-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Staging EKS Infra 1.29 upgrade #3031
base: master
Are you sure you want to change the base?
Conversation
WalkthroughThe pull request introduces a comprehensive Terraform configuration for an AWS-based infrastructure, specifically designed for a Kubernetes cluster. Key changes include the addition of modules for networking, database provisioning, IAM management, and EKS setup. New output declarations enhance visibility of critical infrastructure components, while the use of variables improves configurability. Minor formatting changes and updates to resource attributes ensure clarity and maintainability across the configuration files. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant Terraform
participant AWS
participant Kubernetes
User->>Terraform: Apply configuration
Terraform->>AWS: Create VPC and subnets
Terraform->>AWS: Provision EKS cluster
Terraform->>AWS: Setup IAM roles and policies
Terraform->>AWS: Provision PostgreSQL database
Terraform->>Kubernetes: Configure kubectl access
Terraform->>AWS: Deploy EKS add-ons
AWS-->>User: Infrastructure ready
Poem
Tip Announcements
Recent review detailsConfiguration used: CodeRabbit UI Files ignored due to path filters (1)
Files selected for processing (12)
Files skipped from review due to trivial changes (3)
Additional comments not posted (40)
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Outside diff range, codebase verification and nitpick comments (2)
infra-as-code/terraform/egov-staging/main.tf (2)
17-32
: Consider using Terraform variables or a secrets management solution to pass sensitive information.The usage of the
db
module to create a PostgreSQL database looks good and the required variables are being passed correctly.However, the database username and password are being passed directly, which is not a secure practice. Consider using Terraform variables or a secrets management solution like AWS Secrets Manager to pass sensitive information.
48-53
: Consider removing the commented outload_config_file
argument if it's not needed.The Kubernetes provider configuration looks good and is using the cluster endpoint, certificate, and token from the respective data sources.
However, the
load_config_file
argument is commented out. If the provider doesn't need to load the kubeconfig file, consider removing the commented out line to keep the configuration clean.
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (1)
infra-as-code/terraform/staging/remote-state/terraform.tfstate.backup
is excluded by!**/*.tfstate.backup
Files selected for processing (12)
- infra-as-code/terraform/egov-staging/main.tf (1 hunks)
- infra-as-code/terraform/egov-staging/outputs.tf (1 hunks)
- infra-as-code/terraform/egov-staging/providers.tf (1 hunks)
- infra-as-code/terraform/egov-staging/remote-state/main.tf (1 hunks)
- infra-as-code/terraform/egov-staging/remote-state/variables.tf (1 hunks)
- infra-as-code/terraform/egov-staging/variables.tf (1 hunks)
- infra-as-code/terraform/modules/db/aws/main.tf (2 hunks)
- infra-as-code/terraform/modules/db/aws/outputs.tf (1 hunks)
- infra-as-code/terraform/modules/db/aws/variables.tf (1 hunks)
- infra-as-code/terraform/modules/kubernetes/aws/eks-cluster/main.tf (1 hunks)
- infra-as-code/terraform/modules/kubernetes/aws/network/main.tf (10 hunks)
- infra-as-code/terraform/modules/kubernetes/oci/network/main.tf (10 hunks)
Files skipped from review due to trivial changes (3)
- infra-as-code/terraform/egov-staging/providers.tf
- infra-as-code/terraform/egov-staging/remote-state/variables.tf
- infra-as-code/terraform/modules/kubernetes/aws/eks-cluster/main.tf
Additional comments not posted (40)
infra-as-code/terraform/modules/db/aws/variables.tf (1)
12-12
: LGTM!The new
db_subnet_group
variable is a great addition for configuring the subnet group of the database. It enhances the flexibility and security of the database deployment.infra-as-code/terraform/egov-staging/remote-state/main.tf (3)
6-6
: LGTM!Using a variable for the S3 bucket name is a great improvement. It makes the configuration more flexible and reusable.
13-18
: LGTM!The new
aws_s3_bucket_versioning
resource is a great addition for enabling versioning on the S3 bucket. This is crucial for maintaining the history of objects stored in the bucket.
22-22
: LGTM!Using the same variable for the DynamoDB table name is a good change. It aligns the table name with the S3 bucket name and makes the configuration more consistent.
infra-as-code/terraform/modules/db/aws/outputs.tf (4)
5-7
: LGTM!The new
db_instance_endpoint
output is a useful addition for exposing the database endpoint. This will make it easier to access the database from other resources.
9-12
: LGTM!The new
db_instance_name
output is a useful addition for exposing the database name. This will make it easier to reference the database from other resources.
14-18
: LGTM!The new
db_instance_username
output is a useful addition for exposing the database master username. Marking the output as sensitive is crucial for security, as the username should not be exposed publicly.
20-23
: LGTM!The new
db_instance_port
output is a useful addition for exposing the database port. This will make it easier to connect to the database.infra-as-code/terraform/modules/db/aws/main.tf (2)
6-9
: LGTM!The change from
map
totomap
enhances clarity and aligns with best practices for defining key-value pairs in Terraform configurations.
