From 9e6f64cb5395422842a8d950c131b10504d70ab5 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Tue, 30 Dec 2025 01:04:45 -0500 Subject: [PATCH 01/22] Make some changes in names of resources and add comments for easily understand --- terraform/eks-cluster.tf | 41 +++++++++++++++++++++++++++ terraform/main.tf | 41 ++++++++++++++++++++++++++- terraform/outputs.tf | 51 +++++++++++++++++++++++++++++++++ terraform/terraform.tf | 61 ++++++++++++++++++++++++++++++++-------- terraform/variables.tf | 46 +++++++++++++++++++++++++++++- terraform/vpc.tf | 29 +++++++++++++++++++ 6 files changed, 256 insertions(+), 13 deletions(-) diff --git a/terraform/eks-cluster.tf b/terraform/eks-cluster.tf index 2c4610920..5eceecbf7 100644 --- a/terraform/eks-cluster.tf +++ b/terraform/eks-cluster.tf @@ -36,3 +36,44 @@ module "eks" { } } } + +/* +=== EKS-CLUSTER.TF FILE EXPLANATION === + +Ye file AWS EKS (Elastic Kubernetes Service) cluster create karti hai jo containerized applications run karne ke liye use hoti hai. + +Kya kaam karta hai: +1. EKS Module: Terraform AWS EKS module version 19.19.1 use karta hai - ye pre-built module hai jo EKS setup ko simplify karta hai +2. Cluster Configuration: + - Cluster Name: local.cluster_name se name leta hai (variables.tf se) + - Kubernetes Version: 1.27 use karta hai + - VPC Integration: VPC module se VPC ID aur private subnets use karta hai + - Public Access: Cluster API server publicly accessible hai (kubectl commands ke liye) + +3. Node Groups (Worker Nodes): + - Default AMI: Amazon Linux 2 x86_64 architecture use karta hai + - Do node groups banata hai load distribution ke liye: + + Node Group 1 ("one"): + - Instance Type: t3.small (2 vCPU, 2GB RAM) + - Scaling: Min 1, Max 3, Desired 2 nodes + - Primary workload ke liye use hota hai + + Node Group 2 ("two"): + - Instance Type: t3.small (2 vCPU, 2GB RAM) + - Scaling: Min 1, Max 2, Desired 1 node + - Secondary/backup workload ke liye use hota hai + +Kyun zaroori hai: +- EKS managed Kubernetes control plane provide karta hai +- AWS automatically master nodes ko manage karta hai +- Auto-scaling capabilities provide karta hai +- Private subnets me worker nodes deploy hote hain security ke liye +- Multiple node groups load balancing aur fault tolerance provide karte hain +- t3.small instances cost-effective hain development/testing ke liye + +Node Groups ka purpose: +- Kubernetes pods yahan run hote hain +- Auto-scaling traffic ke according nodes add/remove karta hai +- Multiple groups different workloads ko isolate karne ke liye use hote hain +*/ diff --git a/terraform/main.tf b/terraform/main.tf index 94b6fc75a..7c3ae4248 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -13,4 +13,43 @@ locals { cluster_name = var.clusterName } -## \ No newline at end of file +/* +=== MAIN.TF FILE EXPLANATION === + +Ye file main providers aur data sources configure karti hai jo other resources use karte hain. + +Kya kaam karta hai: +1. Kubernetes Provider: + - EKS cluster ke saath communicate karne ke liye use hota hai + - Host: EKS cluster ka endpoint URL + - Certificate: Cluster ki CA certificate authentication ke liye + - Ye provider kubectl commands aur Kubernetes resources manage karta hai + +2. AWS Provider: + - AWS services ke saath interact karne ke liye main provider + - Region: variables.tf se region value leta hai (default: us-east-2) + - Ye provider VPC, EKS, EC2 etc. sab AWS resources create karta hai + +3. Data Source - Availability Zones: + - Current region ke available AZs ki list fetch karta hai + - VPC module isme se first 3 AZs select karta hai + - Dynamic approach hai - region change karne par automatically adjust ho jata hai + +4. Locals Block: + - Local variables define karta hai + - cluster_name: variables.tf se clusterName variable ka value use karta hai + - Code me reusability aur consistency ke liye use hota hai + +Kyun zaroori hai: +- Providers Terraform ko batate hain ki kaunse APIs use karne hain +- Data sources runtime me information fetch karte hain +- Locals code duplication avoid karte hain +- Authentication aur configuration centralized rehti hai +- EKS cluster ke saath secure communication establish karta hai + +Flow: +1. AWS provider AWS resources create karta hai +2. EKS cluster ready hone ke baad Kubernetes provider activate hota hai +3. Data sources dynamic information provide karte hain +4. Locals consistent naming ensure karte hain +*/ \ No newline at end of file diff --git a/terraform/outputs.tf b/terraform/outputs.tf index 