trackit · clementbolin · Sep 13, 2024 · Sep 13, 2024 · Sep 14, 2024 · Sep 14, 2024
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 .terraform
+.DS_Store
diff --git a/argocd.tf b/argocd.tf
@@ -0,0 +1,39 @@
+module "argocd" {
+  source = "./modules/argocd"
+
+  env        = "staging"
+  aws_region = var.aws_region
+
+  cluster = {
+    name              = module.eks.cluster_name
+    endpoint          = module.eks.cluster_endpoint
+    version           = module.eks.cluster_version
+    oidc_provider_arn = module.eks.oidc.provider_arn
+  }
+
+  argocd = {
+    name          = "argocd"
+    namespace     = "argocd"
+    chart_version = "5.29.1"
+
+    hostname = "argocd-${module.eks.cluster_name}-cluster-${var.tags.env}.stg.anidn.fr"
+
+    gitlab_app_id              = "id"
+    gitlab_app_installation_id = "id"
+    gitlab_app_private_key     = "key"
+
+    rbac_policy_default = "role:readonly"
+    rbac_policy_csv     = <<-EOF
+g, innov-ft:infra, role:admin
+EOF
+
+    bootstrap_url  = "https://gitlab.com/VizMediaEurope/adn-eks-apps.git"
+    bootstrap_path = "staging/services/*"
+  }
+
+  argocd_ingress_scheme = "internet-facing"
+
+  depends_on = [
+    module.std_addons,
+  ]
+}
diff --git a/auth.tf b/auth.tf
@@ -0,0 +1,8 @@
+module "auth" {
+  source = "./modules/auth"
+
+  manage_aws_auth_configmap = var.auth.manage_aws_auth_configmap
+  aws_auth_accounts         = var.auth.aws_auth_accounts
+  aws_auth_users            = var.auth.aws_auth_users
+  aws_auth_roles            = var.auth.aws_auth_roles
+}
diff --git a/datasources.tf b/datasources.tf
@@ -0,0 +1,8 @@
+data "aws_vpc" "vpc" {
+  id = var.network.vpc_id
+}
+
+data "aws_subnet" "selected" {
+  count = length(var.network.subnet_ids)
+  id    = element(var.network.subnet_ids, count.index)
+}
diff --git a/eks-addons.tf b/eks-addons.tf
@@ -0,0 +1,48 @@
+module "std_addons" {
+  source = "./modules/std_addons"
+
+  env        = var.env
+  aws_region = var.aws_region
+  service    = var.service
+  tags       = var.tags
+
+  cluster_endpoint  = module.eks.cluster_endpoint
+  cluster_version   = module.eks.cluster_version
+  oidc_provider_arn = module.eks.oidc_provider_arn
+
+  cluster_name = module.eks.cluster_name
+
+  enable_ebs_csi = var.enable_ebs_csi
+  ebs_csi = merge(
+    {
+      iam_role_arn = module.irsa.ebs_csi_iam_role_arn
+    }, var.ebs_csi,
+  )
+
+  # We want to wait for Karpenter and coredns to be deployed first
+  create_delay_dependencies = compact(concat(
+    [module.karpenter.delay_dependency],
+    try([module.eks.cluster_addons["coredns"]["name"]], []),
+    [module.observability.prometheus_crds_dependency],
+  ))
+
+  enable_external_dns = var.enable_external_dns
+  external_dns = merge(
+    var.external_dns,
+    # Avoid DNS record creation for nginx-ingress as it does not expose external IP address
+    can(var.ingress_nginx_alb.target_group_arn) ? {
+      extra_args = concat(["--ingress-class=alb"], try(var.external_dns.extra_args, []))
+    } : {}
+  )
+  hosted_zones = concat(
+    module.private_zone.zone,
+    [for v in data.aws_route53_zone.argocd : { name = v.name, zone_id = v.zone_id, arn = v.arn }],
+    [for v in data.aws_route53_zone.additional : { name = v.name, zone_id = v.zone_id, arn = v.arn }],
+  )
+
+  enable_external_secrets = var.enable_external_secrets
+  external_secrets        = var.external_secrets
+
+  enable_aws_load_balancer_controller = var.enable_aws_load_balancer_controller
+  aws_load_balancer_controller        = var.aws_load_balancer_controller
+}