kubectl 1.22
helm 3 3.6.1
aws cli 2.2.13
terraform 1.0.2
SHORT_PROJECT_NAME = spa
REGION = us-east-1 or eu-west-1
CLUSTER_NAME = spa-eu-west-1-dev or spa-eu-west-1-stage or spa-eu-west-1-prod or ...
TECH_DOMAIN = specha.co
aws configure
Подставить креды и регион
bash prepare_aws.sh -n spa -r eu-west-1 -e prod -V false -g true
Output example:
**SHORT_PROJECT_NAME**: spa
**REGION**: eu-west-1
**ENV**: prod
**BUCKET_NAME**: spa-prod.tfstate.general
**VANTANONPROD**: false
bash prepare_aws.sh -n spa -r eu-west-1 -e prod -V false -g false
Output example:
**SHORT_PROJECT_NAME**: spa
**REGION**: eu-west-1
**ENV**: prod
**BUCKET_NAME**: spa-eu-west-1.tfstate.prod
**VANTANONPROD**: false
#!/bin/bash
##
# Create s3 bucket for tf state with env, tags, policy
# Params:
# -n short project name (ex.: ops, spa etc.)
# -r region for bucket (ex.: us-east-1, eu-west-1)
# -e environment (ex.: dev, stage, prod, general)
##
while getopts ":n:r:e:p:g:" opt; do
case $opt in
n)
SHORT_PROJECT_NAME="$OPTARG"
;;
r)
REGION_NAME="$OPTARG"
;;
e)
ENV="$OPTARG"
;;
p)
VANTANONPROD="$OPTARG"
;;
g)
GENERAL="$OPTARG"
;;
\\?)
echo "Invalid option -$OPTARG" >&2
;;
esac
done
if [[ $GENERAL == "true" ]]; then
BUCKET_NAME="$SHORT_PROJECT_NAME-$ENV.tfstate.general"
else
BUCKET_NAME="$SHORT_PROJECT_NAME-$REGION_NAME.tfstate.$ENV"
fi
TAGGING="TagSet=[{Key=Name,Value=${BUCKET_NAME}},{Key=VantaNonProd,Value=${VANTANONPROD}},{Key=VantaDescription,Value=S3-bucket-for-tf-${ENV}},{Key=VantaOwner,[email protected]}]"
PUBLIC_ACCESS_BLOCK="BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
POLICY='{"Id":"AllowSSLRequestsOnly","Version":"2012-10-17","Statement":[{"Sid":"AllowSSLRequestsOnly","Action":"s3:*","Effect":"Deny","Resource":['\\"arn:aws:s3:::${BUCKET_NAME}\\"','\\"arn:aws:s3:::${BUCKET_NAME}/*\\"'],"Condition":{"Bool":{"aws:SecureTransport":"false"}},"Principal":"*"}]}'
echo -e "\\n\\033[1mSHORT_PROJECT_NAME\\033[0m: $SHORT_PROJECT_NAME"
echo -e "\\033[1mREGION\\033[0m: $REGION_NAME"
echo -e "\\033[1mENV\\033[0m: $ENV"
echo -e "\\033[1mBUCKET_NAME\\033[0m: $BUCKET_NAME"
echo -e "\\033[1mVANTANONPROD\\033[0m: $VANTANONPROD\\n"
if [[ $REGION_NAME != "us-east-1" ]]; then
echo -e "The variable is not us-east-1. Script will be executed with --create-bucket-configuration LocationConstraint=$REGION_NAME param\\n"
REGION_STRING="--create-bucket-configuration LocationConstraint=$REGION_NAME"
else
echo -e "The variable is us-east-1. Script will be executed with --region $REGION_NAME param\\n"
REGION_STRING="--region $REGION_NAME"
fi
read -p "Is it ok? Print Yy/Nn: " -n 1 -r
echo -e "\\n"
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo -e "Rerun script yourself with new params"
exit 1
fi
aws s3api create-bucket --acl private --bucket ${BUCKET_NAME} ${REGION_STRING} &&
aws s3api put-bucket-tagging --bucket ${BUCKET_NAME} --tagging ${TAGGING} &&
aws s3api put-public-access-block --bucket $BUCKET_NAME --public-access-block-configuration ${PUBLIC_ACCESS_BLOCK} &&
aws s3api put-bucket-policy --bucket $BUCKET_NAME --policy ${POLICY} &&
aws dynamodb create-table --table-name ${BUCKET_NAME} --attribute-definitions AttributeName=LockID,AttributeType=S --key-schema AttributeName=LockID,KeyType=HASH --provisioned-throughput ReadCapacityUnits=5,WriteCapacityUnits=5 --tags Key="VantaDescription",Value="for ${BUCKET_NAME} tfstate ${ENV}" Key="VantaOwner",Value="[email protected]" Key="VantaNonProd",Value="${VANTANONPROD}" --region ${REGION_NAME}
.terraform
terraform init
terraform apply -auto-approve
cd terraform_ENV
terraform init
terraform apply
aws eks --region REGION update-kubeconfig --name CLUSTER_NAME
terraform output -raw configmap_aws_auth | kubectl apply -f -