Merge pull request #61 from kbst/tf012

Upgrade to Terraform 0.12
kbst · Jun 16, 2019 · ed2462d · ed2462d
2 parents 1935aee + 57e3f1d
commit ed2462d
Show file tree

Hide file tree

Showing 90 changed files with 672 additions and 536 deletions.
diff --git a/aws/_modules/eks/aws_iam_authenticator.tf b/aws/_modules/eks/aws_iam_authenticator.tf
@@ -1,20 +1,22 @@
 resource "kubernetes_config_map" "current" {
-  provider = "kubernetes.eks"
+  provider = kubernetes.eks
 
   metadata {
     name      = "aws-auth"
     namespace = "kube-system"
   }
 
-  data {
+  data = {
     mapRoles = <<MAPROLES
 - rolearn: ${aws_iam_role.node.arn}
   username: system:node:{{EC2PrivateDNSName}}
   groups:
     - system:bootstrappers
     - system:nodes
 MAPROLES
+
   }
 
-  depends_on = ["aws_eks_cluster.current"]
+  depends_on = [aws_eks_cluster.current]
 }
+
diff --git a/aws/_modules/eks/cluster_services.tf b/aws/_modules/eks/cluster_services.tf
@@ -3,20 +3,20 @@ module "cluster_services" {
 
   cluster_type = "eks"
 
-  metadata_labels = "${var.metadata_labels}"
+  metadata_labels = var.metadata_labels
 
-  template_string = "${file("${path.module}/templates/kubeconfig.tpl")}"
+  template_string = file("${path.module}/templates/kubeconfig.tpl")
 
   template_vars = {
-    cluster_name       = "${aws_eks_cluster.current.name}"
-    cluster_endpoint   = "${aws_eks_cluster.current.endpoint}"
-    cluster_ca         = "${aws_eks_cluster.current.certificate_authority.0.data}"
-    caller_id_arn      = "${local.caller_id_arn}"
-    caller_id_arn_type = "${local.caller_id_arn_type}"
-
+    cluster_name       = aws_eks_cluster.current.name
+    cluster_endpoint   = aws_eks_cluster.current.endpoint
+    cluster_ca         = aws_eks_cluster.current.certificate_authority[0].data
+    caller_id_arn      = local.caller_id_arn
+    caller_id_arn_type = local.caller_id_arn_type
     # hack, because modules can't have depends_on
     # prevent a race between kubernetes provider and cluster services/kustomize
     # creating the namespace and the provider erroring out during apply
-    not_used = "${kubernetes_namespace.current.metadata.0.name}"
+    not_used = kubernetes_namespace.current.metadata[0].name
   }
 }
+
diff --git a/aws/_modules/eks/ingress.tf b/aws/_modules/eks/ingress.tf
@@ -1,5 +1,5 @@
 resource "kubernetes_namespace" "current" {
-  provider = "kubernetes.eks"
+  provider = kubernetes.eks
 
   metadata {
     name = "ingress-kbst-default"
@@ -8,24 +8,24 @@ resource "kubernetes_namespace" "current" {
   # namespace metadata may change through the manifests
   # hence ignoring this for the terraform lifecycle
   lifecycle {
-    ignore_changes = ["metadata"]
+    ignore_changes = [metadata]
   }
 
-  depends_on = ["aws_eks_cluster.current"]
+  depends_on = [aws_eks_cluster.current]
 }
 
 resource "kubernetes_service" "current" {
-  provider = "kubernetes.eks"
+  provider = kubernetes.eks
 
   metadata {
     name      = "ingress-kbst-default"
-    namespace = "${kubernetes_namespace.current.metadata.0.name}"
+    namespace = kubernetes_namespace.current.metadata[0].name
   }
 
   spec {
     type = "LoadBalancer"
 
-    selector {
+    selector = {
       "kubestack.com/ingress-default" = "true"
     }
 
@@ -48,31 +48,33 @@ resource "aws_route53_zone" "current" {
 }
 
 locals {
-  elb_hostname = "${kubernetes_service.current.load_balancer_ingress.0.hostname}"
+  elb_hostname = kubernetes_service.current.load_balancer_ingress[0].hostname
 }
 
-data "aws_elb_hosted_zone_id" "current" {}
+data "aws_elb_hosted_zone_id" "current" {
+}
 
 resource "aws_route53_record" "host" {
-  zone_id = "${aws_route53_zone.current.zone_id}"
-  name    = "${var.metadata_fqdn}"
+  zone_id = aws_route53_zone.current.zone_id
+  name    = var.metadata_fqdn
   type    = "A"
 
   alias {
-    name                   = "${local.elb_hostname}"
-    zone_id                = "${data.aws_elb_hosted_zone_id.current.id}"
+    name                   = local.elb_hostname
+    zone_id                = data.aws_elb_hosted_zone_id.current.id
     evaluate_target_health = true
   }
 }
 
 resource "aws_route53_record" "wildcard" {
-  zone_id = "${aws_route53_zone.current.zone_id}"
+  zone_id = aws_route53_zone.current.zone_id
   name    = "*.${var.metadata_fqdn}"
   type    = "A"
 
   alias {
-    name                   = "${local.elb_hostname}"
-    zone_id                = "${data.aws_elb_hosted_zone_id.current.id}"
+    name                   = local.elb_hostname
+    zone_id                = data.aws_elb_hosted_zone_id.current.id
     evaluate_target_health = true
   }
 }
+
diff --git a/aws/_modules/eks/main.tf b/aws/_modules/eks/main.tf
@@ -7,5 +7,6 @@ locals {
     "kubernetes.io/cluster/${var.metadata_name}" = "shared"
   }
 