7d55c64ae..cb30272ae 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -18,3 +18,54 @@ output "cluster_security_group_id" { description = "Security group ID for the Amazon Web Service EKS Cluster " value = module.eks.cluster_security_group_id } + +/* +=== OUTPUTS.TF FILE EXPLANATION === + +Ye file output values define karti hai jo Terraform apply ke baad important information display karti hai. + +Kya kaam karta hai: +1. Cluster Name Output: + - EKS cluster ka actual name return karta hai + - Value: module.eks.cluster_name se aata hai + - Usage: kubectl commands me cluster name reference karne ke liye + +2. Cluster Endpoint Output: + - EKS cluster ka API server endpoint URL + - Value: module.eks.cluster_endpoint se aata hai + - Usage: kubectl configuration me server URL ke liye + - Format: https://XXXXXXXXXX.gr7.us-east-2.eks.amazonaws.com + +3. Region Output: + - Current AWS region display karta hai + - Value: variables.tf se region variable ka value + - Usage: Confirmation ke liye ki resources kahan deploy hue hain + +4. Security Group ID Output: + - EKS cluster ka security group ID + - Value: module.eks.cluster_security_group_id se aata hai + - Usage: Additional security rules add karne ke liye reference + +Output Structure: +- Description: Output ka purpose explain karta hai +- Value: Actual value jo display karni hai +- Sensitive: (optional) Sensitive information hide karne ke liye + +Kyun zaroori hai: +- Post-Deployment Information: Apply ke baad important details milti hain +- Integration: Other tools/scripts me ye values use kar sakte hain +- Documentation: Infrastructure ki key details readily available hoti hain +- Automation: CI/CD pipelines me ye outputs use kar sakte hain +- Troubleshooting: Debug karne me helpful information milti hai + +Usage Examples: +- terraform output cluster_name +- terraform output -json (JSON format me sab outputs) +- Other Terraform configurations me remote state se access kar sakte hain + +Practical Use Cases: +- kubectl config set-cluster me endpoint use karna +- AWS CLI commands me cluster name reference karna +- Monitoring tools me cluster details configure karna +- Security group rules add karne ke liye SG ID use karna +*/ diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 67b75c673..ff4675bc0 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -1,21 +1,21 @@ -terraform { - required_providers { +terraform { # This is the main configuration for Terraform itself. + required_providers { # Declares which providers (plugins) Terraform will use and their versions. aws = { source = "hashicorp/aws" version = "~> 5.25.0" } - random = { + random = { # Creates the random values for resources source = "hashicorp/random" version = "~> 3.5.1" } - tls = { - source = "hashicorp/tls" + tls = { # Two end points ke bich me secure communication ke liye use karte h + source = "hashicorp/tls" # Example - iss code me terraform or s3 bucket ke secure communication me use kiya hoga version = "~> 4.0.4" } - cloudinit = { + cloudinit = { # Like EC2 vm's jab start hote h to kon kon se packages ya other resources uske ander install karna h user_data ki help se. source = "hashicorp/cloudinit" version = "~> 2.3.2" } @@ -26,14 +26,53 @@ terraform { } } - backend "s3" { - bucket = "gitopsterrastate" + backend "s3" { # This is the S3 bucket that Terraform will use to store its state + bucket = "vprofileactions23" key = "terraform.tfstate" region = "us-east-2" } required_version = "~> 1.6.3" } -## -## -## + +/* +=== TERRAFORM.TF FILE EXPLANATION === + +Ye file Terraform ki core configuration define karti hai - providers, backend, aur version requirements. + +Kya kaam karta hai: +1. Required Providers: + - AWS Provider (~> 5.25.0): AWS resources create/manage karne ke liye + - Random Provider (~> 3.5.1): Random values generate karne ke liye (passwords, IDs etc.) + - TLS Provider (~> 4.0.4): SSL/TLS certificates aur keys generate karne ke liye + - Cloudinit Provider (~> 2.3.2): EC2 instances ki initialization scripts ke liye + - Kubernetes Provider (~> 2.23.0): Kubernetes resources manage karne ke liye + +2. Backend Configuration (S3): + - State File Storage: "vprofileactions23" S3 bucket me terraform.tfstate file store karta hai + - Region: us-east-2 me bucket located hai + - Remote State: Team collaboration ke liye centralized state management + - State Locking: Concurrent modifications prevent karta hai + +3. Terraform Version: + - Required Version: ~> 1.6.3 (1.6.3 se compatible versions) + - Version consistency ensure