  node_asg_min = 1
+  node_asg_max = 2
+  node_asg_desired = 2
 
-    #aws ec2 describe-vpcs
-    vpc = "<vpc>"
+  #aws ec2 describe-vpcs
+  vpc = "<vpc>"
 
-    # aws ec2 describe-subnets --filters Name=vpc-id,Values=<vpc>
-    # tag all subnets with the name of the cluster: kubernetes.io/cluster/<name>
-    subnets = ["subnet1", "subnet2", "subnet3"]
+  # aws ec2 describe-subnets --filters Name=vpc-id,Values=<vpc>
+  # tag all subnets with the name of the cluster: kubernetes.io/cluster/<name>
+  subnets = ["subnet1", "subnet2", "subnet3"]
 
-    proxy_servers = "<proxy with port>"
-    
-    # optional add addtional certificates to the nodes
-    # useful if you have private docker repositories
-    additional_certificates = <<EOF
+  proxy_servers = "<proxy with port>"
+  
+  # optional add additional certificates to the nodes
+  # useful if you have private docker repositories
+  additional_certificates = <<EOF
 -----BEGIN CERTIFICATE-----
-.... 
+....
 -----END CERTIFICATE-----    
 EOF
-    
-    
+
+  # optional add common tags, e.g. for corporate billing
+  additional_tags = {
+    Application = ""
+    Billing_ID = ""
+    Owner = ""
+  }
 }
 ```
 
 Known limitations
 ------------
 * backups are missing
-
diff --git a/autoscaling_master.tf b/autoscaling_master.tf
@@ -24,9 +24,7 @@ resource "aws_ebs_volume" "master" {
     size = 40
     encrypted = true
     type = "gp2"
-    tags {
-        Name = "${var.name}-master"
-    }
+    tags = "${merge(var.additional_tags, map("Name", "${var.name}-master"))}"
 }
 
 resource "aws_security_group" "master" {
@@ -48,9 +46,6 @@ resource "aws_security_group" "master" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 
-
-
-
   ingress {
     from_port   = 0
     to_port     = 0
@@ -72,7 +67,10 @@ resource "aws_security_group" "master" {
     protocol        = "-1"
     cidr_blocks     = ["0.0.0.0/0"]
   }
+
+tags = "${var.additional_tags}"
 }
+
 resource "aws_launch_configuration" "master" {
   name_prefix      = "${var.name}-master-"
   image_id         = "${data.aws_ami.ubuntu.id}"
@@ -105,43 +103,28 @@ resource "aws_autoscaling_group" "master" {
 
   target_group_arns         = ["${aws_lb_target_group.master_443.arn}"]
 
-  tags = [
-    {
-      key                 = "Name"
-      value               = "${var.name}-master"
-      propagate_at_launch = true
-    },
-    {
-      key                 = "KubernetesCluster"
-      value               = "${var.name}"
-      propagate_at_launch = true
-    },
-    {
-      key                 = "k8s.io/role/master"
-      value               = 1 
-      propagate_at_launch = true
-    },
-  ]
+  tags = ["${concat(
+      list(map("key", "Name", "value", "${var.name}-master", "propagate_at_launch", true),
+        map("key", "KubernetesCluster", "value", "${var.name}", "propagate_at_launch", true),
+        map("key", "k8s.io/role/master", "value", 1, "propagate_at_launch", true),
+      ),
+      local.tags_asg_format
+   )}"]
 
   lifecycle {
     create_before_destroy = true
   }
 }
 
-
 resource "aws_lb" "master" {
   name = "${var.name}-master"
   internal        = true
   subnets         = ["${data.aws_subnet.region_1a.id}"]
   load_balancer_type = "network"
-
-  tags = {
-    Name = "${var.name}-master"
-  }
-
+
+  tags = "${merge(var.additional_tags, map("Name", "${var.name}-master"))}"
 }
 
-
 resource "aws_lb_listener" "master" {
   load_balancer_arn = "${aws_lb.master.arn}"
   port              = "443"

