Terraform module for creating AWS resources used by GeoWeb applications.
Zalando Postgres Operator was updated to v1.13.0. Before upgrading to this version, operator CRDs must be updated manually.
kubectl apply -f https://raw.githubusercontent.com/zalando/postgres-operator/refs/tags/v1.13.0/charts/postgres-operator/crds/operatorconfigurations.yaml
kubectl apply -f https://raw.githubusercontent.com/zalando/postgres-operator/refs/tags/v1.13.0/charts/postgres-operator/crds/postgresqls.yaml
kubectl apply -f https://raw.githubusercontent.com/zalando/postgres-operator/refs/tags/v1.13.0/charts/postgres-operator/crds/postgresteams.yaml
In order to use full capabilities of terraform-aws-geoweb module, user needs to set a few variables before running terraform apply. Variables can be passed to the terraform command in multiple ways, choose what best suits your environment, some examples:
- Set TF_VAR_variable environment variables
- Pass variables in the command:
terraform apply -var="certificateARN=arn:aws:acm:<aws-region>:<aws-account-id>:certificate/<certificate-id> - Using terragrunt inputs block in
terragrunt.hcland runterragrunt apply:
inputs = {
certificateARN = "arn:aws:acm:<aws-region>:<aws-account-id>:certificate/<certificate-id>"
}
Deployment includes configuration for an ingress controller, which is configured to run together with AWS, creating single load balancer which routes traffic from desired domains to deployed GeoWeb applications.
Deployment includes configuration for Secrets Store CSI Driver + AWS Secrets and Configuration Provider (ASCP) which allows the kubernetes cluster to use secrets from AWS Secret Manager.
Provides basic resource usage metrics, used manually with kubectl top node and kubectl top pod and automatically with cluster-autoscaler.
Monitors the resource usage of the applications in EKS and automatically scales the amount of nodes. Doesn't scale past min_size and max_size defined in the node group.
- Note that metrics-server can show memory usage values of over 100% (even 130% in extreme cases) which is totally fine and doesn't require scaling. This is because metrics-server reserves a small amount of memory for each possible pod that it doesn't consider in the percentage, and as we have set the maximum number of pods to 110 in vpc-cni, it thinks we have around 1.5G lower memory available per node that we actually have. cluster-autoscaler correctly uses the real amount of memory available.
Kubernetes operator that provides the Zalando postgresql database functionality.
Necessary add-ons that ensure that network inside the EKS cluster work correctly.
- coredns handles dns resolution inside the EKS cluster (so pods can communicate without using direct ip addresses)
- kube-proxy and vpc-cni handles networking
Allows PersistentVolumes to be dynamically provisioned using AWS EBS storage.
Uses role ebs_csi_irsa_role and default gp2 storage class is replaced with gp3.
Enables basic AWS CloudWatch logging.
Make sure you are authenticated as the user/role with enough permissions using aws configure and optionally aws sts assume-role, check your current credentials with aws sts get-caller-identity.
For nginx-ingress-controller to work properly, user needs to add certificateARN:
export TF_VAR_certificateARN=arn:aws:acm:<aws-region>:<aws-account-id>:certificate/<certificate-id>
As user wants to use Zalando Postgres Operator for their databases, they need to enable it and pass custom variables which should contain at least credentials to connect to S3 bucket used for backups:
export TF_VAR_enableZalandoPostgresOperator=true
export TF_VAR_zalandoOperatorCustomVars='{"configLogicalBackup.logical_backup_s3_access_key_id"="<AWS_ACCESS_KEY_ID>","configLogicalBackup.logical_backup_s3_secret_access_key"="<AWS_SECRET_ACCESS_KEY>","configLogicalBackup.logical_backup_s3_bucket"="<S3-bucket-name>","configAwsOrGcp.log_s3_bucket"="<S3-bucket-name>","configAwsOrGcp.wal_s3_bucket"="<S3-bucket-name>"}'
export TF_VAR_zalandoPodConfigCustomVars='{AWS_ACCESS_KEY_ID="<AWS_ACCESS_KEY_ID>",AWS_SECRET_ACCESS_KEY="<AWS_SECRET_ACCESS_KEY>",CLONE_AWS_ACCESS_KEY_ID="<AWS_ACCESS_KEY_ID>",CLONE_AWS_SECRET_ACCESS_KEY="<AWS_SECRET_ACCESS_KEY>"}'
Run terraform apply
Default values for OIDC variables are examples for GitHub repositories. Default values allow OIDC control from every GitHub repository. These can be configured to either specific GitHub repositories (recommended when repository is in GitHub) or to different source control systems for example like GitLab. Example values for configuring GitLab as the OIDC provider would be gitlab.com for the oidcProvider variable and project_path:<organization>/<repository>:ref_type:branch:ref:<branch>. Other repositories can also be used.
- Merge all changes you want included to main
- Navigate to Releases --> Draft a new release
- Choose if the update is major, minor or patch, follow Semantic Versioning
- Create a new tag on publish, match the release name to the new version & write description of the changes
- Publish release and the new version will automatically sync to Terraform registry