karta hai across team members + +Provider Versions ka purpose: +- "~>" symbol: Compatible versions allow karta hai (patch updates) +- Version locking: Breaking changes se protect karta hai +- Reproducible deployments ensure karta hai + +Backend ka importance: +- State file local machine par nahi, S3 me store hoti hai +- Multiple developers same state access kar sakte hain +- State corruption se protect karta hai +- Backup aur versioning automatic hai + +Kyun zaroori hai: +- Provider versions stability ensure karte hain +- Remote backend team collaboration enable karta hai +- State management centralized aur secure hoti hai +- Infrastructure changes track karne me help karta hai +- Rollback capabilities provide karta hai +*/ diff --git a/terraform/variables.tf b/terraform/variables.tf index a41d982a0..2852257d1 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -7,5 +7,49 @@ variable "region" { variable "clusterName" { description = "Name of the EKS cluster" type = string - default = "kitops-eks" + default = "vprofile-eks" } + +/* +=== VARIABLES.TF FILE EXPLANATION === + +Ye file input variables define karti hai jo configuration ko flexible aur reusable banate hain. + +Kya kaam karta hai: +1. Region Variable: + - Name: "region" + - Type: string + - Default: "us-east-2" (Ohio region) + - Purpose: AWS resources kaunse region me deploy karne hain ye specify karta hai + - Usage: main.tf me AWS provider configuration me use hota hai + +2. Cluster Name Variable: + - Name: "clusterName" + - Type: string + - Default: "vprofile-eks" + - Purpose: EKS cluster ka naam define karta hai + - Usage: main.tf me locals block me use hota hai, phir EKS module me pass hota hai + +Variable Structure: +- Description: Variable ka purpose explain karta hai +- Type: Data type specify karta hai (string, number, bool, list, map) +- Default: Agar value provide nahi ki to ye value use hogi + +Kyun zaroori hai: +- Code Reusability: Same code different environments me use kar sakte hain +- Flexibility: Runtime me values change kar sakte hain +- Environment Specific: Dev, staging, prod ke liye different values use kar sakte hain +- Centralized Configuration: Sab configurable values ek jagah hain +- Documentation: Description se clear hota hai variable ka purpose + +Usage Examples: +- terraform apply -var="region=us-west-2" +- terraform apply -var="clusterName=production-eks" +- terraform.tfvars file me values define kar sakte hain + +Best Practices: +- Descriptive names use karne chahiye +- Default values provide karne chahiye +- Type constraints define karne chahiye +- Sensitive variables ko sensitive = true mark karna chahiye +*/ diff --git a/terraform/vpc.tf b/terraform/vpc.tf index 5775ce1c3..751970072 100644 --- a/terraform/vpc.tf +++ b/terraform/vpc.tf @@ -24,3 +24,32 @@ module "vpc" { "kubernetes.io/role/internal-elb" = 1 } } + +/* +=== VPC.TF FILE EXPLANATION === + +Ye file AWS VPC (Virtual Private Cloud) create karti hai jo EKS cluster ke liye networking foundation provide karti hai. + +Kya kaam karta hai: +1. VPC Module: Terraform AWS VPC module use karta hai version 5.1.2 - ye pre-built module hai jo VPC setup ko easy banata hai +2. Network Range: 172.20.0.0/16 CIDR block use karta hai jo 65,536 IP addresses provide karta hai +3. Availability Zones: 3 AZs me resources spread karta hai high availability ke liye +4. Subnets: + - Private Subnets (172.20.1-3.0/24): EKS worker nodes yahan deploy hote hain, direct internet access nahi + - Public Subnets (172.20.4-6.0/24): Load balancers aur NAT gateway yahan deploy hote hain +5. NAT Gateway: Private subnets ko internet access deta hai (outbound traffic ke liye) +6. Single NAT Gateway: Cost optimization ke liye sirf ek NAT gateway use karta hai +7. DNS Hostnames: EC2 instances ko DNS names milte hain + +Tags ka purpose: +EKS ko batana ki kaunse subnets kis type ke Load Balancer ke liye use karne hain (public LB ke liye public subnets, internal LB ke liye private subnets). +- Public subnet tags: AWS Load Balancer Controller ko batate hain ki yahan external load balancers deploy kar sakte hain +- Private subnet tags: Internal load balancers ke liye use hote hain +- Kubernetes cluster tags: EKS service ko identify karne me help karte hain + +Kyun zaroori hai: +- EKS cluster ko secure networking environment chahiye +- Worker nodes private subnets me safe rehte hain +- Load balancers public subnets me internet traffic handle karte hain +- Multi-AZ setup high availability ensure karta hai +*/ From