feat(terraform): upload .ssh key

d5432822 · michaelmcleroy · c2ec232f · d5432822 · d5432822 · d5432822
Commit d5432822 authored Jul 12, 2021 by michaelmcleroy
3 changed files
--- a/terraform/modules/k8s/main.tf
+++ b/terraform/modules/k8s/main.tf
-# After the cluster is setup, this script will retrieve the Kubeconfig
-# file from S3 storage and merge in the local ~/.kube/config
+# After the cluster is setup, these scripts will ...
+# - Retrieve the Kuberntes config file from S3 and merge it with the local ~/.kube/config
+# - Upload the SSH private key to S3

 # Retrieves kubeconfig
 resource "null_resource" "kubeconfig" {
@@ -22,6 +23,7 @@ resource "null_resource" "kubeconfig" {
      # Do not redirect to ~/.kube/config or you may truncate the results
      kubectl config view --flatten > ~/.kube/merged
      mv -f ~/.kube/merged ~/.kube/config
+      chmod 0600 ~/.kube/config

      # Cleanup
      rm -f ~/.kube/new
@@ -29,4 +31,13 @@ resource "null_resource" "kubeconfig" {
      unset KUBECONFIGBAK
    EOF
  }
-}
\ No newline at end of file
+}
+
+# Upload SSH private key
+resource "aws_s3_bucket_object" "sshkey" {
+  key                    = "ssh-private-key.pem"
+  # Get bucket name in middle of s3://<bucket name>/rke2.yaml
+  bucket                 = replace(replace(var.kubeconfig_path, "/\\/[^/]*$/", ""), "/^[^/]*\\/\\//", "")
+  source                 = pathexpand("${var.private_key_path}/${var.name}.pem")
+  server_side_encryption = "aws:kms"
+}
--- a/terraform/modules/k8s/variables.tf
+++ b/terraform/modules/k8s/variables.tf
 variable "name" {
-  description = "The name to apply to the resources"
+  description = "The name of the SSH key"
  type    = string
  default = "bigbang-dev"
 }
@@ -7,4 +7,10 @@ variable "name" {
 variable "kubeconfig_path" {
  description = "Remote path to kubeconfig"
  type = string
+}
+
+variable "private_key_path" {
+  description = "Local path to SSH private key"
+  type = string
+  default = "~/.ssh"
 }
\ No newline at end of file
--- a/terraform/us-gov-west-1/prod/main/terragrunt.hcl
+++ b/terraform/us-gov-west-1/prod/main/terragrunt.hcl
 # This file performs post-cluster actions, like downloading the kubeconfig
+locals {
+  env = merge(
+    yamldecode(file(find_in_parent_folders("region.yaml"))),
+    yamldecode(file(find_in_parent_folders("env.yaml")))
+  )
+}

 terraform {
-  source = "${path_relative_from_include()}//modules/k8s"
+  source = "${path_relative_from_include()}//modules/s3"
 }

 include {
@@ -16,5 +22,6 @@ dependency "server" {
 }

 inputs = {
+  name = local.env.name
  kubeconfig_path = dependency.server.outputs.kubeconfig_path
 }
\ No newline at end of file