Deploy boiler main components to aws

terraform/modules/k8s-addons/eks-kube-prometheus-stack.tf

@@ -59,7 +59,7 @@ prometheus:
     storageSpec:
       volumeClaimTemplate:
         spec:
-          storageClassName: advanced
+          storageClassName: gp3
           accessModes: ["ReadWriteOnce"]
           resources:
             requests:

terraform/modules/k8s-addons/eks-loki-stack.tf

@@ -30,7 +30,7 @@ loki:
     accessModes:
       - ReadWriteOnce
     size: 10Gi
-    storageClassName: advanced
+    storageClassName: gp3
   serviceMonitor:
     enabled: true
     scrapeTimeout: 10s

terraform/modules/k8s-addons/eks-metric-server.tf

@@ -0,0 +1,106 @@
+locals {
+  metrics_server = {
+    name          = local.helm_releases[index(local.helm_releases.*.id, "metrics-server")].id
+    enabled       = local.helm_releases[index(local.helm_releases.*.id, "metrics-server")].enabled
+    chart         = local.helm_releases[index(local.helm_releases.*.id, "metrics-server")].chart
+    repository    = local.helm_releases[index(local.helm_releases.*.id, "metrics-server")].repository
+    chart_version = local.helm_releases[index(local.helm_releases.*.id, "metrics-server")].chart_version
+    namespace     = local.helm_releases[index(local.helm_releases.*.id, "metrics-server")].namespace
+  }
+
+  metrics_server_values = <<VALUES
+resources:
+  requests:
+    cpu: 10m
+    memory: 128Mi
+  limits:
+    cpu: 20m
+    memory: 128Mi
+VALUES
+}
+
+module "metrics_server_namespace" {
+  count = local.metrics_server.enabled ? 1 : 0
+
+  source = "../eks-kubernetes-namespace"
+  name   = local.metrics_server.namespace
+  network_policies = [
+    {
+      name         = "default-deny"
+      policy_types = ["Ingress", "Egress"]
+      pod_selector = {}
+    },
+    {
+      name         = "allow-this-namespace"
+      policy_types = ["Ingress"]
+      pod_selector = {}
+      ingress = {
+        from = [
+          {
+            namespace_selector = {
+              match_labels = {
+                name = local.metrics_server.namespace
+              }
+            }
+          }
+        ]
+      }
+    },
+    {
+      name         = "allow-egress"
+      policy_types = ["Egress"]
+      pod_selector = {}
+      egress = {
+        to = [
+          {
+            ip_block = {
+              cidr = "0.0.0.0/0"
+              except = [
+                "169.254.169.254/32"
+              ]
+            }
+          }
+        ]
+      }
+    },
+    {
+      name         = "allow-control-plane"
+      policy_types = ["Ingress"]
+      pod_selector = {}
+      ingress = {
+        ports = [
+          {
+            port     = "10250"
+            protocol = "TCP"
+          },
+          {
+            port     = "443"
+            protocol = "TCP"
+          }
+        ]
+        from = [
+          {
+            ip_block = {
+              cidr = "0.0.0.0/0"
+            }
+          }
+        ]
+      }
+    }
+  ]
+}
+
+resource "helm_release" "metrics_servercore" {
+  count = local.metrics_server.enabled ? 1 : 0
+
+  name        = local.metrics_server.name
+  chart       = local.metrics_server.chart
+  repository  = local.metrics_server.repository
+  version     = local.metrics_server.chart_version
+  namespace   = module.metrics_server_namespace[count.index].name
+  max_history = var.helm_release_history_size
+
+  values = [
+    local.metrics_server_values
+  ]
+}

terraform/modules/k8s-addons/eks-storageclass.tf

@@ -12,3 +12,20 @@ resource "kubernetes_storage_class" "advanced" {
     encrypted = "true" # It is set to true for cases when global EBS encryption is disabled.
   }
 }
+
+resource "kubernetes_storage_class" "gp3" {
+  metadata {
+    name = "gp3"
+    annotations = {
+      "storageclass.kubernetes.io/is-default-class" = "true"
+    }
+  }
+  storage_provisioner    = "kubernetes.io/aws-ebs"
+  reclaim_policy         = "Retain"
+  allow_volume_expansion = true
+  volume_binding_mode    = "WaitForFirstConsumer"
+  parameters = {
+    type      = "gp3"
+    encrypted = "true"
+  }
+}

terraform/modules/k8s-addons/helm-releases.yaml

@@ -95,3 +95,9 @@ releases:
     repository: https://victoriametrics.github.io/helm-charts
     chart_version: 0.24.1
     namespace: monitoring
+  - id: metrics-server
+    enabled: true
+    chart: metrics-server
+    repository: https://kubernetes-sigs.github.io/metrics-server/
+    chart_version: 3.12.1
+    namespace: metrics-server

terragrunt/ACCOUNT_ID/us-east-1/demo/env.yaml

@@ -1,6 +1,6 @@
 ---
 name       : "maddevs"
-environment: "demo"
+environment: "val"
 
 domain_name: "maddevs.org"
 create_r53_zone: false
@@ -10,7 +10,7 @@ create_acm_certificate: true
 allowed_ips:
   - "0.0.0.0/0"
 
-vpc_cidr: "10.100.0.0/16"
+vpc_cidr: "10.200.0.0/16"
 single_nat_gateway: true
 
 eks_cluster_version: "1.30"