Adding terraform module

Signed-off-by: garland <[email protected]>
ManagedKube · Jun 22, 2019 · 614e04a · 614e04a
1 parent 71fa4e9
commit 614e04a
Show file tree

Hide file tree

Showing 4 changed files with 291 additions and 0 deletions.
diff --git a/docs/README.md b/docs/README.md
@@ -0,0 +1,89 @@
+kubernetes-ops
+==================
+
+# Setup your IP CIDR
+This document contains how your IP CIDRs are going to be laided out for your
+entire infrastructure.  Care should be taken to review this and to make sure
+this fits your needs.  
+
+While getting started quick you can just go with any IP CIDR scheme just to test
+it out but if you were to roll out a real world setup where people will consume
+this infrastructure, not thinking this out a little bit might make it difficult
+to do certain things later.  It is unfortunate that this has to come so early in
+the process.  The IP CIDR is pretty much at the bottom of the stack which means
+it touches everything.  Making changes to this later will probably be very difficult
+and require some kind of large scale migration or cut over.
+
+We suggest you take the `cidr-ranges.md` file as a good place to start.
+
+# VPC Creation
+
+Directory: <repo root>/tf-environment
+
+## Easy route
+
+Change directory to: 'dev-example'
+
+Run:
+```
+terragrunt init
+terragrunt plan
+terragrunt apply
+```
+
+This will create the VPC.
+
+## Custom production route
+
+Copy the directory `dev-example` to a name of the environment you want to create.
+If this is the first environment, `dev` is a good name.
+
+### Update parameters
+Now we have to update some parameter values in the files that we just copied in
+the `dev` directory.
+
+#### `_env_defaults/main.tf`
+Update the parameter
+- `environment_name` to `dev`
+- `vpc_cidr` to the CIDR you chose
+- `aws_availability_zone_1` and the availability zones if this needs to be updated
+
+#### `terraform.tfvars`
+This specifies where to store the Terraform remote state store.
+- `bucket` - this has to be globally unique to S3.  Easiest way is to change the number to some other arbitrary number
+- `key` - change `dev-example` to `dev` or whatever you named this environment to
+
+#### `aws/vpc/main.tf`
+Update the parameters:
+- `public_cidrs` to the CIDR range you choose
+- `private_cidrs` to the CIDR range you choose
+
+## Launch
+
+Run:
+```
+terragrunt init
+terragrunt plan
+terragrunt apply
+```
+
+## Post launch
+The Terraform output would have given you a VPC ID
+
+```
+...
+...
+module.main.aws_route.private[0]: Creation complete after 1s (ID: r-rtb-015ee00a4ceb2c77b1080289494)
+module.main.aws_route.private[2]: Creation complete after 1s (ID: r-rtb-0f342ec1f38c7dd7f1080289494)
+module.main.aws_route.private[1]: Creation complete after 1s (ID: r-rtb-089e933a218c235121080289494)
+
+Apply complete! Resources: 29 added, 0 changed, 0 destroyed.
+
+Outputs:
+
+aws_vpc_id = vpc-01262c04bc41f2f1f
+```
+
+Copy this VPC id and put it into the `_env_defaults/main.tf` file in the `vpc_id` parameter
+
+This ID will be used by other Terraform modules/items that are launched into this VPC.
diff --git a/tf-modules/aws/vpc/main.tf b/tf-modules/aws/vpc/main.tf
@@ -0,0 +1,157 @@
+terraform {
+  backend "s3" {}
+}
+
+provider "aws" {
+  region = "${var.region}"
+}
+
+# VPC
+resource "aws_vpc" "main" {
+  cidr_block           = "${var.vpc_cidr}"
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+  tags                 = "${var.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# Gateway
+resource "aws_internet_gateway" "main" {
+  vpc_id = "${aws_vpc.main.id}"
+  tags   = "${var.tags}"
+}
+
+resource "aws_nat_gateway" "main" {
+  count         = "${length(var.availability_zones)}"
+  allocation_id = "${element(aws_eip.nat.*.id, count.index)}"
+  subnet_id     = "${element(aws_subnet.public.*.id, count.index)}"
+  depends_on    = ["aws_internet_gateway.main"]