d08809fa52bf8372cea8aa0201c37d57ab138cf6 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Tue, 30 Dec 2025 02:05:46 -0500 Subject: [PATCH 02/22] Added workflow for staging branch --- .github/workflows/terraform.yml | 60 +++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 000000000..642a5d461 --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,60 @@ +name: 'Vprofile IAC' +on: + push: + branches: + - main + - stage + paths: + - terraform/** + pull_request: + branches: + - main + paths: + - terraform/** + +env: # Credentials for deployment to AWS + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + #S3 bucket for the terraform state file + BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} + AWS_REGION: us-east-2 + EKS_CLUSTER_NAME: vprofile-eks + +jobs: + terraform: + name: 'Apply terraform code changes' + runs-on: ubuntu-latest + defaults: + run: + shell: bash + working-directory: ./terraform + steps: + - name: Checkout source code + uses: actions/checkout@v2 + - name: Setup Terraform with specified versions on the runner + uses: hashicorp/setup-terraform@v2 + # with: If we don't mention the version so it uses the latest version of terraform + # terraform_version: "1.1.7" + + - name: Terraform Init + id: init + run: terraform inti -backend-config="bucket=$BUCKET_TF_STATE" + + - name: Terraform format + id: fmt + run: terraform fmt -check + + - name: Terraform validate + id: validate + run: terraform validate + + - name: Terraform plan + id: plan + run: terraform plan -no-color -input=false -out=planfile.tfplan + continue-on-error: true + + - name: Terraform plan status + if: steps.plan.outcome == 'failure' + run: exit 1 + From 25932a5db782b13969d57acb9473bf31e860a36c Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Tue, 30 Dec 2025 02:14:44 -0500 Subject: [PATCH 03/22] Add comment in terraform/main.tf --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index 7c3ae4248..5a41a2365 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -4,7 +4,7 @@ provider "kubernetes" { } provider "aws" { - region = var.region + region = var.region # This tells that terraform have to use AWS cloud provider } data "aws_availability_zones" "available" {} From 12e2c8c075e5f77c30a5f8e71fae5e9ce530b708 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Tue, 30 Dec 2025 02:17:24 -0500 Subject: [PATCH 04/22] Update the command in job --- .github/workflows/terraform.yml | 2 +- terraform/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 642a5d461..73ad7db56 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -39,7 +39,7 @@ jobs: - name: Terraform Init id: init - run: terraform inti -backend-config="bucket=$BUCKET_TF_STATE" + run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" - name: Terraform format id: fmt diff --git a/terraform/main.tf b/terraform/main.tf index 5a41a2365..4c5dbe886 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -4,7 +4,7 @@ provider "kubernetes" { } provider "aws" { - region = var.region # This tells that terraform have to use AWS cloud provider + region = var.region # This tells that terraform have to use AWS cloud provider } data "aws_availability_zones" "available" {} From 8b551c3a5f11431d3a8616f553aa5e26156dcca7 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Tue, 30 Dec 2025 03:41:53 -0500 Subject: [PATCH 05/22] Add some text --- terraform/terraform.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index ff4675bc0..272a0c3d4 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -32,8 +32,9 @@ terraform { # This is the main configuration for Terraform itself. region = "us-east-2" } - required_version = "~> 1.6.3" + required_version = ">= 1.0.0" } +# comment /* === TERRAFORM.TF FILE EXPLANATION === From 341eac37578d2186cf7fe3444026aafb80df00c9 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 00:13:19 -0500 Subject: [PATCH 06/22] Added full code --- .github/workflows/terraform.yml | 21 +++++++++++++++++++++ terraform/terraform.tf | 1 + 2 files changed, 22 insertions(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 73ad7db56..e4d6a9fcf 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -58,3 +58,24 @@ jobs: if: steps.plan.outcome == 'failure' run: exit 1 + - name: Terraform apply + id: apply + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false -parallelism=1 planfile.tfplan + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: $AWS_REGION + + - name: Get Kube config file + id: getconfig + if: steps.apply.outcome == 'success' + run: aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION + + - name: Install Ingress controller + if: steps.apply.outcome == 'success' && steps.getconfig.outcome == 'success' + run: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/deploy.yaml + diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 272a0c3d4..2c15a40d2 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,6 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0.0" } # comment +## /* === TERRAFORM.TF FILE EXPLANATION === From 3dfb3e03cad223d7846e417915048a95de56805e Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 00:37:55 -0500 Subject: [PATCH 07/22] Updated bucket name --- terraform/terraform.