diff --git a/terraform-environments/aws/dev/helm/istio-networking/gateway.tpl.yaml b/terraform-environments/aws/dev/helm/istio-networking/gateway.tpl.yaml new file mode 100644 index 000000000..5faf9b43a --- /dev/null +++ b/terraform-environments/aws/dev/helm/istio-networking/gateway.tpl.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: monitoring + namespace: monitoring +spec: + selector: + # use Istio default gateway implementation + app: istio-ingressgateway + istio: ingressgateway + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "*" + - port: + number: 443 + name: https + protocol: HTTPS + tls: + mode: SIMPLE + credentialName: domain-wildcard # This should match the Certificate secretName + hosts: + - "*" # This should match a DNS name in the Certificate diff --git a/terraform-environments/aws/dev/helm/istio-networking/main.tf b/terraform-environments/aws/dev/helm/istio-networking/main.tf new file mode 100644 index 000000000..c94f63dd4 --- /dev/null +++ b/terraform-environments/aws/dev/helm/istio-networking/main.tf @@ -0,0 +1,87 @@ +locals { + aws_region = "us-east-1" + environment_name = "dev" + tags = { + ops_env = "${local.environment_name}" + ops_managed_by = "terraform", + ops_source_repo = "kubernetes-ops", + ops_source_repo_path = "terraform-environments/aws/${local.environment_name}/helm/kube-prometheus-stack", + ops_owners = "devops", + } +} + + +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3.37.0" + } + random = { + source = "hashicorp/random" + } + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } + } + + backend "remote" { + organization = "managedkube" + + workspaces { + name = "kubernetes-ops-dev-helm-istio-networking" + } + } +} + +provider "aws" { + region = local.aws_region +} + +data "terraform_remote_state" "eks" { + backend = "remote" + config = { + organization = "managedkube" + workspaces = { + name = "kubernetes-ops-${local.environment_name}-20-eks" + } + } +} + +data "aws_eks_cluster_auth" "main" { + name = local.environment_name +} + +provider "kubectl" { + host = data.terraform_remote_state.eks.outputs.cluster_endpoint + cluster_ca_certificate = base64decode(data.terraform_remote_state.eks.outputs.cluster_certificate_authority_data) + token = data.aws_eks_cluster_auth.main.token + load_config_file = false +} + +# file templating +data "template_file" "gateway_yaml" { + template = file("${path.module}/gateway.tpl.yaml") + + # vars = { + # fullnameOverride = local.fullnameOverride + # } +} + +resource "kubectl_manifest" "gateway" { + yaml_body = data.template_file.gateway_yaml.rendered +} + +# file templating +data "template_file" "virtualservice_yaml" { + template = file("${path.module}/virtualservice.tpl.yaml") + + # vars = { + # fullnameOverride = local.fullnameOverride + # } +} + +resource "kubectl_manifest" "virtualservice" { + yaml_body = data.template_file.virtualservice_yaml.rendered +} diff --git a/terraform-environments/aws/dev/helm/istio-networking/virtualservice.tpl.yaml b/terraform-environments/aws/dev/helm/istio-networking/virtualservice.tpl.yaml new file mode 100644 index 000000000..4fbb56575 --- /dev/null +++ b/terraform-environments/aws/dev/helm/istio-networking/virtualservice.tpl.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: monitoring + namespace: monitoring +spec: + hosts: + - "grafana-istio.dev.k8s.managedkube.com" + gateways: + - monitoring + http: + - match: + - uri: + prefix: / + route: + - destination: + port: + number: 80 + host: kube-prometheus-stack-grafana