diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 000000000..243c43a5a --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,135 @@ +# name: 'Vprofile IAC' +# on: +# push: +# branches: +# - main +# - stage +# paths: +# - terraform/** +# pull_request: +# branches: +# - main +# paths: +# - terraform/** + +# env: # Credentials for deployment to AWS +# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} +# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + +# #S3 bucket for the terraform state file +# BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} +# AWS_REGION: us-east-2 +# EKS_CLUSTER_NAME: vprofile-eks + +# jobs: +# terraform: +# name: 'Apply terraform code changes' +# runs-on: ubuntu-latest +# defaults: +# run: +# shell: bash +# working-directory: ./terraform +# steps: +# - name: Checkout source code +# uses: actions/checkout@v4 +# - name: Setup Terraform with specified versions on the runner +# uses: hashicorp/setup-terraform@v3 +# with: +# terraform_version: 1.6.3 +# # with: If we don't mention the version so it uses the latest version of terraform +# # terraform_version: "1.1.7" + +# # - name: Configure AWS credentials +# # uses: aws-actions/configure-aws-credentials@v4 +# # with: +# # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} +# # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} +# # aws-region: us-east-2 + + +# - name: Terraform init +# id: init +# run: terraform init -backend-config="bucket=${BUCKET_TF_STATE}" + +# - name: Terraform format +# id: fmt +# run: terraform fmt -check + +name: "Vprofile IAC" +on: + push: + branches: + - main + - stage + pull_request: + branches: + - main + +env: + # configure credentials for deployment to AWS + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # S3 bucket for storing the tf state file + BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} + AWS_REGION: ${{ secrets.AWS_REGION }} + EKS_CLUSTER: ${{ secrets.EKS_CLUSTER }} + +jobs: + terraform: + name: "Apply terraform code changes" + runs-on: ubuntu-latest + defaults: + run: + shell: bash + working-directory: ./terraform + steps: + - name: Checkout the source code + uses: actions/checkout@v4 + + - name: Setup Terraform with specified version on the runner + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.3 + + - name: Terraform init + id: init + run: terraform init -backend-config="bucket=${BUCKET_TF_STATE}" + + - name: Terraform format + id: fmt + run: terraform fmt -check # check for fmt whether it is correct or not, if not correct returns a non-zero exit code which will fail the workflow + + - name: Terraform validate + id: validate + run: terraform validate + + - name: Terraform plan + id: plan + run: terraform plan -no-color -input=false -out=planfile.tfplan + continue-on-error: true + + - name: Terraform plan status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform apply + id: apply + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false -parallelism=1 planfile.tfplan + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + - name: Get Kube config file + id: getconfig + if: steps.apply.outcome == 'success' + run: aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.EKS_CLUSTER }} + + - name: Install Ingress controller + if: steps.apply.outcome == 'success' && steps.getconfig.outcome == 'success' + run: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/deploy.yaml + diff --git a/terraform/eks-cluster.tf b/terraform/eks-cluster.tf index 2c4610920..34804d3f6 100644 --- a/terraform/eks-cluster.tf +++ b/terraform/eks-cluster.tf @@ -3,7 +3,7 @@ module "eks" { version = "19.19.1" cluster_name = local.cluster_name - cluster_version = "1.27" + cluster_version = "1.30" vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets @@ -36,3 +36,44 @@ module "eks" { } } } + +/* +=== EKS-CLUSTER.TF FILE EXPLANATION === + +Ye file AWS EKS (Elastic Kubernetes Service) cluster create karti hai jo containerized applications run karne ke liye use hoti hai. + +Kya kaam karta hai: +1. EKS Module: Terraform AWS EKS module version 19.19.1 use karta hai - ye pre-built module hai jo EKS setup ko simplify karta hai +2. Cluster Configuration: + - Cluster Name: local.cluster_name