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 2c15a40d2..a18899516 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -27,7 +27,7 @@ terraform { # This is the main configuration for Terraform itself. } backend "s3" { # This is the S3 bucket that Terraform will use to store its state - bucket = "vprofileactions23" + bucket = "gitopsproject23" key = "terraform.tfstate" region = "us-east-2" } @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0.0" } # comment -## +### /* === TERRAFORM.TF FILE EXPLANATION === From a1494c186e0b210d737c87ab34bf1cedf0414374 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 00:43:29 -0500 Subject: [PATCH 08/22] Added one more step in job for AWS configure --- .github/workflows/terraform.yml | 9 ++++++++- terraform/terraform.tf | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index e4d6a9fcf..c948dbb56 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -36,6 +36,13 @@ jobs: uses: hashicorp/setup-terraform@v2 # with: If we don't mention the version so it uses the latest version of terraform # terraform_version: "1.1.7" + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-2 - name: Terraform Init id: init @@ -43,7 +50,7 @@ jobs: - name: Terraform format id: fmt - run: terraform fmt -check + run: terraform fmt -check -diff -recursive - name: Terraform validate id: validate diff --git a/terraform/terraform.tf b/terraform/terraform.tf index a18899516..016abd80d 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0.0" } # comment -### +#### /* === TERRAFORM.TF FILE EXPLANATION === From 0afce229714ea5bf70396ea59cb17959da05f98c Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 00:51:57 -0500 Subject: [PATCH 09/22] Updated workflow --- .github/workflows/terraform.yml | 15 +++++++++++---- terraform/terraform.tf | 2 +- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index c948dbb56..803a1abde 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -31,9 +31,9 @@ jobs: working-directory: ./terraform steps: - name: Checkout source code - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Setup Terraform with specified versions on the runner - uses: hashicorp/setup-terraform@v2 + uses: hashicorp/setup-terraform@v3 # with: If we don't mention the version so it uses the latest version of terraform # terraform_version: "1.1.7" @@ -44,14 +44,21 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-east-2 + - name: Terraform Init id: init - run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" + run: | + terraform init \ + -backend-config="bucket=${BUCKET_TF_STATE}" \ + -backend-config="key=vprofile/terraform.tfstate" \ + -backend-config="region=${AWS_REGION}" \ + -input=false - - name: Terraform format + - name: Terraform format (check with diff) id: fmt run: terraform fmt -check -diff -recursive + - name: Terraform validate id: validate run: terraform validate diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 016abd80d..ed9a7f570 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0.0" } # comment -#### +##### /* === TERRAFORM.TF FILE EXPLANATION === From 7e70de4a75d84e57e8c500174ec945579429c584 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 01:01:50 -0500 Subject: [PATCH 10/22] changes required version terraform --- .github/workflows/terraform.yml | 27 ++++++++++++--------------- terraform/terraform.tf | 4 ++-- 2 files changed, 14 insertions(+), 17 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 803a1abde..0e7292ebb 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -34,29 +34,26 @@ jobs: uses: actions/checkout@v4 - name: Setup Terraform with specified versions on the runner uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.6.3 # with: If we don't mention the version so it uses the latest version of terraform # terraform_version: "1.1.7" - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 + # - name: Configure AWS credentials + # uses: aws-actions/configure-aws-credentials@v4 + # with: + # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # aws-region: us-east-2 - - name: Terraform Init + - name: Terraform init id: init - run: | - terraform init \ - -backend-config="bucket=${BUCKET_TF_STATE}" \ - -backend-config="key=vprofile/terraform.tfstate" \ - -backend-config="region=${AWS_REGION}" \ - -input=false + run: terraform init -backend-config="bucket=${BUCKET_TF_STATE}" - - name: Terraform format (check with diff) + - name: Terraform format id: fmt - run: terraform fmt -check -diff -recursive + run: terraform fmt -check - name: Terraform validate diff --git a/terraform/terraform.tf b/terraform/terraform.tf index ed9a7f570..6eaafff3b 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -32,10 +32,10 @@ terraform { # This is the main configuration for Terraform itself. region = "us-east-2" } - required_version = ">= 1.0.0" + required_version = ">= 1.0" } # comment -##### +###### /* === TERRAFORM.TF FILE EXPLANATION === From 382f6bc235623148c3ea95251136143cb60465ab Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 01:11:46 -0500 Subject: [PATCH 11/22] Updated workflow --- .github/workflows/terraform.yml | 184 ++++++++++++++++++++------------ terraform/eks-cluster.tf | 2 +- terraform/terraform.tf | 2 +- 3 files changed, 116 insertions(+), 72 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 0e7292ebb..494289e5c 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,92 +1,136 @@ -name: 'Vprofile IAC' +# name: 'Vprofile IAC' +# on: +# push: +# branches: +# - main +# - stage +# paths: +# - terraform/** +# pull_request: +# branches: +# - main +# paths: +# - terraform/** + +# env: # Credentials for deployment to AWS +# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} +# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + +# #S3 bucket for the terraform state file +# BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} +# AWS_REGION: us-east-2 +# EKS_CLUSTER_NAME: vprofile-eks + +# jobs: +# terraform: +# name: 'Apply terraform code changes' +# runs-on: ubuntu-latest +# defaults: +# run: +# shell: bash +# working-directory: ./terraform +# steps: +# - name: Checkout source code +# uses: actions/checkout@v4 +# - name: Setup Terraform with specified versions on the runner +# uses: hashicorp/setup-terraform@v3 +# with: +# terraform_version: 1.6.3 +# # with: If we don't mention the version so it uses the latest version of terraform +# # terraform_version: "1.1.7" + +# # - name: Configure AWS credentials +# # uses: aws-actions/configure-aws-credentials@v4 +# # with: +# # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} +# # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} +# # aws-region: us-east-2 + + +# - name: Terraform init +# id: init +# run: terraform init -backend-config="bucket=${BUCKET_TF_STATE}" + +# - name: Terraform format +# id: fmt +# run: terraform fmt -check + +name: "Vprofile IAC" on: push: branches: - - main - - stage - paths: - - terraform/** + - main + - stage pull_request: branches: - - main - paths: - - terraform/** + - main -env: # Credentials for deployment to AWS +env: + # configure credentials for deployment to AWS AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - - #S3 bucket for the terraform state file + # S3 bucket for storing the tf state file BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} AWS_REGION: us-east-2 - EKS_CLUSTER_NAME: vprofile-eks + EKS_CLUSTER: vprofile-eks jobs: terraform: - name: 'Apply terraform code changes' + name: "Apply terraform code changes" runs-on: ubuntu-latest defaults: run: shell: bash working-directory: ./terraform steps: - - name: Checkout source code - uses: actions/checkout@v4 - - name: Setup Terraform with specified versions on the runner - uses: hashicorp/setup-terraform@v3 - with: + - name: Checkout the source code + uses: actions/checkout@v4 + + - name: Setup Terraform with specified version on the runner + uses: hashicorp/setup-terraform@v3 + with: terraform_version: 1.6.3 - # with: If we don't mention the version so it uses the latest version of terraform - # terraform_version: "1.1.7" - - # - name: Configure AWS credentials - # uses: aws-actions/configure-aws-credentials@v4 - # with: - # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - # aws-region: us-east-2 - - - name: Terraform init - id: init - run: terraform init -backend-config="bucket=${BUCKET_TF_STATE}" - - - name: Terraform format - id: fmt - run: terraform fmt -check - - - - name: Terraform validate - id: validate - run: terraform validate - - - name: Terraform plan - id: plan - run: terraform plan -no-color -input=false -out=planfile.tfplan - continue-on-error: true - - - name: Terraform plan status - if: steps.plan.outcome == 'failure' - run: exit 1 - - - name: Terraform apply - id: apply - if: github.ref == 'refs/heads/main' && github.event_name == 'push' - run: terraform apply -auto-approve -input=false -parallelism=1 planfile.tfplan - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: $AWS_REGION - - - name: Get Kube config file - id: getconfig - if: steps.apply.outcome == 'success' - run: aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION - - - name: Install Ingress controller - if: steps.apply.outcome == 'success' && steps.getconfig.outcome == 'success' - run: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/deploy.yaml + - name: Terraform init + id: init + run: terraform init -backend-config="bucket=${BUCKET_TF_STATE}" + + - name: Terraform format + id: fmt + run: terraform fmt -check # check for fmt whether it is correct or not, if not correct returns a non-zero exit code which will fail the workflow + + + - name: Terraform validate + id: validate + run: terraform validate + + - name: Terraform plan + id: plan + run: terraform plan -no-color -input=false -out=planfile.tfplan + continue-on-error: true + + - name: Terraform plan status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform apply + id: apply + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false -parallelism=1 planfile.tfplan + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: $AWS_REGION + + - name: Get Kube config file + id: getconfig + if: steps.apply.outcome == 'success' + run: aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION + + - name: Install Ingress controller + if: steps.apply.outcome == 'success' && steps.getconfig.outcome == 'success' + run: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/deploy.yaml diff --git a/terraform/eks-cluster.tf b/terraform/eks-cluster.tf index 5eceecbf7..34804d3f6 100644 --- a/terraform/eks-cluster.tf +++ b/terraform/eks-cluster.tf @@ -3,7 +3,7 @@ module "eks" { version = "19.19.1" cluster_name = local.cluster_name - cluster_version = "1.27" + cluster_version = "1.30" vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 6eaafff3b..e6340401d 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -###### +####### /* === TERRAFORM.TF FILE EXPLANATION === From 50476d36ffc36b2dee047d40a220850f88bb837c Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 01:32:40 -0500 Subject: [PATCH 12/22] updated credentials --- terraform/terraform.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index e6340401d..fe46bb336 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -####### +######## /* === TERRAFORM.TF FILE EXPLANATION === From 8a763f4f1cad04f7a167bb7e0e404a8c2b2e576c Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 02:07:39 -0500 Subject: [PATCH 13/22] Update secrets --- terraform/terraform.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index fe46bb336..d6d3bbce3 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -######## +######### /* === TERRAFORM.TF FILE EXPLANATION === From 3058387b95e8647852f91d7ba961fc5dbf59b1bd Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 02:23:04 -0500 Subject: [PATCH 14/22] Change s3 name --- terraform/terraform.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index d6d3bbce3..6e779e307 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -27,7 +27,7 @@ terraform { # This is the main configuration for Terraform itself. } backend "s3" { # This is the S3 bucket that Terraform will use to store its state - bucket = "gitopsproject23" + bucket = "adarsh-gitops" key = "terraform.tfstate" region = "us-east-2" } @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -######### +########## /* === TERRAFORM.TF FILE EXPLANATION === From d76f72b4ab4a55d2209288eda272bcb0ddefa8e7 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 02:35:00 -0500 Subject: [PATCH 15/22] Formatted terraform file --- terraform/terraform.