feat: provisioned EKS with Terraform and updated frontend banner message

Author: neamulkabiremon

.gitignore

@@ -54,3 +54,28 @@ test/tracetesting/tracetesting-vars.yaml
 *.apk
 
 !src/currency/build
+
+# -----------------------------
+# Terraform
+# -----------------------------
+**/.terraform/                # Terraform plugins and provider binaries
+**/.terraform.lock.hcl        # Dependency lock file (optional: only ignore if not needed)
+**/*.tfstate                  # Terraform state files
+**/*.tfstate.backup           # State backup
+**/*.tfplan                   # Terraform plan files
+**/crash.log                  # Crash logs
+
+# -----------------------------
+# Local Environment
+# -----------------------------
+*.log
+*.bak
+*.swp
+.DS_Store
+
+# -----------------------------
+# VSCode and IDEs
+# -----------------------------
+.vscode/
+.idea/
+*.code-workspace

argocd-app.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ultimate-devops-app
+  namespace: argocd
+spec:
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  project: default
+  source:
+    repoURL: https://github.com/neamulkabiremon/ultimate-devops-project-demo
+    targetRevision: main
+    path: kubernetes
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

infrastructure/eks-cluster/.gitignore

@@ -0,0 +1,4 @@
+.terraform.lock.hcl
+.terraform/
+*.tfstate
+*.tfstate.*

infrastructure/eks-cluster/backend.tf

@@ -0,0 +1,9 @@
+# terraform {
+#   backend "s3" {
+#     bucket         = "your-terraform-state-bucket-name"
+#     key            = "eks/${var.env}/terraform.tfstate"
+#     region         = "us-east-2"
+#     dynamodb_table = "terraform-locks"
+#     encrypt        = true
+#   }
+# }

infrastructure/eks-cluster/environments/dev.tfvars

@@ -0,0 +1,5 @@
+env        = "dev"
+region     = "us-east-2"
+zone1      = "us-east-2a"
+zone2      = "us-east-2b"
+eks_name   = "eks-dev"

infrastructure/eks-cluster/environments/prod.tfvars

@@ -0,0 +1,5 @@
+env        = "prod"
+region     = "us-east-2"
+zone1      = "us-east-2a"
+zone2      = "us-east-2b"
+eks_name   = "eks-prod"

infrastructure/eks-cluster/environments/staging.tfvars

@@ -0,0 +1,5 @@
+env        = "staging"
+region     = "us-east-2"
+zone1      = "us-east-2a"
+zone2      = "us-east-2b"
+eks_name   = "eks-staging"

infrastructure/eks-cluster/main.tf

@@ -0,0 +1,92 @@
+# -----------------------------
+# VPC / Networking Module
+# -----------------------------
+module "network" {
+  source    = "./modules/network"
+  env       = var.env
+  region    = var.region
+  zone1     = var.zone1
+  zone2     = var.zone2
+  vpc_cidr  = "10.0.0.0/16"
+  eks_name  = var.eks_name
+}
+
+# -----------------------------
+# IAM Module
+# -----------------------------
+module "iam" {
+  source    = "./modules/iam"
+  env       = var.env
+  eks_name  = var.eks_name
+}
+
+# -----------------------------
+# EKS Module
+# -----------------------------
+module "eks" {
+  source       = "./modules/eks"
+  env          = var.env
+  eks_name     = var.eks_name
+  eks_version  = "1.30"
+  vpc_id       = module.network.vpc_id
+  subnet_ids   = module.network.private_subnet_ids
+  cluster_role = module.iam.eks_cluster_role_arn
+  node_role    = module.iam.eks_node_role_arn
+}
+
+# -----------------------------
+# Wait for EKS to be Ready
+# -----------------------------
+resource "null_resource" "wait_for_cluster" {
+  provisioner "local-exec" {
+    command = "echo 'Waiting for the EKS cluster to be ready...'"
+  }
+
+  depends_on = [module.eks]
+}
+
+# -----------------------------
+# OIDC Provider
+# -----------------------------
+resource "aws_iam_openid_connect_provider" "oidc" {
+  url             = module.eks.oidc_url
+  client_id_list  = ["sts.amazonaws.com"]
+  thumbprint_list = ["9e99a48a9960b14926bb7f3b02e22da0afd40f78"]
+  depends_on      = [null_resource.wait_for_cluster] # optional, but useful
+}
+
+# -----------------------------
+# Addons Module (Helm, Metrics, LBC, etc.)
+# -----------------------------
+module "addons" {
+  source         = "./modules/addons"
+  cluster_name   = module.eks.cluster_name
+  cluster_region = var.region
+  vpc_id         = module.network.vpc_id
+
+  providers = {
+    helm       = helm.eks
+    kubernetes = kubernetes.eks
+  }
+
+  depends_on = [null_resource.wait_for_cluster]
+}
+
+# -----------------------------
+# Storage Module (EFS, EBS, CSI)
+# -----------------------------
+# module "storage" {
+#   source         = "./modules/storage"
+#   cluster_name   = module.eks.cluster_name
+#   subnet_ids     = module.network.private_subnet_ids
+#   cluster_sg_id  = data.aws_eks_cluster.eks.vpc_config[0].cluster_security_group_id
+#   oidc_url       = module.eks.oidc_url
+#   oidc_arn       = aws_iam_openid_connect_provider.oidc.arn
+
+#   providers = {
+#     helm       = helm.eks
+#     kubernetes = kubernetes.eks
+#   }
+
+#   depends_on = [module.addons]
+# }

infrastructure/eks-cluster/modules/addons/main.tf

@@ -0,0 +1,186 @@
+terraform {
+  required_providers {
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.11"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.24"
+    }
+  }
+}
+
+
+# ----------------------------------
+# Metrics Server
+# ----------------------------------
+resource "helm_release" "metrics_server" {
+  name       = "metrics-server"
+  repository = "https://kubernetes-sigs.github.io/metrics-server/"
+  chart      = "metrics-server"
+  namespace  = "kube-system"
+  version    = "3.12.1"
+}
+
+# ----------------------------------
+# Cluster Autoscaler with IRSA
+# ----------------------------------
+resource "aws_iam_role" "autoscaler" {
+  name = "${var.cluster_name}-cluster-autoscaler"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect = "Allow"
+      Principal = {
+        Service = "pods.eks.amazonaws.com"
+      }
+      Action = ["sts:AssumeRole", "sts:TagSession"]
+    }]
+  })
+}
+
+resource "aws_iam_policy" "autoscaler" {
+  name   = "${var.cluster_name}-cluster-autoscaler"
+  policy = file("${path.module}/policies/autoscaler.json")
+}
+
+resource "aws_iam_role_policy_attachment" "autoscaler" {
+  role       = aws_iam_role.autoscaler.name
+  policy_arn = aws_iam_policy.autoscaler.arn
+}
+
+resource "aws_eks_pod_identity_association" "autoscaler" {
+  cluster_name    = var.cluster_name
+  namespace       = "kube-system"
+  service_account = "cluster-autoscaler"
+  role_arn        = aws_iam_role.autoscaler.arn
+}
+
+resource "helm_release" "autoscaler" {
+  name       = "cluster-autoscaler"
+  repository = "https://kubernetes.github.io/autoscaler"
+  chart      = "cluster-autoscaler"
+  namespace  = "kube-system"
+  version    = "9.37.0"
+
+  set {
+    name  = "rbac.serviceAccount.name"
+    value = "cluster-autoscaler"
+  }
+
+  set {
+    name  = "autoDiscovery.clusterName"
+    value = var.cluster_name
+  }
+
+  set {
+    name  = "awsRegion"
+    value = var.cluster_region
+  }
+
+  depends_on = [helm_release.metrics_server]
+}
+
+# ----------------------------------
+# AWS Load Balancer Controller with IRSA
+# ----------------------------------
+resource "aws_iam_role" "lbc" {
+  name = "${var.cluster_name}-aws-lbc"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect = "Allow"
+      Principal = {
+        Service = "pods.eks.amazonaws.com"
+      }
+      Action = ["sts:AssumeRole", "sts:TagSession"]
+    }]
+  })
+}
+
+resource "aws_iam_policy" "lbc" {
+  name   = "${var.cluster_name}-aws-lbc"
+  policy = file("${path.module}/policies/aws-lbc.json")
+}
+
+resource "aws_iam_role_policy_attachment" "lbc" {
+  role       = aws_iam_role.lbc.name
+  policy_arn = aws_iam_policy.lbc.arn
+}
+
+resource "aws_eks_pod_identity_association" "lbc" {
+  cluster_name    = var.cluster_name
+  namespace       = "kube-system"
+  service_account = "aws-load-balancer-controller"
+  role_arn        = aws_iam_role.lbc.arn
+}
+
+resource "helm_release" "aws_lbc" {
+  name       = "aws-load-balancer-controller"
+  repository = "https://aws.github.io/eks-charts"
+  chart      = "aws-load-balancer-controller"
+  namespace  = "kube-system"
+  version    = "1.7.2"
+
+  set {
+    name  = "clusterName"
+    value = var.cluster_name
+  }
+
+  set {
+    name  = "region"
+    value = var.cluster_region
+  }
+
+  set {
+    name  = "vpcId"
+    value = var.vpc_id
+  }
+
+  set {
+    name  = "serviceAccount.name"
+    value = "aws-load-balancer-controller"
+  }
+
+  depends_on = [helm_release.autoscaler]
+}
+
+# ----------------------------------
+# Ingress NGINX
+# ----------------------------------
+# resource "helm_release" "nginx" {
+#   name             = "external"
+#   repository       = "https://kubernetes.github.io/ingress-nginx"
+#   chart            = "ingress-nginx"
+#   namespace        = "ingress"
+#   create_namespace = true
+#   version          = "4.10.1"
+#   wait             = false
+
+#   values = [file("${path.module}/values/nginx-values.yaml")]
+
+#   depends_on = [helm_release.aws_lbc]
+# }
+
+# ----------------------------------
+# Cert Manager
+# ----------------------------------
+# resource "helm_release" "cert_manager" {
+#   name             = "cert-manager"
+#   repository       = "https://charts.jetstack.io"
+#   chart            = "cert-manager"
+#   namespace        = "cert-manager"
+#   create_namespace = true
+#   version          = "v1.14.5"
+
+#   set {
+#     name  = "installCRDs"
+#     value = "true"
+#   }
+
+#   depends_on = [helm_release.nginx]
+# }
+

infrastructure/eks-cluster/modules/addons/outputs.tf

@@ -0,0 +1,7 @@
+output "autoscaler_role_arn" {
+  value = aws_iam_role.autoscaler.arn
+}
+
+output "lbc_role_arn" {
+  value = aws_iam_role.lbc.arn
+}