se name leta hai (variables.tf se) + - Kubernetes Version: 1.27 use karta hai + - VPC Integration: VPC module se VPC ID aur private subnets use karta hai + - Public Access: Cluster API server publicly accessible hai (kubectl commands ke liye) + +3. Node Groups (Worker Nodes): + - Default AMI: Amazon Linux 2 x86_64 architecture use karta hai + - Do node groups banata hai load distribution ke liye: + + Node Group 1 ("one"): + - Instance Type: t3.small (2 vCPU, 2GB RAM) + - Scaling: Min 1, Max 3, Desired 2 nodes + - Primary workload ke liye use hota hai + + Node Group 2 ("two"): + - Instance Type: t3.small (2 vCPU, 2GB RAM) + - Scaling: Min 1, Max 2, Desired 1 node + - Secondary/backup workload ke liye use hota hai + +Kyun zaroori hai: +- EKS managed Kubernetes control plane provide karta hai +- AWS automatically master nodes ko manage karta hai +- Auto-scaling capabilities provide karta hai +- Private subnets me worker nodes deploy hote hain security ke liye +- Multiple node groups load balancing aur fault tolerance provide karte hain +- t3.small instances cost-effective hain development/testing ke liye + +Node Groups ka purpose: +- Kubernetes pods yahan run hote hain +- Auto-scaling traffic ke according nodes add/remove karta hai +- Multiple groups different workloads ko isolate karne ke liye use hote hain +*/ diff --git a/terraform/main.tf b/terraform/main.tf index 94b6fc75a..4c5dbe886 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -4,7 +4,7 @@ provider "kubernetes" { } provider "aws" { - region = var.region + region = var.region # This tells that terraform have to use AWS cloud provider } data "aws_availability_zones" "available" {} @@ -13,4 +13,43 @@ locals { cluster_name = var.clusterName } -## \ No newline at end of file +/* +=== MAIN.TF FILE EXPLANATION === + +Ye file main providers aur data sources configure karti hai jo other resources use karte hain. + +Kya kaam karta hai: +1. Kubernetes Provider: + - EKS cluster ke saath communicate karne ke liye use hota hai + - Host: EKS cluster ka endpoint URL + - Certificate: Cluster ki CA certificate authentication ke liye + - Ye provider kubectl commands aur Kubernetes resources manage karta hai + +2. AWS Provider: + - AWS services ke saath interact karne ke liye main provider + - Region: variables.tf se region value leta hai (default: us-east-2) + - Ye provider VPC, EKS, EC2 etc. sab AWS resources create karta hai + +3. Data Source - Availability Zones: + - Current region ke available AZs ki list fetch karta hai + - VPC module isme se first 3 AZs select karta hai + - Dynamic approach hai - region change karne par automatically adjust ho jata hai + +4. Locals Block: + - Local variables define karta hai + - cluster_name: variables.tf se clusterName variable ka value use karta hai + - Code me reusability aur consistency ke liye use hota hai + +Kyun zaroori hai: +- Providers Terraform ko batate hain ki kaunse APIs use karne hain +- Data sources runtime me information fetch karte hain +- Locals code duplication avoid karte hain +- Authentication aur configuration centralized rehti hai +- EKS cluster ke saath secure communication establish karta hai + +Flow: +1. AWS provider AWS resources create karta hai +2. EKS cluster ready hone ke baad Kubernetes provider activate hota hai +3. Data sources dynamic information provide karte hain +4. Locals consistent naming ensure karte hain +*/ \ No newline at end of file diff --git a/terraform/outputs.tf b/terraform/outputs.tf index 7d55c64ae..cb30272ae 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -18,3 +18,54 @@ output "cluster_security_group_id" { description = "Security group ID for the Amazon Web Service EKS Cluster " value = module.eks.cluster_security_group_id } + +/* +=== OUTPUTS.TF FILE EXPLANATION === + +Ye file output values define karti hai jo Terraform apply ke baad important information display karti hai. + +Kya kaam karta hai: +1. Cluster Name Output: + - EKS cluster ka actual name return karta hai + - Value: module.eks.cluster_name se aata hai + - Usage: kubectl commands me cluster name reference karne ke liye + +2. Cluster Endpoint Output: + - EKS cluster ka API server endpoint URL + - Value: