Merge pull request #13 from soat-fiap/database_subnets

Database subnets
soat-fiap · Sep 4, 2024 · bb58e04 · bb58e04
2 parents a126e16 + 1c35e96
commit bb58e04
Show file tree

Hide file tree

Showing 15 changed files with 254 additions and 75 deletions.
diff --git a/.github/workflows/sonarcloud.yaml b/.github/workflows/sonarcloud.yaml
@@ -0,0 +1,23 @@
+name: 'Static analisys'
+
+on:
+  push:
+  pull_request: 
+
+permissions:
+  contents: read
+
+jobs:
+  sonarcloud:
+    if: github.event_name != 'pull_request' || github.ref == 'refs/heads/main'
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -12,6 +12,7 @@ on:
 
 permissions:
   contents: read
+  pull-requests: write
 
 jobs:
 
@@ -32,20 +33,76 @@ jobs:
 
     # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v1
+      uses: hashicorp/setup-terraform@v3
       with:
         cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 
+    - name: Terraform fmt
+      id: fmt
+      run: terraform fmt -check
+
     - name: Terraform Init
+      id: init
       run: terraform init -upgrade
+
+    - name: Terraform Validate
+      id: validate
+      run: terraform validate
 
     - name: Terraform Test
-      if: github.event_name == 'push'
       run: terraform test
 
+    - uses: actions/github-script@v7
+      if: github.event_name == 'pull_request'
+      env:
+        PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+      with:
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+        script: |
+          // 1. Retrieve existing bot comments for the PR
+          const { data: comments } = await github.rest.issues.listComments({
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            issue_number: context.issue.number,
+          })
+          const botComment = comments.find(comment => {
+            return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
+          })
+    
+          // 2. Prepare format of the comment
+          const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+          #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+          #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+          <details><summary>Validation Output</summary>
+
+          \`\`\`\n
+          ${{ steps.validate.outputs.stdout }}
+          \`\`\`
+
+          </details>
+
+          *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+          // 3. If we have a comment, update it, otherwise create a new one
+          if (botComment) {
+            github.rest.issues.updateComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: botComment.id,
+              body: output
+            })
+          } else {
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+          }
+
   terraform:
     needs: test
-    name: 'Plan'
+    name: 'Apply'
     runs-on: ubuntu-latest
     environment: dev
 
@@ -61,25 +118,17 @@ jobs:
 
     # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v1
+      uses: hashicorp/setup-terraform@v3
       with:
         cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 
     # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
     - name: Terraform Init
       run: terraform init -upgrade
 
-    # Checks that all Terraform configuration files adhere to a canonical format
-    - name: Terraform Format
-      run: terraform fmt -check
-
-    # Generates an execution plan for Terraform
-    - name: Terraform Plan
-      run: terraform plan -input=false
-
-      # On push to "main", build or change infrastructure according to Terraform configuration files
-      # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
+    # On push to "main", build or change infrastructure according to Terraform configuration files
+    # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
     - name: Terraform Apply
-      if: github.ref == 'refs/heads/"main"'
+      if: github.ref == 'refs/heads/main'
       # && ( github.event_name == 'push' || github.event_name == 'workflow_dispatch')
       run: terraform apply -input=false
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/main.tf b/main.tf
@@ -16,8 +16,7 @@ module "vpc" {
 }
 
 module "eks" {
-  source = "./modules/eks"
-
+  source  = "./modules/eks"
   region  = var.region
   profile = var.profile
 
@@ -27,10 +26,10 @@ module "eks" {
 }
 
 module "loadbalancer-controller" {
-  depends_on = [module.eks]
-
+  depends_on        = [module.eks]
   source            = "./modules/loadbalancer-controller"
   oidc_provider_arn = module.eks.oidc_provider_arn
+  name              = var.nlb_name
   cluster_name      = module.eks.cluster_name
   region            = var.region
   vpc_id            = module.vpc.vpc_id

diff --git a/modules/eks/main.tf b/modules/eks/main.tf
@@ -50,6 +50,5 @@ module "eks" {
 
   tags = {
     Terraform = "true"
-    Created   = timestamp()
   }
 }
diff --git a/modules/eks/variables.tf b/modules/eks/variables.tf
@@ -1,5 +1,5 @@
 variable "cluster_name" {
-  type        = string
+  type = string
 }
 
 variable "profile" {

diff --git a/modules/loadbalancer-controller/main.tf b/modules/loadbalancer-controller/main.tf
@@ -1,7 +1,7 @@
 # load balancer controller role
 module "lb_role" {
-  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.44.0"
+  source      = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
+  version     = "~> 5.44.0"
 
   role_name                              = "${var.name}_eks_lb"
   attach_load_balancer_controller_policy = true
@@ -16,6 +16,7 @@ module "lb_role" {
 
 resource "kubernetes_service_account" "service-account" {
   depends_on = [module.lb_role]
+
   metadata {
     name      = "aws-load-balancer-controller"
     namespace = "kube-system"
@@ -31,13 +32,15 @@ resource "kubernetes_service_account" "service-account" {
 }
 
 resource "helm_release" "alb-controller" {
-  name       = "aws-load-balancer-controller"
-  repository = "https://aws.github.io/eks-charts"
-  chart      = "aws-load-balancer-controller"
-
-  namespace  = "kube-system"
   depends_on = [kubernetes_service_account.service-account]
 