+  tags          = "${var.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_eip" "nat" {
+  count = "${length(var.availability_zones)}"
+  vpc   = true
+  tags  = "${var.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# Subnets
+resource "aws_subnet" "public" {
+  count                   = "${length(var.availability_zones)}"
+  vpc_id                  = "${aws_vpc.main.id}"
+  cidr_block              = "${element(var.public_cidrs, count.index)}"
+  availability_zone       = "${element(var.availability_zones, count.index)}"
+  map_public_ip_on_launch = true
+
+  tags = "${var.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_subnet" "private" {
+  count             = "${length(var.availability_zones)}"
+  vpc_id            = "${aws_vpc.main.id}"
+  cidr_block        = "${element(var.private_cidrs, count.index)}"
+  availability_zone = "${element(var.availability_zones, count.index)}"
+
+  tags = "${var.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# Route tables
+
+// Public
+resource "aws_route_table" "public" {
+  vpc_id = "${aws_vpc.main.id}"
+
+  tags = "${var.tags}"
+}
+
+resource "aws_route" "public" {
+  route_table_id         = "${aws_route_table.public.id}"
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = "${aws_internet_gateway.main.id}"
+}
+
+resource "aws_route_table" "private" {
+  count  = "${length(var.availability_zones)}"
+  vpc_id = "${aws_vpc.main.id}"
+
+  tags = "${var.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route" "private" {
+  count                  = "${length(var.availability_zones)}"
+  route_table_id         = "${element(aws_route_table.private.*.id, count.index)}"
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = "${element(aws_nat_gateway.main.*.id, count.index)}"
+}
+
+/**
+ * Route associations
+ */
+
+resource "aws_route_table_association" "private" {
+  count          = "${length(var.availability_zones)}"
+  subnet_id      = "${element(aws_subnet.private.*.id, count.index)}"
+  route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route_table_association" "public" {
+  count          = "${length(var.availability_zones)}"
+  subnet_id      = "${element(aws_subnet.public.*.id, count.index)}"
+  route_table_id = "${aws_route_table.public.id}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+/**
+ * Default security group
+ * This gives terraform access to the default security group.
+ * See https://www.terraform.io/docs/providers/aws/r/default_security_group.html
+ */
+
+resource "aws_default_security_group" "default" {
+  vpc_id = "${aws_vpc.main.id}"
+  tags   = "${var.tags}"
+
+  ingress {
+    protocol  = -1
+    self      = true
+    from_port = 0
+    to_port   = 0
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/tf-modules/aws/vpc/outputs.tf b/tf-modules/aws/vpc/outputs.tf
@@ -0,0 +1,3 @@
+output "aws_vpc_id" {
+  value = "${aws_vpc.main.id}"
+}
diff --git a/tf-modules/aws/vpc/vars.tf b/tf-modules/aws/vpc/vars.tf
@@ -0,0 +1,42 @@
+# Required
+
+variable "tags" {
+  type = "map"
+
+  default = {
+    Name            = "dev",
+    Environment     = "env",
+    Account         = "dev",
+    Group           = "devops",
+    Region          = "us-east-1",
+    managed_by      = "Terraform"
+  }
+}
+
+variable "region" {
+  description = "AWS region (i.e. us-east-1)"
+}
+
+variable "vpc_cidr" {
+  description = "VPC cidr block"
+}
+
+variable "availability_zones" {
+  description = "AZs for subnets i.e. [us-east-1a, us-east-1b]"
+  type        = "list"
+}
+
+variable "public_cidrs" {
+  description = "CIDR block for public subnets (should be the same amount as AZs)"
+  type        = "list"
+}
+
+variable "private_cidrs" {
+  description = "CIDR block for private subnets (should be the same amount as AZs)"
+  type        = "list"
+}
+
+variable "optional_vpc_tags" {
+  default = {}
+  type    = "map"
+}