workingStage

.github/workflows/notes

@@ -0,0 +1,37 @@
+/*
+
+Workflow Triggers
+Push Events: Runs when changes are pushed to main or stage branches, specifically targeting Terraform files (terraform/**).
+
+Pull Requests: Executes for pull requests to main, ensuring Terraform modifications are validated before merging.
+
+Environment Variables
+AWS Credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY): Stored securely in GitHub secrets for authentication.
+
+Terraform State Storage (BUCKET_TF_STATE): Specifies the S3 bucket used to persist Terraform state.
+
+AWS Configuration (AWS_REGION): Defines the deployment region as us-east-2.
+
+EKS Cluster Reference (EKS_CLUSTER): Sets the target Kubernetes cluster for Terraform provisioning.
+
+Job Execution (terraform)
+Runs on ubuntu-latest: Uses a Linux runner for Terraform execution.
+
+Sets Default Shell & Working Directory: Ensures Terraform commands execute correctly within ./terraform.
+
+Steps Breakdown
+Checkout Repository: Pulls the source code (actions/checkout@v4).
+
+Setup Terraform: Installs Terraform on the runner (hashicorp/setup-terraform@v2).
+
+Initialize Terraform (terraform init): Configures backend storage using the S3 bucket.
+
+Format Check (terraform fmt -check): Ensures code follows Terraform formatting standards.
+
+Validation (terraform validate): Confirms Terraform configuration correctness.
+
+Plan Execution (terraform plan -no-color -input=false -out planfile): Generates an execution plan for resource changes.
+
+Error Handling (steps.plan.outcome == 'failure' → exit 1): Stops execution if planning fails.
+
+*/

.github/workflows/terraform.yml

@@ -0,0 +1,107 @@
+# Workflow name
+name: "Vporfile IAC"
+
+# Trigger the workflow on push or pull request to specific branches and paths
+on:
+  push:
+    branches:
+      - main       # Run on push to 'main'
+      - stage      # Run on push to 'stage'
+    paths:
+      - terraform/**  # Only if files in 'terraform/' are changed
+  pull_request:
+    branches:
+      - main       # Run on PR to 'main'
+    paths:
+      - terraform/**  # Only if files in 'terraform/' are affected
+
+# Set environment variables available to all jobs
+env:
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}             # AWS access key from secrets
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}     # AWS secret key from secrets
+  BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }}                 # Terraform backend bucket name from secrets
+  AWS_REGION: us-east-2                                           # AWS region
+  EKS_CLUSTER: vprofile-eks                                       # EKS cluster name
+
+jobs:
+  terraform:
+    name: "Apply terraform code changes"
+    runs-on: ubuntu-latest                                        # Use latest Ubuntu runner
+
+    defaults:
+      run:
+        shell: bash                                               # Use Bash shell
+        working-directory: ./terraform                            # Set working directory for all run steps
+
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4                                 # Checks out the repo content to the runner
+
+      - name: Setup Terraform with specified version on the runner
+        uses: hashicorp/setup-terraform@v2                        # Installs Terraform CLI
+        # Optional version specification commented out
+        # with:
+        #   terraform_version: 1.6.3
+
+      - name: Terraform init
+        id: init
+        run: terraform init -backend-config="bucket=$BUCKET_TF_STATE"  # Initializes Terraform with backend config
+
+      - name: Terraform format
+        id: fmt
+        run: terraform fmt -recursive                                # Checks formatting of Terraform files
+
+      - name: Terraform validate
+        id: validate
+        run: terraform validate                                   # Validates Terraform configuration
+
+      - name: Terraform plan
+        id: plan
+        run: terraform plan -no-color -input=false -out planfile # Creates an execution plan
+        continue-on-error: true                                  # Allows workflow to continue even if plan fails
+
+      - name: Terraform plan status
+        if: steps.plan.outcome == 'failure'                      # Only run if the plan step failed
+        run: exit 1                                              # Forces a failure in the workflow
+
+      - name: Terraform Apply                 # Descriptive name of the step shown in the Actions UI
+        id: apple                             # Unique ID for this step (can be referenced in later steps)
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push' 
+                                        # Conditional execution: only run if the workflow is triggered by a push to the 'main' branch
+        run: terraform apply -auto-approve -input=false -parallelism=1 planfile
+                                        # Executes 'terraform apply' using the saved planfile
+                                        # -auto-approve: Skips interactive approval
+                                        # -input=false: Prevents Terraform from asking for input
+                                        # -parallelism=1: Applies resources one at a time (helps avoid throttling or race conditions)
+                                        # planfile: The plan file generated in the previous step (must exist)
+
+      # Step: Configure AWS credentials using GitHub Actions
+      -  name: Configure AWS credentials
+         uses: aws-actions/configure-aws-credentials@v1
+         with:
+         # AWS access key from GitHub Secrets
+         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+         # AWS secret access key from GitHub Secrets
+         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+         # AWS region from environment variables
+         aws-region: ${{ env.AWS_REGION }}
+
+    # Step: Get Kubernetes config for accessing the EKS cluster
+      -  name: Get Kube config file
+         id: getconfig
+         # Only run this step if the 'apple' step (Terraform Apply) was successful
+         if: steps.apple.outcome == 'success'
+         # Update kubeconfig to access the EKS cluster
+         # NOTE: The '--name' should ideally be the EKS cluster name, not the region
+         run: aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.AWS_REGION }}
+
+    # Step: Install NGINX Ingress Controller into the EKS cluster
+      -  name: Install Ingress controller
+       # Run only if both Terraform Apply and Kubeconfig steps were successful
+         if: steps.apple.outcome == 'success' && steps.getconfig.outcome == 'success'
+         # Apply the Ingress controller manifest from the official GitHub URL
+         run: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/aws/deploy.yaml
+
+
+
+#