+  name         = "aws-load-balancer-controller"
+  repository   = "https://aws.github.io/eks-charts"
+  chart        = "aws-load-balancer-controller"
+  version      = "~> 1.8.2"
+  force_update = true
+  namespace    = "kube-system"
+
   set {
     name  = "region"
     value = var.region
@@ -71,22 +74,23 @@ resource "helm_release" "alb-controller" {
 }
 
 resource "kubernetes_service" "bmb-api-svc" {
-  depends_on = [ helm_release.alb-controller ]
-  metadata  {
-    name = "nlb-controller-service"
+  depends_on = [helm_release.alb-controller]
+  metadata {
+    name = "nlb-controller-svc"
     annotations = {
-      "service.beta.kubernetes.io/aws-load-balancer-name" = "${var.name}-nlb"
+      "service.beta.kubernetes.io/aws-load-balancer-name" = "${var.name}"
     }
   }
   spec {
     port {
-      port = 80
-      target_port = 80
-      protocol = "TCP"
+      port        = 80
+      target_port = 8080
+      node_port   = 30000
+      protocol    = "TCP"
     }
     type = "LoadBalancer"
     selector = {
-      app: "nginx"
+      app : "bmb-api"
     }
   }
-}
+}
diff --git a/modules/loadbalancer-controller/variables.tf b/modules/loadbalancer-controller/variables.tf
@@ -1,19 +1,28 @@
 variable "name" {
   description = "Load balancer controller name"
-  type = string
-  default = "techchallenge-internal"
+  type        = string
+  nullable = false
+}
+
+variable "enabled" {
+  type    = bool
+  default = true
 }
 
+variable "create" {
+  type    = bool
+  default = false
+}
 ################################################################################
 # General Variables from root module
 ################################################################################
 
 variable "region" {
-  type    = string
+  type = string
 }
 
 variable "cluster_name" {
-  type    = string
+  type = string
 }
 
 ################################################################################
@@ -22,10 +31,10 @@ variable "cluster_name" {
 
 variable "vpc_id" {
   description = "VPC ID which Load balancers will be  deployed in"
-  type = string
+  type        = string
 }
 
 variable "oidc_provider_arn" {
   description = "OIDC Provider ARN used for IRSA "
-  type = string
-}
+  type        = string
+}
diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf
@@ -4,12 +4,13 @@ module "vpc" {
 
   name = var.name
 
-  azs             = ["us-east-1f", "us-east-1c"]
-  private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
-  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24"]
+  azs              = ["us-east-1f", "us-east-1b"]
+  private_subnets  = ["10.0.1.0/24", "10.0.2.0/24"]
+  public_subnets   = ["10.0.101.0/24", "10.0.102.0/24"]
+  database_subnets = ["10.0.201.0/24", "10.0.202.0/24"]
 
-  enable_nat_gateway = false
-  single_nat_gateway = false
+  enable_nat_gateway = true
+  single_nat_gateway = true
 
   public_subnet_tags = {
     "kubernetes.io/role/elb" = 1
@@ -21,6 +22,5 @@ module "vpc" {
 
   tags = {
     Terraform = "true"
-    Created   = timestamp()
   }
 }
diff --git a/modules/vpc/output.tf b/modules/vpc/output.tf
@@ -22,3 +22,7 @@ output "private_subnets_cidr_blocks" {
   description = "List of cidr_blocks of private subnets"
   value       = module.vpc.private_subnets_cidr_blocks
 }
+
+output "database_subnets" {
+  value = module.vpc.database_subnet_group_name
+}
diff --git a/output.tf b/output.tf
@@ -27,6 +27,10 @@ output "private_subnets_cidr_blocks" {
   value       = module.vpc.private_subnets_cidr_blocks
 }
 
+output "database_subnets" {
+  value = module.vpc.database_subnets
+}
+
 
 ################################################################################
 # EKS Cluster
@@ -56,4 +60,3 @@ output "oidc_provider_arn" {
   description = "The ARN of the OIDC Provider if `enable_irsa = true`"
   value       = module.eks.oidc_provider_arn
 }
-