This repository has been archived by the owner on Jan 30, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
/
README.yaml
155 lines (133 loc) · 5.31 KB
/
README.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
---
#
# This is the canonical configuration for the `README.md`
# Run `make readme` to rebuild the `README.md`
#
# Name of this project
name: terraform-aws-kops-state-backend
# Tags of this project
tags:
- aws
- terraform
- terraform-modules
- kops-kubernetes
- kops
- kubernetes
- route53
- s3
- bucket
- dns-zone
- provision
- dns
# Categories of this project
categories:
- terraform-modules/kops-kubernetes
# Logo for this project
#logo: docs/logo.png
# License of this project
license: "APACHE2"
# Canonical GitHub repo
github_repo: cloudposse/terraform-aws-kops-state-backend
# Badges to display
badges:
- name: "Build Status"
image: "https://travis-ci.org/cloudposse/terraform-aws-kops-state-backend.svg?branch=master"
url: "https://travis-ci.org/cloudposse/terraform-aws-kops-state-backend"
- name: "Latest Release"
image: "https://img.shields.io/github/release/cloudposse/terraform-aws-kops-state-backend.svg"
url: "https://github.com/cloudposse/terraform-aws-kops-state-backend/releases/latest"
- name: "Slack Community"
image: "https://slack.cloudposse.com/badge.svg"
url: "https://slack.cloudposse.com"
related:
- name: "terraform-aws-kops-metadata"
description: "Terraform module to lookup resources within a Kops cluster for easier integration with Terraform"
url: "https://github.com/cloudposse/terraform-aws-kops-metadata"
- name: "terraform-aws-kops-ecr"
description: "Terraform module to provision an ECR repository and grant users and kubernetes nodes access to it."
url: "https://github.com/cloudposse/terraform-aws-kops-ecr"
- name: "terraform-aws-kops-external-dns"
description: "Terraform module to provision an IAM role for external-dns running in a Kops cluster, and attach an IAM policy to the role with permissions to modify Route53 record sets"
url: "https://github.com/cloudposse/terraform-aws-kops-external-dns"
- name: "terraform-aws-kops-vpc-peering"
description: "Terraform module to create a peering connection between a backing services VPC and a VPC created by Kops"
url: "https://github.com/cloudposse/terraform-aws-kops-vpc-peering"
- name: "terraform-aws-kops-route53"
description: "Terraform module to lookup the IAM role associated with `kops` masters, and attach an IAM policy to the role with permissions to modify Route53 record sets"
url: "https://github.com/cloudposse/terraform-aws-kops-route53"
- name: "terraform-aws-kops-vault-backend"
description: "Terraform module to provision an S3 bucket for HashiCorp Vault secrets storage, and an IAM role and policy with permissions for Kops nodes to access the bucket"
url: "https://github.com/cloudposse/terraform-aws-kops-vault-backend"
- name: "terraform-aws-kops-chart-repo"
description: "Terraform module to provision an S3 bucket for Helm chart repository, and an IAM role and policy with permissions for Kops nodes to access the bucket"
url: "https://github.com/cloudposse/terraform-aws-kops-chart-repo"
# Short description of this project
description: |-
Terraform module to provision dependencies for `kops` (config S3 bucket & DNS zone).
The module supports the following:
1. Forced server-side encryption at rest for the S3 bucket
2. S3 bucket versioning to allow for `kops` state recovery in the case of accidental deletions or human errors
3. Block public access in bucket level by default
# How to use this project
usage: |-
This example will create a DNS zone called `us-east-1.cloudxl.net` and delegate it from the parent zone `cloudxl.net` by setting `NS` and `SOA` records in the parent zone.
It will also create an S3 bucket with the name `cp-prod-kops-state` for storing `kops` state.
```hcl
module "kops" {
source = "git::https://github.com/cloudposse/terraform-aws-kops-state-backend.git?ref=master"
namespace = "eg"
stage = "prod"
name = "kops-state"
cluster_name = "us-east-1"
parent_zone_name = "domain.com"
zone_name = "$${name}.$${parent_zone_name}"
region = "us-east-1"
}
```
<br/>
To verify that the created `kops` DNS zone has been tagged correctly, run
```sh
aws route53 list-tags-for-resources --resource-type hostedzone --resource-ids Z27EGVGENRTTZZ
```
```js
{
{
"ResourceTagSets": [
{
"ResourceType": "hostedzone",
"ResourceId": "Z27EGVGENRTTZZ",
"Tags": [
{
"Key": "Cluster",
"Value": "us-east-1.domain.com"
},
{
"Key": "Stage",
"Value": "prod"
},
{
"Key": "Namespace",
"Value": "cp"
},
{
"Key": "Name",
"Value": "eg-prod-us-east-1"
}
]
}
]
}
```
screenshots:
- name: "kops-state-backend"
description: "Example of outputs from the module after running `terraform apply`"
url: "images/kops-state-backend.png"
include:
- "docs/targets.md"
- "docs/terraform.md"
# Contributors to this project
contributors:
- name: "Erik Osterman"
github: "osterman"
- name: "Andriy Knysh"
github: "aknysh"