24-24
: Verify the impact of the change indb_subnet_group_name
.The changes look good overall:
- The change from
map
totomap
enhances clarity and aligns with best practices for defining key-value pairs in Terraform configurations.- The new attributes
auto_minor_version_upgrade
,allow_major_version_upgrade
,skip_final_snapshot
, andapply_immediately
provide additional control over the behavior of the database instance, particularly regarding version upgrades and snapshot management.However, the change in
db_subnet_group_name
from${aws_db_subnet_group.db_subnet_group.name}
to${var.db_subnet_group}
indicates a shift in how the subnet group is identified.Ensure that this change is thoroughly tested to confirm that it behaves as expected. Run the following script to verify the subnet group usage:
Also applies to: 26-29, 32-35
infra-as-code/terraform/egov-staging/outputs.tf (1)
1-58
: LGTM!The new
outputs.tf
file looks good. The declared outputs provide visibility into critical infrastructure components provisioned by the Terraform configuration, such as:
- VPC and subnet IDs
- EKS cluster endpoint and kubectl config
- Volume IDs for Elasticsearch, Zookeeper, and Kafka
- RDS instance details
This enhances the usability and maintainability of the Terraform configuration.
infra-as-code/terraform/egov-staging/variables.tf (1)
1-90
: LGTM!The new
variables.tf
file looks good. The declared input variables improve the configurability of the Terraform configuration by allowing customization of key parameters, such as:
- Cluster name and Kubernetes version
- VPC CIDR block and availability zones
- Worker node instance types and count
- Database name, username, and password
- SSH key details
This enhances the flexibility and reusability of the Terraform configuration across different environments.
infra-as-code/terraform/modules/kubernetes/oci/network/main.tf (12)
13-15
: LGTM!The change from
map
totomap
for definingfreeform_tags
is approved. It enhances clarity and consistency of the tag definition.
30-33
: LGTM!The change from
map
totomap
for definingfreeform_tags
is approved. It enhances clarity and consistency of the tag definition.
20-20
: LGTM, but verify the CIDR block calculation.The change to the
cidrsubnet
function parameters is approved.However, ensure that the CIDR block calculation is thoroughly tested to confirm that it behaves as expected.
49-52
: LGTM!The change from
map
totomap
for definingfreeform_tags
is approved. It enhances clarity and consistency of the tag definition.
39-39
: LGTM, but verify the CIDR block calculation.The change to the
cidrsubnet
function parameters is approved.However, ensure that the CIDR block calculation is thoroughly tested to confirm that it behaves as expected.
62-64
: LGTM!The change from
map
totomap
for definingfreeform_tags
is approved. It enhances clarity and consistency of the tag definition.
77-79
: LGTM!The change from
map
totomap
for definingfreeform_tags
is approved. It enhances clarity and consistency of the tag definition.
94-96
: LGTM!The change from
map
totomap
for definingfreeform_tags
is approved. It enhances clarity and consistency of the tag definition.
112-114
: LGTM!The change from
map
totomap
for definingfreeform_tags
is approved. It enhances clarity and consistency of the tag definition.
128-130
: LGTM!The change from
map
totomap
for definingfreeform_tags
is approved. It enhances clarity and consistency of the tag definition.
182-184
: LGTM!The change from
map
totomap
for definingfreeform_tags
is approved. It enhances clarity and consistency of the tag definition.
208-210
: LGTM!The change from
map
totomap
for definingfreeform_tags
is approved. It enhances clarity and consistency of the tag definition.infra-as-code/terraform/modules/kubernetes/aws/network/main.tf (8)
14-17
: LGTM!The change from
map
totomap
for defining tags is a good practice and enhances clarity.
28-34
: LGTM!The change from
map
totomap
for defining tags is a good practice and enhances clarity.
45-51
: LGTM!The change from
map
totomap
for defining tags is a good practice and enhances clarity.
58-62
: LGTM!The change from
map
totomap
for defining tags is a good practice and enhances clarity.
74-78
: LGTM!The change from
map
totomap
for defining tags is a good practice and enhances clarity.
93-97
: LGTM!The change from
map
totomap
for defining tags is a good practice and enhances clarity.
108-112
: LGTM!The change from
map
totomap
for defining tags is a good practice and enhances clarity.
125-129
: LGTM!The change from
map
totomap
for defining tags is a good practice and enhances clarity.infra-as-code/terraform/egov-staging/main.tf (8)
1-7
: LGTM!The Terraform backend configuration using an S3 bucket looks good and follows best practices.
9-14
: LGTM!The usage of the
network
module to create networking resources looks good and the required variables are being passed correctly.
34-36
: LGTM!The usage of the
aws_eks_cluster
data source to retrieve information about the EKS cluster looks good and is using the cluster ID from theeks
module output.
38-40
: LGTM!The usage of the
aws_eks_cluster_auth
data source to retrieve authentication information for the EKS cluster looks good and is using the cluster ID from theeks
module output.
42-42
: LGTM!The usage of the
aws_caller_identity
data source to retrieve information about the AWS account being used looks good and is a common practice.
44-46
: LGTM!The usage of the
tls_certificate
data source to retrieve the TLS certificate from the EKS cluster's OIDC provider URL looks good and is using the OIDC provider URL from theaws_eks_cluster
data source output.
55-65
: LGTM!The usage of the
iam-user
module to create an IAM user for deploying to the EKS cluster looks good and the required variables are being passed correctly. Retrieving the user's public key from Keybase is a secure practice.
67-77
: LGTM!The usage of the
iam-user
module to create an IAM user with admin permissions for the EKS cluster looks good and the required variables are being passed correctly. Retrieving the user's public key from Keybase is a secure practice.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use seperate repo for terraform related changes. here we have to maintain only main files which are common for all the environments.
Summary by CodeRabbit
New Features
Bug Fixes
map
totomap
across various resources.Chores