module.eks.cluster_endpoint se aata hai + - Usage: kubectl configuration me server URL ke liye + - Format: https://XXXXXXXXXX.gr7.us-east-2.eks.amazonaws.com + +3. Region Output: + - Current AWS region display karta hai + - Value: variables.tf se region variable ka value + - Usage: Confirmation ke liye ki resources kahan deploy hue hain + +4. Security Group ID Output: + - EKS cluster ka security group ID + - Value: module.eks.cluster_security_group_id se aata hai + - Usage: Additional security rules add karne ke liye reference + +Output Structure: +- Description: Output ka purpose explain karta hai +- Value: Actual value jo display karni hai +- Sensitive: (optional) Sensitive information hide karne ke liye + +Kyun zaroori hai: +- Post-Deployment Information: Apply ke baad important details milti hain +- Integration: Other tools/scripts me ye values use kar sakte hain +- Documentation: Infrastructure ki key details readily available hoti hain +- Automation: CI/CD pipelines me ye outputs use kar sakte hain +- Troubleshooting: Debug karne me helpful information milti hai + +Usage Examples: +- terraform output cluster_name +- terraform output -json (JSON format me sab outputs) +- Other Terraform configurations me remote state se access kar sakte hain + +Practical Use Cases: +- kubectl config set-cluster me endpoint use karna +- AWS CLI commands me cluster name reference karna +- Monitoring tools me cluster details configure karna +- Security group rules add karne ke liye SG ID use karna +*/ diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 67b75c673..6149a699d 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -1,21 +1,21 @@ -terraform { - required_providers { +terraform { # This is the main configuration for Terraform itself. + required_providers { # Declares which providers (plugins) Terraform will use and their versions. aws = { source = "hashicorp/aws" version = "~> 5.25.0" } - random = { + random = { # Creates the random values for resources source = "hashicorp/random" version = "~> 3.5.1" } - tls = { - source = "hashicorp/tls" + tls = { # Two end points ke bich me secure communication ke liye use karte h + source = "hashicorp/tls" # Example - iss code me terraform or s3 bucket ke secure communication me use kiya hoga version = "~> 4.0.4" } - cloudinit = { + cloudinit = { # Like EC2 vm's jab start hote h to kon kon se packages ya other resources uske ander install karna h user_data ki help se. source = "hashicorp/cloudinit" version = "~> 2.3.2" } @@ -26,14 +26,55 @@ terraform { } } - backend "s3" { - bucket = "gitopsterrastate" + backend "s3" { # This is the S3 bucket that Terraform will use to store its state + bucket = "adarsh-gitops" key = "terraform.tfstate" region = "us-east-2" } - required_version = "~> 1.6.3" + required_version = ">= 1.0" } -## -## -## +# comment +#### + +/* +=== TERRAFORM.TF FILE EXPLANATION === + +Ye file Terraform ki core configuration define karti hai - providers, backend, aur version requirements. + +Kya kaam karta hai: +1. Required Providers: + - AWS Provider (~> 5.25.0): AWS resources create/manage karne ke liye + - Random Provider (~> 3.5.1): Random values generate karne ke liye (passwords, IDs etc.) + - TLS Provider (~> 4.0.4): SSL/TLS certificates aur keys generate karne ke liye + - Cloudinit Provider (~> 2.3.2): EC2 instances ki initialization scripts ke liye + - Kubernetes Provider (~> 2.23.0): Kubernetes resources manage karne ke liye + +2. Backend Configuration (S3): + - State File Storage: "vprofileactions23" S3 bucket me terraform.tfstate file store karta hai + - Region: us-east-2 me bucket located hai + - Remote State: Team collaboration ke liye centralized state management + - State Locking: Concurrent modifications prevent karta hai + +3. Terraform Version: + - Required Version: ~> 1.6.3 (1.6.3 se compatible versions) + - Version consistency ensure karta hai across team members + +Provider Versions ka purpose: +- "~>" symbol: Compatible versions allow karta hai (patch updates) +- Version locking: Breaking changes se protect karta hai +- Reproducible deployments ensure karta hai + +Backend ka importance: +- State file local machine par nahi, S3 me store