mirror of
https://github.com/cdr/code-server.git
synced 2025-12-07 08:52:16 +01:00
b8094ac6a0
This commit adds complete Terraform infrastructure as code for deploying code-server on both EC2 and EKS platforms with enterprise-grade security and SAML/OIDC authentication. Features: - EC2 deployment with Auto Scaling Groups and Application Load Balancer - EKS deployment with managed node groups and AWS Load Balancer Controller - Private network setup with VPC, private subnets, and NAT gateways - SAML/OIDC authentication using OAuth2 Proxy - Security hardening: - KMS encryption for data at rest - TLS encryption in transit - IAM roles with least privilege - Security groups with minimal access - VPC Flow Logs - IMDSv2 enforcement - Auto-scaling capabilities for both EC2 and EKS - CloudWatch logging and monitoring - Automated deployment scripts Terraform Modules: - modules/vpc: VPC with public/private subnets, NAT, and VPC endpoints - modules/security: Security groups, IAM roles, and KMS keys - modules/ec2: EC2 Auto Scaling deployment with ALB - modules/eks: EKS cluster with managed node groups and addons Deployments: - deployments/ec2: EC2 deployment configuration - deployments/eks: EKS deployment configuration with Kubernetes manifests Documentation: - README.md: Comprehensive deployment and operations guide - QUICK-START.md: Quick reference for fast deployment - SAML-SETUP-GUIDE.md: Step-by-step IdP configuration guide Scripts: - scripts/deploy-ec2.sh: Automated EC2 deployment - scripts/deploy-eks.sh: Automated EKS deployment - scripts/destroy-ec2.sh: EC2 cleanup - scripts/destroy-eks.sh: EKS cleanup
166 lines
3.7 KiB
HCL
166 lines
3.7 KiB
HCL
# EKS Module Variables
|
|
|
|
variable "cluster_name" {
|
|
description = "Name of the EKS cluster"
|
|
type = string
|
|
}
|
|
|
|
variable "cluster_role_arn" {
|
|
description = "ARN of the IAM role for the EKS cluster"
|
|
type = string
|
|
}
|
|
|
|
variable "node_role_arn" {
|
|
description = "ARN of the IAM role for EKS nodes"
|
|
type = string
|
|
}
|
|
|
|
variable "private_subnet_ids" {
|
|
description = "List of private subnet IDs for EKS nodes"
|
|
type = list(string)
|
|
}
|
|
|
|
variable "public_subnet_ids" {
|
|
description = "List of public subnet IDs for EKS control plane"
|
|
type = list(string)
|
|
}
|
|
|
|
variable "cluster_security_group_id" {
|
|
description = "Security group ID for EKS cluster"
|
|
type = string
|
|
}
|
|
|
|
variable "kms_key_arn" {
|
|
description = "ARN of KMS key for EKS encryption"
|
|
type = string
|
|
}
|
|
|
|
variable "kubernetes_version" {
|
|
description = "Kubernetes version for EKS cluster"
|
|
type = string
|
|
default = "1.28"
|
|
}
|
|
|
|
variable "endpoint_public_access" {
|
|
description = "Enable public access to EKS cluster endpoint"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "public_access_cidrs" {
|
|
description = "CIDR blocks allowed to access EKS cluster endpoint"
|
|
type = list(string)
|
|
default = ["0.0.0.0/0"]
|
|
}
|
|
|
|
variable "cluster_log_types" {
|
|
description = "List of cluster log types to enable"
|
|
type = list(string)
|
|
default = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
|
|
}
|
|
|
|
variable "log_retention_days" {
|
|
description = "Number of days to retain CloudWatch logs"
|
|
type = number
|
|
default = 30
|
|
}
|
|
|
|
variable "vpc_cni_version" {
|
|
description = "Version of VPC CNI addon"
|
|
type = string
|
|
default = "v1.14.0-eksbuild.3"
|
|
}
|
|
|
|
variable "kube_proxy_version" {
|
|
description = "Version of kube-proxy addon"
|
|
type = string
|
|
default = "v1.28.1-eksbuild.1"
|
|
}
|
|
|
|
variable "coredns_version" {
|
|
description = "Version of CoreDNS addon"
|
|
type = string
|
|
default = "v1.10.1-eksbuild.2"
|
|
}
|
|
|
|
variable "ebs_csi_driver_version" {
|
|
description = "Version of EBS CSI driver addon"
|
|
type = string
|
|
default = "v1.24.0-eksbuild.1"
|
|
}
|
|
|
|
variable "enable_ebs_csi_driver" {
|
|
description = "Enable EBS CSI driver addon"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "enable_irsa" {
|
|
description = "Enable IAM Roles for Service Accounts (IRSA)"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "enable_aws_load_balancer_controller" {
|
|
description = "Enable AWS Load Balancer Controller IAM role"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "node_instance_types" {
|
|
description = "List of instance types for EKS nodes"
|
|
type = list(string)
|
|
default = ["t3.medium"]
|
|
}
|
|
|
|
variable "capacity_type" {
|
|
description = "Capacity type for EKS nodes (ON_DEMAND or SPOT)"
|
|
type = string
|
|
default = "ON_DEMAND"
|
|
}
|
|
|
|
variable "node_disk_size" {
|
|
description = "Disk size for EKS nodes in GB"
|
|
type = number
|
|
default = 50
|
|
}
|
|
|
|
variable "min_nodes" {
|
|
description = "Minimum number of EKS nodes"
|
|
type = number
|
|
default = 1
|
|
}
|
|
|
|
variable "max_nodes" {
|
|
description = "Maximum number of EKS nodes"
|
|
type = number
|
|
default = 3
|
|
}
|
|
|
|
variable "desired_nodes" {
|
|
description = "Desired number of EKS nodes"
|
|
type = number
|
|
default = 2
|
|
}
|
|
|
|
variable "node_labels" {
|
|
description = "Labels to apply to EKS nodes"
|
|
type = map(string)
|
|
default = {}
|
|
}
|
|
|
|
variable "node_taints" {
|
|
description = "Taints to apply to EKS nodes"
|
|
type = list(object({
|
|
key = string
|
|
value = string
|
|
effect = string
|
|
}))
|
|
default = []
|
|
}
|
|
|
|
variable "tags" {
|
|
description = "Tags to apply to resources"
|
|
type = map(string)
|
|
default = {}
|
|
}
|