Skip to content

Commit

Permalink
Merge branch 'release/2.1.0'
Browse files Browse the repository at this point in the history
  • Loading branch information
@npalm
npalm committed Apr 8, 2020
2 parents a271c10 + 381ad64 commit 84c74ed
Show file tree
Hide file tree
Showing 7 changed files with 83 additions and 10 deletions.
13 changes: 8 additions & 5 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,13 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).

## [Unreleased]
### Migration to Terraform 0.12
Module is migrated to terraform 0.12, a few changes where applied. The example `vpc-public-private` is backwards compatible. The output type is changed for a few outputs.
- input: `availability_zones` - replaced by a list over write the default which create in each zone a subnet.
- output: `public_subnets` and `private_subnets` - redundant wrapper list removed. Output is a flat list.

- Changed variable `enable_create_defaults` default from `true` to `false`.

## [2.1.0] - 08-04-2020
- Added: Adding subnets taggings capability when creating a VPC (#14)
- Changed: Default vor `enable_create_defaults` from `true` to `false`.

## [2.0.0] - 03-09-2019
- Upgrade to terraform 0.12, Migration directions:
- Ensure you are on vpc 1.5.0.
Expand Down Expand Up @@ -56,7 +58,8 @@ Module is migrated to terraform 0.12, a few changes where applied. The example `
- Fix region defaults
- Initial release, based on https://040code.github.io/2017/09/19/talk-immutable-infrastructure/

[Unreleased]: https://github.com/philips-software/terraform-aws-vpc/compare/2.0.0...HEAD
[Unreleased]: https://github.com/philips-software/terraform-aws-vpc/compare/2.1.0...HEAD
[2.1.0]: https://github.com/philips-software/terraform-aws-vpc/compare/2.0.0...2.1.0
[2.0.0]: https://github.com/philips-software/terraform-aws-vpc/compare/1.5.0...2.0.0
[1.5.0]: https://github.com/philips-software/terraform-aws-vpc/compare/1.4.0...1.5.0
[1.4.0]: https://github.com/philips-software/terraform-aws-vpc/compare/1.3.0...1.4.0
Expand Down
1 change: 1 addition & 0 deletions CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* @philips-software/terraform-modules-maintainers
41 changes: 40 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ module "vpc" {
}
}
```

## Inputs

| Name | Description | Type | Default | Required |
Expand All @@ -44,10 +45,12 @@ module "vpc" {
| create\_private\_hosted\_zone | Indicate to create a private hosted zone. | bool | `"true"` | no |
| create\_private\_subnets | Indicates to create private subnets. | bool | `"true"` | no |
| create\_s3\_vpc\_endpoint | Whether to create a VPC Endpoint for S3, so the S3 buckets can be used from within the VPC without using the NAT gateway. | bool | `"true"` | no |
| enable\_create\_defaults | Disable managing the default resources. | bool | `"true"` | no |
| enable\_create\_defaults | Add tags to the default resources. | bool | `"false"` | no |
| environment | Environment name, will be added for resource tagging. | string | n/a | yes |
| private\_subnet\_tags | Map of tags to apply on the private subnets | map(string) | `<map>` | no |
| project | Project name, will be added for resource tagging. | string | `""` | no |
| public\_subnet\_map\_public\_ip\_on\_launch | Enable public ip creaton by default on EC2 instance launch. | bool | `"false"` | no |
| public\_subnet\_tags | Map of tags to apply on the public subnets | map(string) | `<map>` | no |
| tags | Map of tags to apply on the resources | map(string) | `<map>` | no |

## Outputs
Expand All @@ -64,6 +67,41 @@ module "vpc" {
| public\_subnets\_route\_table | |
| vpc\_cidr | VPC CDIR. |
| vpc\_id | ID of the VPC. |

# VPC for Amazon EKS

Amazon EKS (Elastic Kubernetes Service) requires that both VPCs and Subnets (public and private) are tagged specifically with certain values according to the [aws-eks-docs].

Therefore, if the VPC created using this module is targeted for EKS, tag it with

```terraform
tags = {
"kubernetes.io/cluster/<cluster-name>" = "my-new-tag"
}
```

## Subnets Tags

As stated above, tagging the subnets is also mandatory for EKS Clusters. The tags for public and private subnets are as follows, respectively:

### Public Subnet Tags

```terraform
public_subnet_tags = {
"kubernetes.io/cluster/<cluster_name>" = "shared"
"kubernetes.io/role/elb" = "1"
}
```

### Private Subnet Tags

```terraform
private_subnet_tags = {
"kubernetes.io/cluster/<cluster_name>" = "shared"
"kubernetes.io/role/internal-elb" = "1"
}
```

## Automated checks
Currently the automated checks are limited. In CI the following checks are done for the root and each example.
- lint: `terraform validate` and `terraform fmt`
Expand Down Expand Up @@ -93,3 +131,4 @@ This module is part of the Philips Forest.
Talk to the forestkeepers in the `forest`-channel on Slack.

[![Slack](https://philips-software-slackin.now.sh/badge.svg)](https://philips-software-slackin.now.sh)
[aws-eks-docs]: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html
11 changes: 11 additions & 0 deletions examples/vpc-public-private/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,15 @@ module "vpc" {
tags = {
my-tag = "my-new-tag"
}

// add tags on the subnets. Mostly useful when creating EKS clusters
public_subnet_tags = {
"kubernetes.io/cluster/<cluster_name>" = "shared"
"kubernetes.io/role/elb" = "1"
}

private_subnet_tags = {
"kubernetes.io/cluster/<cluster_name>" = "shared"
"kubernetes.io/role/internal-elb" = "1"
}
}
6 changes: 6 additions & 0 deletions examples/vpc-public/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,10 @@ module "vpc" {
tags = {
my-tag = "my-new-tag"
}

// add tags on the subnets. Mostly useful when creating EKS clusters
public_subnet_tags = {
"kubernetes.io/cluster/<cluster_name>" = "shared"
"kubernetes.io/role/elb" = "1"
}
}
5 changes: 3 additions & 2 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,7 @@ resource "aws_vpc" "vpc" {
cidr_block = cidrsubnet(var.cidr_block, 0, 0)
enable_dns_support = true
enable_dns_hostnames = true

tags = local.tags
tags = local.tags
}

resource "aws_default_network_acl" "default" {
Expand Down Expand Up @@ -129,6 +128,7 @@ resource "aws_subnet" "public_subnet" {
"Tier" = "public"
},
local.tags_without_name,
var.public_subnet_tags
)
}

Expand Down Expand Up @@ -178,6 +178,7 @@ resource "aws_subnet" "private_subnet" {
"Tier" = "private"
},
local.tags_without_name,
var.private_subnet_tags
)
}

Expand Down
16 changes: 14 additions & 2 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,20 @@ variable "tags" {
default = {}
}

variable "public_subnet_tags" {
description = "Map of tags to apply on the public subnets"
type = map(string)
default = {}
}

variable "private_subnet_tags" {
description = "Map of tags to apply on the private subnets"
type = map(string)
default = {}
}

variable "enable_create_defaults" {
description = "Disable managing the default resources."
description = "Replaces AWS default network ACL, security group and routing table with module resources"
type = bool
default = true
default = false
}

0 comments on commit 84c74ed

Please sign in to comment.