hoti hai +- Multiple developers same state access kar sakte hain +- State corruption se protect karta hai +- Backup aur versioning automatic hai + +Kyun zaroori hai: +- Provider versions stability ensure karte hain +- Remote backend team collaboration enable karta hai +- State management centralized aur secure hoti hai +- Infrastructure changes track karne me help karta hai +- Rollback capabilities provide karta hai +*/ diff --git a/terraform/variables.tf b/terraform/variables.tf index a41d982a0..2852257d1 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -7,5 +7,49 @@ variable "region" { variable "clusterName" { description = "Name of the EKS cluster" type = string - default = "kitops-eks" + default = "vprofile-eks" } + +/* +=== VARIABLES.TF FILE EXPLANATION === + +Ye file input variables define karti hai jo configuration ko flexible aur reusable banate hain. + +Kya kaam karta hai: +1. Region Variable: + - Name: "region" + - Type: string + - Default: "us-east-2" (Ohio region) + - Purpose: AWS resources kaunse region me deploy karne hain ye specify karta hai + - Usage: main.tf me AWS provider configuration me use hota hai + +2. Cluster Name Variable: + - Name: "clusterName" + - Type: string + - Default: "vprofile-eks" + - Purpose: EKS cluster ka naam define karta hai + - Usage: main.tf me locals block me use hota hai, phir EKS module me pass hota hai + +Variable Structure: +- Description: Variable ka purpose explain karta hai +- Type: Data type specify karta hai (string, number, bool, list, map) +- Default: Agar value provide nahi ki to ye value use hogi + +Kyun zaroori hai: +- Code Reusability: Same code different environments me use kar sakte hain +- Flexibility: Runtime me values change kar sakte hain +- Environment Specific: Dev, staging, prod ke liye different values use kar sakte hain +- Centralized Configuration: Sab configurable values ek jagah hain +- Documentation: Description se clear hota hai variable ka purpose + +Usage Examples: +- terraform apply -var="region=us-west-2" +- terraform apply -var="clusterName=production-eks" +- terraform.tfvars file me values define kar sakte hain + +Best Practices: +- Descriptive names use karne chahiye +- Default values provide karne chahiye +- Type constraints define karne chahiye +- Sensitive variables ko sensitive = true mark karna chahiye +*/ diff --git a/terraform/vpc.tf b/terraform/vpc.tf index 5775ce1c3..751970072 100644 --- a/terraform/vpc.tf +++ b/terraform/vpc.tf @@ -24,3 +24,32 @@ module "vpc" { "kubernetes.io/role/internal-elb" = 1 } } + +/* +=== VPC.TF FILE EXPLANATION === + +Ye file AWS VPC (Virtual Private Cloud) create karti hai jo EKS cluster ke liye networking foundation provide karti hai. + +Kya kaam karta hai: +1. VPC Module: Terraform AWS VPC module use karta hai version 5.1.2 - ye pre-built module hai jo VPC setup ko easy banata hai +2. Network Range: 172.20.0.0/16 CIDR block use karta hai jo 65,536 IP addresses provide karta hai +3. Availability Zones: 3 AZs me resources spread karta hai high availability ke liye +4. Subnets: + - Private Subnets (172.20.1-3.0/24): EKS worker nodes yahan deploy hote hain, direct internet access nahi + - Public Subnets (172.20.4-6.0/24): Load balancers aur NAT gateway yahan deploy hote hain +5. NAT Gateway: Private subnets ko internet access deta hai (outbound traffic ke liye) +6. Single NAT Gateway: Cost optimization ke liye sirf ek NAT gateway use karta hai +7. DNS Hostnames: EC2 instances ko DNS names milte hain + +Tags ka purpose: +EKS ko batana ki kaunse subnets kis type ke Load Balancer ke liye use karne hain (public LB ke liye public subnets, internal LB ke liye private subnets). +- Public subnet tags: AWS Load Balancer Controller ko batate hain ki yahan external load balancers deploy kar sakte hain +- Private subnet tags: Internal load balancers ke liye use hote hain +- Kubernetes cluster tags: EKS service ko identify karne me help karte hain + +Kyun zaroori hai: +- EKS cluster ko secure networking environment chahiye +- Worker nodes private subnets me safe rehte hain +- Load balancers public subnets me internet traffic handle karte hain +- Multi-AZ setup high availability ensure karta hai +*/