diff --git a/autoscaling_nodes.tf b/autoscaling_nodes.tf
@@ -18,15 +18,13 @@ data "template_file" "nodes" {
 
     load_balancer_dns = "${aws_lb.master.dns_name}"
   }
-
 }
 
-
 resource "aws_security_group" "nodes" {
   name        = "${var.name}-nodes"
   description = "${var.name}-nodes"
   vpc_id      = "${var.vpc}"
-
+  tags = "${var.additional_tags}"
 }
 
 resource "aws_security_group_rule" "nodes-self" {
@@ -101,23 +99,14 @@ resource "aws_autoscaling_group" "nodes" {
   launch_configuration      = "${aws_launch_configuration.nodes.name}"
   vpc_zone_identifier       = ["${data.aws_subnet.region_1b.id}", "${data.aws_subnet.region_1c.id}"]
 
-  tags = [
-    {
-      key                 = "Name"
-      value               = "${var.name}-node"
-      propagate_at_launch = true
-    },
-    {
-      key                 = "KubernetesCluster"
-      value               = "${var.name}"
-      propagate_at_launch = true
-    },
-    {
-      key                 = "k8s.io/role/node"
-      value               = 1 
-      propagate_at_launch = true
-    },
-  ]
+  tags = ["${concat(
+      list(map("key", "Name", "value", "${var.name}-node", "propagate_at_launch", true),
+        map("key", "KubernetesCluster", "value", "${var.name}", "propagate_at_launch", true),
+        map("key", "k8s.io/role/node", "value", 1, "propagate_at_launch", true),
+      ),
+      local.tags_asg_format
+   )}"]
+
 
   lifecycle {
     create_before_destroy = true

diff --git a/certificate.tf b/certificate.tf
@@ -5,4 +5,6 @@ resource "aws_s3_bucket_object" "certificate" {
   key                    = "scripts/installation/additional.crt"
   content                = "${var.additional_certificates}"
   server_side_encryption = "AES256"
+
+  tags = "${var.additional_tags}"
 }
diff --git a/iam.tf b/iam.tf
@@ -4,23 +4,23 @@ resource "aws_iam_role" "cluster" {
 
   assume_role_policy = <<EOF
 {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Action": "sts:AssumeRole",
-            "Principal": {
-               "Service": "ec2.amazonaws.com"
-            },
-            "Effect": "Allow",
-            "Sid": ""
-        }
-    ]
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
 }
 EOF
 }
 
 resource "aws_iam_instance_profile" "cluster" {
-  name  = "${var.name}"
+  name = "${var.name}"
   role = "${aws_iam_role.cluster.name}"
 }
 
@@ -39,11 +39,10 @@ resource "aws_iam_role_policy" "policy" {
   policy =  "${data.template_file.role_policy.rendered}"
 }
 
-
 resource "aws_iam_role_policy" "additional" {
   count = "${var.iam_policy == "" ? 0 : 1}"
   name = "additional"
   role = "${aws_iam_role.cluster.id}"
 
-  policy =  "${var.iam_policy}"
+  policy = "${var.iam_policy}"
 }
diff --git a/input.tf b/input.tf
@@ -2,11 +2,11 @@ variable "name" {}
 variable "ssh_key" {}
 
 variable "master_instance_type" {
-    default = "t2.medium"
-} 
+  default = "t2.medium"
+}
 
 variable "node_instance_type" {
-    default = "t2.large"
+  default = "t2.large"
 }
 
 variable "node_asg_min" {}
@@ -15,11 +15,11 @@ variable "node_asg_desired" {}
 variable "vpc" {}
 
 variable "proxy_servers" {
-    default = ""
+  default = ""
 }
 
 variable "subnets" {
-    default = []
+  default = []
 }
 
 variable "kubernetes_version" {
@@ -31,9 +31,13 @@ variable "kubernetes_dashboard_version" {
 }
 
 variable "iam_policy" {
-   default =   ""
+  default = ""
 }
 
 variable "additional_certificates" {
-   default =   ""
+  default = ""
+}
+
+variable "additional_tags" {
+  default = {}
 }