-  eks_metadata_tags = "${merge(var.metadata_labels, local.eks_tags)}"
+  eks_metadata_tags = merge(var.metadata_labels, local.eks_tags)
 }
+
diff --git a/aws/_modules/eks/master.tf b/aws/_modules/eks/master.tf
@@ -1,14 +1,15 @@
 resource "aws_eks_cluster" "current" {
-  name     = "${var.metadata_name}"
-  role_arn = "${aws_iam_role.master.arn}"
+  name     = var.metadata_name
+  role_arn = aws_iam_role.master.arn
 
   vpc_config {
-    security_group_ids = ["${aws_security_group.masters.id}"]
-    subnet_ids         = ["${aws_subnet.current.*.id}"]
+    security_group_ids = [aws_security_group.masters.id]
+    subnet_ids         = aws_subnet.current.*.id
   }
 
   depends_on = [
-    "aws_iam_role_policy_attachment.master_cluster_policy",
-    "aws_iam_role_policy_attachment.master_service_policy",
+    aws_iam_role_policy_attachment.master_cluster_policy,
+    aws_iam_role_policy_attachment.master_service_policy,
   ]
 }
+
diff --git a/aws/_modules/eks/node_pool.tf b/aws/_modules/eks/node_pool.tf
@@ -1,21 +1,21 @@
 module "node_pool" {
   source = "./node_pool"
 
-  metadata_name = "${var.metadata_name}"
+  metadata_name = var.metadata_name
 
-  cluster_name     = "${aws_eks_cluster.current.name}"
-  cluster_endpoint = "${aws_eks_cluster.current.endpoint}"
-  cluster_version  = "${aws_eks_cluster.current.version}"
-  cluster_ca       = "${aws_eks_cluster.current.certificate_authority.0.data}"
+  cluster_name     = aws_eks_cluster.current.name
+  cluster_endpoint = aws_eks_cluster.current.endpoint
+  cluster_version  = aws_eks_cluster.current.version
+  cluster_ca       = aws_eks_cluster.current.certificate_authority[0].data
 
-  iam_instance_profile_name = "${aws_iam_instance_profile.nodes.name}"
+  iam_instance_profile_name = aws_iam_instance_profile.nodes.name
 
-  security_groups = ["${aws_security_group.nodes.id}"]
+  security_groups = [aws_security_group.nodes.id]
 
-  instance_type    = "${var.instance_type}"
-  desired_capacity = "${var.desired_capacity}"
-  max_size         = "${var.max_size}"
-  min_size         = "${var.min_size}"
+  instance_type    = var.instance_type
+  desired_capacity = var.desired_capacity
+  max_size         = var.max_size
+  min_size         = var.min_size
 
-  vpc_zone_identifiers = ["${aws_subnet.current.*.id}"]
+  vpc_zone_identifiers = aws_subnet.current.*.id
 }
diff --git a/aws/_modules/eks/node_pool/main.tf b/aws/_modules/eks/node_pool/main.tf
@@ -14,39 +14,41 @@ locals {
 set -o xtrace
 /etc/eks/bootstrap.sh --apiserver-endpoint '${var.cluster_endpoint}' --b64-cluster-ca '${var.cluster_ca}' '${var.cluster_name}'
 USERDATA
+
 }
 
 resource "aws_launch_configuration" "nodes" {
   associate_public_ip_address = true
-  iam_instance_profile        = "${var.iam_instance_profile_name}"
-  image_id                    = "${data.aws_ami.eks_node.id}"
-  instance_type               = "${var.instance_type}"
-  name_prefix                 = "${var.metadata_name}"
-  security_groups             = ["${var.security_groups}"]
-  user_data_base64            = "${base64encode(local.node_userdata)}"
+  iam_instance_profile = var.iam_instance_profile_name
+  image_id = data.aws_ami.eks_node.id
+  instance_type = var.instance_type
+  name_prefix = var.metadata_name
+  security_groups = var.security_groups
+  user_data_base64 = base64encode(local.node_userdata)
 
   lifecycle {
     create_before_destroy = true
   }
 }
 
 resource "aws_autoscaling_group" "nodes" {
-  desired_capacity     = "${var.desired_capacity}"
-  launch_configuration = "${aws_launch_configuration.nodes.id}"
-  max_size             = "${var.max_size}"
-  min_size             = "${var.min_size}"
-  name                 = "${var.metadata_name}"
-  vpc_zone_identifier  = ["${var.vpc_zone_identifiers}"]
+  desired_capacity = var.desired_capacity
+  launch_configuration = aws_launch_configuration.nodes.id
+  max_size = var.max_size
+  min_size = var.min_size
+  name = var.metadata_name
+  vpc_zone_identifier = var.vpc_zone_identifiers
 