terraform/eks-cluster.tf

@@ -1,38 +1,67 @@
 module "eks" {
-  source  = "terraform-aws-modules/eks/aws"
-  version = "19.19.1"
+  source  = "terraform-aws-modules/eks/aws" # Uses the AWS EKS module from Terraform Registry
+  version = "19.19.1" # Specifies the module version
 
-  cluster_name    = local.cluster_name
-  cluster_version = "1.27"
+  cluster_name    = local.cluster_name # Defines the EKS cluster name
+  cluster_version = "1.27" # Sets the Kubernetes version for the cluster
 
-  vpc_id                         = module.vpc.vpc_id
-  subnet_ids                     = module.vpc.private_subnets
-  cluster_endpoint_public_access = true
+  vpc_id                         = module.vpc.vpc_id # References VPC ID for EKS cluster networking
+  subnet_ids                     = module.vpc.private_subnets # Specifies private subnets for the cluster
+  cluster_endpoint_public_access = true # Enables public access to the EKS API endpoint
 
   eks_managed_node_group_defaults = {
-    ami_type = "AL2_x86_64"
-
+    ami_type = "AL2_x86_64" # Sets default Amazon Linux 2 AMI type for node groups
   }
 
   eks_managed_node_groups = {
     one = {
-      name = "node-group-1"
+      name = "node-group-1" # Defines the first managed node group
 
-      instance_types = ["t3.small"]
+      instance_types = ["t3.small"] # Specifies instance type for the worker nodes
 
-      min_size     = 1
-      max_size     = 3
-      desired_size = 2
+      min_size     = 1 # Minimum number of nodes in the group
+      max_size     = 3 # Maximum number of nodes allowed
+      desired_size = 2 # Desired number of nodes initially
     }
 
     two = {
-      name = "node-group-2"
+      name = "node-group-2" # Defines the second managed node group
 
-      instance_types = ["t3.small"]
+      instance_types = ["t3.small"] # Specifies instance type for this node group
 
-      min_size     = 1
-      max_size     = 2
-      desired_size = 1
+      min_size     = 1 # Minimum number of nodes in the group
+      max_size     = 2 # Maximum number of nodes allowed
+      desired_size = 1 # Desired number of nodes initially
     }
   }
 }
+
+
+/*
+
+Deploys an AWS EKS cluster with managed node groups for scalable Kubernetes workloads. 🚀 Let me know if you need further details!
+
+*/
+
+
+/*
+
+This eks_managed_node_groups section in your Terraform code defines and configures AWS EKS managed node groups. Here's what it does:
+
+Creates two managed node groups (node-group-1 & node-group-2) for the EKS cluster.
+
+Assigns instance types (t3.small) to each node group.
+
+Defines auto-scaling parameters:
+
+min_size: Minimum number of nodes.
+
+max_size: Maximum allowed nodes.
+
+desired_size: Initial number of nodes when deployed.
+
+These settings ensure that Kubernetes worker nodes are provisioned efficiently, automatically scaled, and optimized for workload demands within the EKS cluster. 🚀
+
+Let me know if you need further details!
+
+*/

terraform/main.tf

@@ -1,16 +1,30 @@
 provider "kubernetes" {
-  host                   = module.eks.cluster_endpoint
-  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+  host                   = module.eks.cluster_endpoint # Connects to the EKS cluster endpoint
+  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) # Decodes the cluster CA certificate for secure communication
 }
 
 provider "aws" {
-  region = var.region
+  region = var.region # Specifies AWS region for resource provisioning
 }
 
