Merge pull request #24 from andrewlod/terraform

Fix connection to RDS
andrewlod · Apr 4, 2024 · 73f11ea · 73f11ea
2 parents 5ece228 + c51419f
commit 73f11ea
Show file tree

Hide file tree

Showing 6 changed files with 119 additions and 18 deletions.
diff --git a/.github/workflows/deploy-eks.yml b/.github/workflows/deploy-eks.yml
@@ -70,6 +70,8 @@ jobs:
     - name: Deploy to EKS
       env:
         IMAGE_NAME: "${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:latest"
+        RDS_ENDPOINT: "${{ secrets.RDS_ENDPOINT }}"
       run: |
+        cat kubernetes/aws/rds-service.yml | sed "s/\$RDS_ENDPOINT/$RDS_ENDPOINT/g" | kubectl apply -f -  && \
         cat kubernetes/aws/deployment.yml | envsubst | kubectl apply -f - && \
         kubectl apply -f kubernetes/aws/service.yml
diff --git a/kubernetes/aws/alb-ingress-controller-yml b/kubernetes/aws/alb-ingress-controller-yml
@@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/name: alb-ingress-controller
+  name: alb-ingress-controller
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: alb-ingress-controller
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: alb-ingress-controller
+    spec:
+      containers:
+      - name: alb-ingress-controller
+        args:
+        - --ingress-class=alb
+        - --cluster-name=$CLUSTER_NAME
+        - --aws-vpc-id=$VPC_ID
+        - --aws-region=$AWS_REGION
+        image: docker.io/amazon/aws-alb-ingress-controller:v1.1.6
+      serviceAccountName: alb-ingress-controller
diff --git a/kubernetes/aws/eks-cluster-role.yml b/kubernetes/aws/eks-cluster-role.yml
@@ -0,0 +1,52 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: alb-ingress-controller
+  name: alb-ingress-controller
+rules:
+  - apiGroups:
+      - ""
+      - extensions
+    resources:
+      - configmaps
+      - endpoints
+      - events
+      - ingresses
+      - ingresses/status
+      - services
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - watch
+      - patch
+  - apiGroups:
+      - ""
+      - extensions
+    resources:
+      - nodes
+      - pods
+      - secrets
+      - services
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: alb-ingress-controller
+  name: alb-ingress-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: alb-ingress-controller
+subjects:
+  - kind: ServiceAccount
+    name: alb-ingress-controller
+    namespace: kube-system
diff --git a/kubernetes/aws/ingress.yml b/kubernetes/aws/ingress.yml
@@ -1,21 +1,17 @@
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  labels:
-    app.kubernetes.io/component: controller
-  name: nginx
-  annotations:
-    ingressclass.kubernetes.io/is-default-class: "true"
-spec:
-  controller: k8s.io/ingress-nginx
----
-apiVersion: networking.k8s.io/v1
+apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    kubernetes.io/ingress.class: alb
   name: authentication-api-ingress
+  labels:
+    app: authentication-api-ingress
 spec:
-  defaultBackend:
-    service:
-      name: authentication-api-service
-      port:
-        number: 80
+  rules:
+  - http:
+      paths:
+      - backend:
+          serviceName: authentication-api-service
+          servicePort: 80
+        path: /*
diff --git a/kubernetes/aws/rds-service.yml b/kubernetes/aws/rds-service.yml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: rds-service
+  name: rds-service
+spec:
+  externalName: $RDS_ENDPOINT
+  selector:
+    app: rds-service
+  type: ExternalName
+status:
+  loadBalancer: {}
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -249,7 +249,8 @@ resource "aws_db_subnet_group" "authentication_db_sng" {
 
 resource "aws_db_instance" "authentication_db" {
   allocated_storage    = var.db_storage
-  db_name              = "${var.db_name}${var.infra_env}"
+  identifier           = "${var.db_name}-${var.infra_env}"
+  db_name              = var.db_schema_name
   engine               = "postgres"
   engine_version       = "16.2"
   instance_class       = var.db_instance_type
@@ -378,4 +379,16 @@ resource "aws_eks_fargate_profile" "auth_cluster_fargate_profile" {
   selector {
     namespace = "default"
   }
+
+  selector {
+    namespace = "kube-system"
+  }
+
+  selector {
+    namespace = "kube-public"
+  }
+
+  selector {
+    namespace = "kube-node-lease"
+  }
 }