   tag {
-    key                 = "Name"
-    value               = "${var.metadata_name}"
+    key = "Name"
+    value = var.metadata_name
     propagate_at_launch = true
   }
 
   tag {
-    key                 = "kubernetes.io/cluster/${var.metadata_name}"
-    value               = "owned"
+    key = "kubernetes.io/cluster/${var.metadata_name}"
+    value = "owned"
     propagate_at_launch = true
   }
 }
+
diff --git a/aws/_modules/eks/node_pool/variables.tf b/aws/_modules/eks/node_pool/variables.tf
@@ -1,59 +1,60 @@
 variable "metadata_name" {
-  type        = "string"
+  type        = string
   description = "Metadata name to use."
 }
 
 variable "cluster_version" {
-  type        = "string"
+  type        = string
   description = "Kubernetes version of the EKS cluster."
 }
 
 variable "cluster_endpoint" {
-  type        = "string"
+  type        = string
   description = "Kubernetes API endpoint of the EKS cluster."
 }
 
 variable "cluster_ca" {
-  type        = "string"
+  type        = string
   description = "Certificate authority of the EKS cluster."
 }
 
 variable "cluster_name" {
-  type        = "string"
+  type        = string
   description = "Cluster name of the EKS cluster."
 }
 
 variable "iam_instance_profile_name" {
-  type        = "string"
+  type        = string
   description = "IAM instance profile to use for nodes."
 }
 
 variable "instance_type" {
-  type        = "string"
+  type        = string
   description = "AWS instance type to use for nodes."
 }
 
 variable "security_groups" {
-  type        = "list"
+  type        = list(string)
   description = "List of security group IDs to use for nodes."
 }
 
 variable "desired_capacity" {
-  type        = "string"
+  type        = string
   description = "Desired number of worker nodes."
 }
 
 variable "max_size" {
-  type        = "string"
+  type        = string
   description = "Maximum number of worker nodes."
 }
 
 variable "min_size" {
-  type        = "string"
+  type        = string
   description = "Minimum number of worker nodes."
 }
 
 variable "vpc_zone_identifiers" {
-  type        = "list"
+  type        = list(string)
   description = "List of VPC subnet IDs to use for nodes."
 }
+
diff --git a/aws/_modules/eks/node_pool/versions.tf b/aws/_modules/eks/node_pool/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}
diff --git a/aws/_modules/eks/outputs.tf b/aws/_modules/eks/outputs.tf
@@ -1,4 +1,5 @@
 output "ingress_zone_name_servers" {
-  value       = "${aws_route53_zone.current.name_servers}"
+  value       = aws_route53_zone.current.name_servers
   description = "Nameservers of the cluster's managed zone."
 }
+
diff --git a/aws/_modules/eks/provider.tf b/aws/_modules/eks/provider.tf
@@ -1,24 +1,25 @@
-data "aws_caller_identity" "current" {}
+data "aws_caller_identity" "current" {
+}
 
 data "aws_arn" "current" {
-  arn = "${data.aws_caller_identity.current.arn}"
+  arn = data.aws_caller_identity.current.arn
 }
 
 locals {
-  resource_split     = "${split("/", data.aws_arn.current.resource)}"
-  caller_id_arn_type = "${replace(element(local.resource_split, 0), "assumed-role", "role")}"
-  caller_id_name     = "${element(local.resource_split, 1)}"
+  resource_split     = split("/", data.aws_arn.current.resource)
+  caller_id_arn_type = replace(element(local.resource_split, 0), "assumed-role", "role")
+  caller_id_name     = element(local.resource_split, 1)
 
   caller_id_arn = "arn:aws:iam::${data.aws_arn.current.account}:${local.caller_id_arn_type}/${local.caller_id_name}"
 }
 
 data "external" "aws_iam_authenticator" {
   program = ["sh", "${path.module}/provider_authenticator.sh"]
 
-  query {
-    cluster_name       = "${aws_eks_cluster.current.name}"
-    caller_id_arn      = "${local.caller_id_arn}"
-    caller_id_arn_type = "${local.caller_id_arn_type}"
+  query = {
+    cluster_name       = aws_eks_cluster.current.name
+    caller_id_arn      = local.caller_id_arn
+    caller_id_arn_type = local.caller_id_arn_type
   }
 }
 
@@ -27,8 +28,9 @@ provider "kubernetes" {
 
   load_config_file = false
 
-  host                   = "${aws_eks_cluster.current.endpoint}"
-  cluster_ca_certificate = "${base64decode(aws_eks_cluster.current.certificate_authority.0.data)}"
+  host                   = aws_eks_cluster.current.endpoint
+  cluster_ca_certificate = base64decode(aws_eks_cluster.current.certificate_authority[0].data)
 
-  token = "${data.external.aws_iam_authenticator.result["token"]}"
+  token = data.external.aws_iam_authenticator.result["token"]
 }
+