tofu setup

2026-04-27 21:00:07 +02:00
parent 7132f5000e
commit d3690d0597
63 changed files with 4809 additions and 9 deletions
--- a/.tofu/platforms/eks/dev/main.tf
+++ b/.tofu/platforms/eks/dev/main.tf
@@ -0,0 +1,39 @@
+module "cluster" {
+  source = "../modules/cluster"
+
+  region = var.region
+  prefix = "devhub-dev"
+
+  # VPC
+  availability_zones = ["${var.region}a", "${var.region}b"]
+
+  # EKS — small dev nodes
+  node_instance_type = "t3.medium"
+  node_count         = 2
+  node_min_count     = 1
+  node_max_count     = 4
+  kubernetes_version = "1.30"
+
+  # RDS — small burstable tier for dev
+  rds_instance_class    = "db.t3.micro"
+  rds_allocated_storage = 20
+  rds_multi_az          = false
+
+  # ElastiCache — small single node for dev
+  redis_node_type          = "cache.t3.micro"
+  redis_num_cache_clusters = 1
+  redis_automatic_failover = false
+
+  # DNS — must match an existing Route53 hosted zone
+  domain = "dev.example.com" # TODO: set to your actual domain
+
+  # Cognito — domain prefix must be globally unique
+  cognito_domain_prefix = "devhub-dev-devhub" # TODO: customize to avoid conflicts
+
+  enable_deletion_protection = false
+
+  tags = {
+    Environment = "dev"
+    ManagedBy   = "tofu"
+  }
+}
--- a/.tofu/platforms/eks/dev/outputs.tf
+++ b/.tofu/platforms/eks/dev/outputs.tf
@@ -0,0 +1,17 @@
+output "cluster_name"              { value = module.cluster.cluster_name }
+output "aws_region"                { value = module.cluster.aws_region }
+output "pg_host"                   { value = module.cluster.pg_host }
+output "pg_port"                   { value = module.cluster.pg_port }
+output "pg_admin_login"            { value = module.cluster.pg_admin_login }
+output "pg_admin_password"         { value = module.cluster.pg_admin_password;      sensitive = true }
+output "pg_keycloak_password"      { value = module.cluster.pg_keycloak_password;   sensitive = true }
+output "pg_gitlab_password"        { value = module.cluster.pg_gitlab_password;     sensitive = true }
+output "redis_host"                { value = module.cluster.redis_host }
+output "redis_port"                { value = module.cluster.redis_port }
+output "gitlab_s3_bucket_prefix"   { value = module.cluster.gitlab_s3_bucket_prefix }
+output "gitlab_irsa_role_arn"      { value = module.cluster.gitlab_irsa_role_arn }
+output "cognito_user_pool_id"      { value = module.cluster.cognito_user_pool_id }
+output "cognito_issuer_url"        { value = module.cluster.cognito_issuer_url }
+output "cognito_hosted_ui_domain"  { value = module.cluster.cognito_hosted_ui_domain }
+output "cognito_client_id"         { value = module.cluster.cognito_client_id }
+output "cognito_client_secret"     { value = module.cluster.cognito_client_secret;  sensitive = true }
--- a/.tofu/platforms/eks/dev/providers.tf
+++ b/.tofu/platforms/eks/dev/providers.tf
@@ -0,0 +1,28 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0"
+    }
+  }
+}
+
+# Authentication: set AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN
+# or configure an AWS profile: export AWS_PROFILE=devhub
+provider "aws" {
+  region = var.region
+}
+
+variable "region" {
+  description = "AWS region for dev environment"
+  type        = string
+  default     = "eu-west-1"
+}