-data "aws_availability_zones" "available" {}
+data "aws_availability_zones" "available" {} # Fetches available AWS availability zones dynamically
 
 locals {
-  cluster_name = var.clusterName
+  cluster_name = var.clusterName # Defines the local variable for the EKS cluster name
 }
 
-##
+/*
+
+This Terraform configuration sets up the required providers and resources for deploying and managing an AWS EKS (Elastic Kubernetes Service) cluster. Here’s the purpose of each section:
+
+Kubernetes Provider: Connects to the EKS cluster using its endpoint and certificate for managing Kubernetes resources.
+
+AWS Provider: Specifies the AWS region where infrastructure resources will be provisioned.
+
+AWS Availability Zones Data Source: Fetches available AWS availability zones dynamically to optimize resource placement.
+
+Locals Block: Defines a local variable cluster_name that holds the name of the EKS cluster, improving modularity and reusability.
+
+Overall, this code is part of a Terraform-based infrastructure-as-code setup to streamline AWS Kubernetes deployments efficiently. Let me know if you need further details or modifications! 🚀
+
+*/

terraform/outputs.tf

@@ -1,20 +1,21 @@
 output "cluster_name" {
   description = "Amazon Web Service EKS Cluster Name"
-  value       = module.eks.cluster_name
+  value       = module.eks.cluster_name # Outputs the EKS cluster name
 }
 
 output "cluster_endpoint" {
-  description = "Endpoint for Amazon Web Service EKS "
-  value       = module.eks.cluster_endpoint
+  description = "Endpoint for Amazon Web Service EKS"
+  value       = module.eks.cluster_endpoint # Provides the API endpoint for Kubernetes access
 }
 
 output "region" {
   description = "Amazon Web Service EKS Cluster region"
-  value       = var.region
+  value       = var.region # Displays the AWS region where the EKS cluster is deployed
 }
 
-
 output "cluster_security_group_id" {
-  description = "Security group ID for the Amazon Web Service EKS Cluster "
-  value       = module.eks.cluster_security_group_id
+  description = "Security group ID for the Amazon Web Service EKS Cluster"
+  value       = module.eks.cluster_security_group_id # Outputs the security group ID for network access control
 }
+
+#

terraform/terraform.tf

@@ -2,38 +2,37 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5.25.0"
+      version = "~> 5.25.0" # Specifies AWS provider version
     }
 
     random = {
       source  = "hashicorp/random"
-      version = "~> 3.5.1"
+      version = "~> 3.5.1" # Generates random values for resources
     }
 
     tls = {
       source  = "hashicorp/tls"
-      version = "~> 4.0.4"
+      version = "~> 4.0.4" # Handles TLS certificate creation and management
     }
 
     cloudinit = {
       source  = "hashicorp/cloudinit"
-      version = "~> 2.3.2"
+      version = "~> 2.3.2" # Enables cloud-init script execution for instances
     }
 
     kubernetes = {
       source  = "hashicorp/kubernetes"
-      version = "~> 2.23.0"
+      version = "~> 2.23.0" # Manages Kubernetes resources from Terraform
     }
   }
 
   backend "s3" {
-    bucket = "gitopsterrastate"
-    key    = "terraform.tfstate"
-    region = "us-east-2"
+    bucket = "vprofileaction1097" # Stores Terraform state remotely in an S3 bucket
+    key    = "terraform.tfstate" # Defines the state file path in S3
+    region = "us-east-2" # Specifies AWS region for the backend storage
   }
 
-  required_version = "~> 1.6.3"
+  required_version = "~> 1.12.0" # Ensures Terraform uses compatible version
 }
-##
-##
-##
+
+##

terraform/variables.tf

@@ -1,9 +1,28 @@
+/*
+Purpose: Specifies the AWS region where the resources will be deployed.
+
+Default Value: us-east-2 (Ohio region). If no custom value is provided, Terraform will use this region.
+
+Usage: Ensures flexibility, allowing deployments to different AWS regions based on user input.
+
+*/
+
 variable "region" {
   description = "AWS region"
   type        = string
   default     = "us-east-2"
 }
 
+/*
+
+Purpose: Defines the name of the Kubernetes cluster created with AWS Elastic Kubernetes Service (EKS).
+
+Default Value: "kitops-eks", but it can be customized per environment.
+
+Usage: Helps uniquely identify the EKS cluster within AWS for managing containerized applications.
+
+*/
+
 variable "clusterName" {
   description = "Name of the EKS cluster"
   type        = string