Initial terraform module structure (VPC, EKS, RDS)
This commit is contained in:
commit
f2f452f300
5 changed files with 103 additions and 0 deletions
8
.gitignore
vendored
Normal file
8
.gitignore
vendored
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
**/.terraform/
|
||||||
|
*.tfstate
|
||||||
|
*.tfstate.backup
|
||||||
|
.terraform.lock.hcl
|
||||||
|
*.tfvars
|
||||||
|
!*.tfvars.example
|
||||||
|
*.log
|
||||||
|
.DS_Store
|
||||||
33
README.md
Normal file
33
README.md
Normal file
|
|
@ -0,0 +1,33 @@
|
||||||
|
# nexus/platform-infra
|
||||||
|
|
||||||
|
Terraform and Helm configurations for the Nexus platform infrastructure.
|
||||||
|
|
||||||
|
## Documentation
|
||||||
|
|
||||||
|
See the [wiki](../../wiki) for architecture diagrams, runbooks, and ADRs.
|
||||||
|
|
||||||
|
## Structure
|
||||||
|
|
||||||
|
```
|
||||||
|
terraform/
|
||||||
|
modules/ — reusable Terraform modules
|
||||||
|
envs/ — per-environment root modules
|
||||||
|
helm/
|
||||||
|
nexus-app/ — application Helm chart
|
||||||
|
nexus-monitoring/ — Prometheus/Grafana stack
|
||||||
|
scripts/
|
||||||
|
plan.sh — terraform plan wrapper
|
||||||
|
apply.sh — terraform apply wrapper
|
||||||
|
```
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
- Terraform >= 1.5
|
||||||
|
- Helm >= 3.12
|
||||||
|
- AWS CLI v2, configured for eu-central-1
|
||||||
|
- kubectl, kubeconfig for target cluster
|
||||||
|
|
||||||
|
## Conventions
|
||||||
|
|
||||||
|
- All resources tagged: `Project=nexus`, `ManagedBy=terraform`, `Environment=<env>`
|
||||||
|
- State stored in S3 (`nexus-tfstate`) with DynamoDB locking
|
||||||
16
terraform/modules/eks/main.tf
Normal file
16
terraform/modules/eks/main.tf
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
variable "cluster_name" {}
|
||||||
|
variable "cluster_version" { default = "1.30" }
|
||||||
|
variable "subnet_ids" { type = list(string) }
|
||||||
|
variable "node_type" { default = "m6i.xlarge" }
|
||||||
|
variable "min_nodes" { default = 2 }
|
||||||
|
variable "max_nodes" { default = 8 }
|
||||||
|
|
||||||
|
resource "aws_eks_cluster" "main" {
|
||||||
|
name = var.cluster_name
|
||||||
|
version = var.cluster_version
|
||||||
|
role_arn = aws_iam_role.cluster.arn
|
||||||
|
|
||||||
|
vpc_config {
|
||||||
|
subnet_ids = var.subnet_ids
|
||||||
|
}
|
||||||
|
}
|
||||||
28
terraform/modules/rds/main.tf
Normal file
28
terraform/modules/rds/main.tf
Normal file
|
|
@ -0,0 +1,28 @@
|
||||||
|
variable "identifier" {}
|
||||||
|
variable "engine" { default = "postgres" }
|
||||||
|
variable "engine_version" { default = "16.1" }
|
||||||
|
variable "instance_class" { default = "db.t4g.medium" }
|
||||||
|
variable "db_name" {}
|
||||||
|
variable "username" {}
|
||||||
|
variable "subnet_ids" { type = list(string) }
|
||||||
|
variable "multi_az" { default = true }
|
||||||
|
|
||||||
|
resource "aws_db_instance" "main" {
|
||||||
|
identifier = var.identifier
|
||||||
|
engine = var.engine
|
||||||
|
engine_version = var.engine_version
|
||||||
|
instance_class = var.instance_class
|
||||||
|
db_name = var.db_name
|
||||||
|
username = var.username
|
||||||
|
multi_az = var.multi_az
|
||||||
|
skip_final_snapshot = false
|
||||||
|
deletion_protection = true
|
||||||
|
storage_encrypted = true
|
||||||
|
|
||||||
|
db_subnet_group_name = aws_db_subnet_group.main.name
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_db_subnet_group" "main" {
|
||||||
|
name = "${var.identifier}-subnet-group"
|
||||||
|
subnet_ids = var.subnet_ids
|
||||||
|
}
|
||||||
18
terraform/modules/vpc/main.tf
Normal file
18
terraform/modules/vpc/main.tf
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
variable "cidr" { default = "10.0.0.0/16" }
|
||||||
|
variable "environment" {}
|
||||||
|
variable "az_count" { default = 3 }
|
||||||
|
|
||||||
|
locals {
|
||||||
|
azs = slice(data.aws_availability_zones.available.names, 0, var.az_count)
|
||||||
|
public_subnets = [for i, az in local.azs : cidrsubnet(var.cidr, 8, i)]
|
||||||
|
private_subnets = [for i, az in local.azs : cidrsubnet(var.cidr, 8, i + 10)]
|
||||||
|
}
|
||||||
|
|
||||||
|
data "aws_availability_zones" "available" { state = "available" }
|
||||||
|
|
||||||
|
resource "aws_vpc" "main" {
|
||||||
|
cidr_block = var.cidr
|
||||||
|
enable_dns_hostnames = true
|
||||||
|
enable_dns_support = true
|
||||||
|
tags = { Name = "nexus-${var.environment}", Environment = var.environment }
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue