Skip to content

Commit b7540ee

Browse files
author
Alan Nix
committed
refactor: split main.tf into cluster/node scoped files
1 parent 04fa746 commit b7540ee

File tree

2 files changed

+163
-161
lines changed

2 files changed

+163
-161
lines changed

lacework_cluster.tf

Lines changed: 161 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,161 @@
1+
locals {
2+
cluster_config_data = templatefile("${path.module}/config_cluster.tmpl", {
3+
lacework_cluster_name = var.lacework_cluster_name
4+
lacework_cluster_region = var.lacework_cluster_region
5+
lacework_cluster_type = var.lacework_cluster_type
6+
lacework_server_url = var.lacework_server_url
7+
})
8+
cluster_config_name = "${var.lacework_config_name}-${random_id.cluster_config_name_tail.hex}"
9+
merged_cluster_config = var.enable_cluster_agent ? yamlencode(merge(yamldecode(local.cluster_config_data), var.lacework_cluster_configuration)) : ""
10+
}
11+
12+
resource "random_id" "cluster_config_name_tail" {
13+
byte_length = 8
14+
keepers = {
15+
data = local.merged_cluster_config
16+
}
17+
}
18+
19+
resource "kubernetes_service_account" "lacework_k8s_collector" {
20+
count = var.enable_cluster_agent ? 1 : 0
21+
22+
metadata {
23+
name = "${var.lacework_agent_name}-cluster-sa"
24+
namespace = var.namespace
25+
}
26+
}
27+
28+
resource "kubernetes_cluster_role" "lacework_k8s_collector" {
29+
count = var.enable_cluster_agent ? 1 : 0
30+
31+
metadata {
32+
name = "${var.lacework_agent_name}-cluster-role"
33+
}
34+
35+
rule {
36+
api_groups = ["*"]
37+
resources = ["*"]
38+
verbs = ["get", "list"]
39+
}
40+
}
41+
42+
resource "kubernetes_cluster_role_binding" "lacework_k8s_collector" {
43+
count = var.enable_cluster_agent ? 1 : 0
44+
45+
metadata {
46+
name = "${var.lacework_agent_name}-cluster-role-binding"
47+
}
48+
49+
role_ref {
50+
api_group = "rbac.authorization.k8s.io"
51+
kind = "ClusterRole"
52+
name = "${var.lacework_agent_name}-cluster-role"
53+
}
54+
55+
subject {
56+
kind = "ServiceAccount"
57+
name = "${var.lacework_agent_name}-cluster-sa"
58+
namespace = var.namespace
59+
}
60+
61+
depends_on = [
62+
kubernetes_service_account.lacework_k8s_collector,
63+
kubernetes_cluster_role.lacework_k8s_collector
64+
]
65+
}
66+
67+
resource "kubernetes_secret" "lacework_k8s_collector" {
68+
count = var.enable_cluster_agent ? 1 : 0
69+
70+
metadata {
71+
name = local.cluster_config_name
72+
namespace = var.namespace
73+
74+
labels = {
75+
tier = "monitoring"
76+
app = "${var.lacework_agent_name}-cluster"
77+
}
78+
}
79+
80+
data = {
81+
"config.yaml" = local.merged_cluster_config
82+
}
83+
}
84+
85+
resource "kubernetes_deployment" "lacework_k8s_collector" {
86+
count = var.enable_cluster_agent ? 1 : 0
87+
88+
metadata {
89+
name = "${var.lacework_agent_name}-cluster"
90+
namespace = var.namespace
91+
92+
labels = {
93+
tier = "monitoring"
94+
app = "${var.lacework_agent_name}-cluster"
95+
}
96+
}
97+
98+
spec {
99+
selector {
100+
match_labels = {
101+
name = "${var.lacework_agent_name}-cluster"
102+
}
103+
}
104+
105+
template {
106+
metadata {
107+
labels = {
108+
name = "${var.lacework_agent_name}-cluster"
109+
}
110+
111+
annotations = {
112+
lacework_config_version = kubernetes_secret.lacework_k8s_collector[0].metadata.0.resource_version
113+
}
114+
}
115+
116+
spec {
117+
service_account_name = "${var.lacework_agent_name}-cluster-sa"
118+
termination_grace_period_seconds = 20
119+
120+
container {
121+
name = "${var.lacework_agent_name}-cluster"
122+
image = var.lacework_cluster_image
123+
image_pull_policy = var.lacework_cluster_image_pull_policy
124+
125+
env {
126+
name = "LaceworkAccessToken"
127+
value_from {
128+
secret_key_ref {
129+
name = "${var.lacework_agent_name}-access-token"
130+
key = "agent-access-token"
131+
}
132+
}
133+
}
134+
135+
volume_mount {
136+
name = "cfgmap"
137+
mount_path = "/config"
138+
}
139+
}
140+
141+
volume {
142+
name = "cfgmap"
143+
secret {
144+
secret_name = local.cluster_config_name
145+
items {
146+
key = "config.yaml"
147+
path = "config.yaml"
148+
}
149+
}
150+
}
151+
}
152+
}
153+
}
154+
155+
depends_on = [
156+
kubernetes_service_account.lacework_k8s_collector,
157+
kubernetes_cluster_role.lacework_k8s_collector,
158+
kubernetes_secret.lacework_k8s_collector,
159+
kubernetes_cluster_role_binding.lacework_k8s_collector,
160+
]
161+
}

main.tf renamed to lacework_node.tf

Lines changed: 2 additions & 161 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,4 @@
11
locals {
2-
cluster_config_data = templatefile("${path.module}/config_cluster.tmpl", {
3-
lacework_cluster_name = var.lacework_cluster_name
4-
lacework_cluster_region = var.lacework_cluster_region
5-
lacework_cluster_type = var.lacework_cluster_type
6-
lacework_server_url = var.lacework_server_url
7-
})
82
node_config_data = templatefile("${path.module}/config_node.tmpl", {
93
lacework_agent_autoupgrade = var.lacework_agent_autoupgrade
104
lacework_agent_interface_connection_size = var.lacework_agent_interface_connection_size
@@ -15,10 +9,8 @@ locals {
159
lacework_proxy_url = var.lacework_proxy_url
1610
lacework_server_url = var.lacework_server_url
1711
})
18-
cluster_config_name = "${var.lacework_config_name}-${random_id.cluster_config_name_tail.hex}"
19-
node_config_name = "${var.lacework_config_name}-${random_id.node_config_name_tail.hex}"
20-
merged_cluster_config = var.enable_cluster_agent ? yamlencode(merge(yamldecode(local.cluster_config_data), var.lacework_cluster_configuration)) : ""
21-
merged_node_config = jsonencode(merge(jsondecode(local.node_config_data), var.lacework_agent_configuration))
12+
node_config_name = "${var.lacework_config_name}-${random_id.node_config_name_tail.hex}"
13+
merged_node_config = jsonencode(merge(jsondecode(local.node_config_data), var.lacework_agent_configuration))
2214
}
2315

2416
resource "random_id" "node_config_name_tail" {
@@ -28,13 +20,6 @@ resource "random_id" "node_config_name_tail" {
2820
}
2921
}
3022

31-
resource "random_id" "cluster_config_name_tail" {
32-
byte_length = 8
33-
keepers = {
34-
data = local.merged_cluster_config
35-
}
36-
}
37-
3823
resource "kubernetes_secret" "lacework_access_token" {
3924
metadata {
4025
name = "${var.lacework_agent_name}-access-token"
@@ -323,147 +308,3 @@ resource "kubernetes_daemonset" "lacework_datacollector" {
323308
}
324309
}
325310
}
326-
327-
resource "kubernetes_service_account" "lacework_k8s_collector" {
328-
count = var.enable_cluster_agent ? 1 : 0
329-
330-
metadata {
331-
name = "${var.lacework_agent_name}-cluster-sa"
332-
namespace = var.namespace
333-
}
334-
}
335-
336-
resource "kubernetes_cluster_role" "lacework_k8s_collector" {
337-
count = var.enable_cluster_agent ? 1 : 0
338-
339-
metadata {
340-
name = "${var.lacework_agent_name}-cluster-role"
341-
}
342-
343-
rule {
344-
api_groups = ["*"]
345-
resources = ["*"]
346-
verbs = ["get", "list"]
347-
}
348-
}
349-
350-
resource "kubernetes_cluster_role_binding" "lacework_k8s_collector" {
351-
count = var.enable_cluster_agent ? 1 : 0
352-
353-
metadata {
354-
name = "${var.lacework_agent_name}-cluster-role-binding"
355-
}
356-
357-
role_ref {
358-
api_group = "rbac.authorization.k8s.io"
359-
kind = "ClusterRole"
360-
name = "${var.lacework_agent_name}-cluster-role"
361-
}
362-
363-
subject {
364-
kind = "ServiceAccount"
365-
name = "${var.lacework_agent_name}-cluster-sa"
366-
namespace = var.namespace
367-
}
368-
369-
depends_on = [
370-
kubernetes_service_account.lacework_k8s_collector,
371-
kubernetes_cluster_role.lacework_k8s_collector
372-
]
373-
}
374-
375-
resource "kubernetes_secret" "lacework_k8s_collector" {
376-
count = var.enable_cluster_agent ? 1 : 0
377-
378-
metadata {
379-
name = local.cluster_config_name
380-
namespace = var.namespace
381-
382-
labels = {
383-
tier = "monitoring"
384-
app = "${var.lacework_agent_name}-cluster"
385-
}
386-
}
387-
388-
data = {
389-
"config.yaml" = local.merged_cluster_config
390-
}
391-
}
392-
393-
resource "kubernetes_deployment" "lacework_k8s_collector" {
394-
count = var.enable_cluster_agent ? 1 : 0
395-
396-
metadata {
397-
name = "${var.lacework_agent_name}-cluster"
398-
namespace = var.namespace
399-
400-
labels = {
401-
tier = "monitoring"
402-
app = "${var.lacework_agent_name}-cluster"
403-
}
404-
}
405-
406-
spec {
407-
selector {
408-
match_labels = {
409-
name = "${var.lacework_agent_name}-cluster"
410-
}
411-
}
412-
413-
template {
414-
metadata {
415-
labels = {
416-
name = "${var.lacework_agent_name}-cluster"
417-
}
418-
419-
annotations = {
420-
lacework_config_version = kubernetes_secret.lacework_k8s_collector[0].metadata.0.resource_version
421-
}
422-
}
423-
424-
spec {
425-
service_account_name = "${var.lacework_agent_name}-cluster-sa"
426-
termination_grace_period_seconds = 20
427-
428-
container {
429-
name = "${var.lacework_agent_name}-cluster"
430-
image = var.lacework_cluster_image
431-
image_pull_policy = var.lacework_cluster_image_pull_policy
432-
433-
env {
434-
name = "LaceworkAccessToken"
435-
value_from {
436-
secret_key_ref {
437-
name = "${var.lacework_agent_name}-access-token"
438-
key = "agent-access-token"
439-
}
440-
}
441-
}
442-
443-
volume_mount {
444-
name = "cfgmap"
445-
mount_path = "/config"
446-
}
447-
}
448-
449-
volume {
450-
name = "cfgmap"
451-
secret {
452-
secret_name = local.cluster_config_name
453-
items {
454-
key = "config.yaml"
455-
path = "config.yaml"
456-
}
457-
}
458-
}
459-
}
460-
}
461-
}
462-
463-
depends_on = [
464-
kubernetes_service_account.lacework_k8s_collector,
465-
kubernetes_cluster_role.lacework_k8s_collector,
466-
kubernetes_secret.lacework_k8s_collector,
467-
kubernetes_cluster_role_binding.lacework_k8s_collector,
468-
]
469-
}

0 commit comments

Comments
 (0)