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 6e779e307..86a0310c9 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -1,4 +1,4 @@ -terraform { # This is the main configuration for Terraform itself. +terraform { # This is the main configuration for Terraform itself. required_providers { # Declares which providers (plugins) Terraform will use and their versions. aws = { source = "hashicorp/aws" @@ -10,7 +10,7 @@ terraform { # This is the main configuration for Terraform itself. version = "~> 3.5.1" } - tls = { # Two end points ke bich me secure communication ke liye use karte h + tls = { # Two end points ke bich me secure communication ke liye use karte h source = "hashicorp/tls" # Example - iss code me terraform or s3 bucket ke secure communication me use kiya hoga version = "~> 4.0.4" } @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -########## +########### /* === TERRAFORM.TF FILE EXPLANATION === From 3c6e39a827332d704b5c6ff5a6efbb0aa55c74a9 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 03:41:35 -0500 Subject: [PATCH 16/22] Checked AWS version --- terraform/terraform.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 86a0310c9..6f8534445 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -########### +######### /* === TERRAFORM.TF FILE EXPLANATION === From 331c8864c4523e42c1f9a54a98fd478576975e68 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 03:44:06 -0500 Subject: [PATCH 17/22] Hardcoded AWS region --- terraform/terraform.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 6f8534445..31096f579 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -######### +###### /* === TERRAFORM.TF FILE EXPLANATION === From ca4c74f9e3c339f397259b4773673d04566ab753 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 03:53:04 -0500 Subject: [PATCH 18/22] Use secrets instead of hardcoded aws_region and cluster --- terraform/terraform.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 31096f579..6149a699d 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -###### +#### /* === TERRAFORM.TF FILE EXPLANATION === From 55f44a01806d0dd411e4a2218029e41760be84b3 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 03:57:57 -0500 Subject: [PATCH 19/22] Use env to access aws credentials --- terraform/terraform.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 6149a699d..31096f579 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -#### +###### /* === TERRAFORM.TF FILE EXPLANATION === From e8b861824bcf9bc12aa9debc791207df2313bffa Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 04:09:48 -0500 Subject: [PATCH 20/22] Update code for using AWS credentials --- terraform/terraform.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 31096f579..c0c471944 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -###### +####### /* === TERRAFORM.TF FILE EXPLANATION === From cb652eee46d5bb4da190dda18c0ff9dd041fc88f Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 04:31:04 -0500 Subject: [PATCH 21/22] Update code for dynamic values --- terraform/terraform.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index c0c471944..f304bac69 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -####### +######## /* === TERRAFORM.TF FILE EXPLANATION === From dfdf1687013825ac2d131ba295c29d4f30d97704 Mon Sep 17 00:00:00 2001 From: Adarshpatel0308 Date: Wed, 31 Dec 2025 04:38:07 -0500 Subject: [PATCH 22/22] Hardcode aws region --- .github/workflows/terraform.yml | 9 ++++----- terraform/terraform.tf | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 494289e5c..243c43a5a 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -71,8 +71,8 @@ env: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} # S3 bucket for storing the tf state file BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }} - AWS_REGION: us-east-2 - EKS_CLUSTER: vprofile-eks + AWS_REGION: ${{ secrets.AWS_REGION }} + EKS_CLUSTER: ${{ secrets.EKS_CLUSTER }} jobs: terraform: @@ -99,7 +99,6 @@ jobs: id: fmt run: terraform fmt -check # check for fmt whether it is correct or not, if not correct returns a non-zero exit code which will fail the workflow - - name: Terraform validate id: validate run: terraform validate @@ -123,12 +122,12 @@ jobs: with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: $AWS_REGION + aws-region: ${{ env.AWS_REGION }} - name: Get Kube config file id: getconfig if: steps.apply.outcome == 'success' - run: aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION + run: aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.EKS_CLUSTER }} - name: Install Ingress controller if: steps.apply.outcome == 'success' && steps.getconfig.outcome == 'success' diff --git a/terraform/terraform.tf b/terraform/terraform.tf index f304bac69..6149a699d 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -35,7 +35,7 @@ terraform { # This is the main configuration for Terraform itself. required_version = ">= 1.0" } # comment -######## +#### /* === TERRAFORM.TF FILE EXPLANATION ===