Add CI Terraform Plan for EKS

Since we switch to EKS from ECS, this PR adds the terraform plans for the EKS modules and removes the ECS ones. **Testing** Tested by setting the CI pipeline to the one defined here and checking that the 2 terraform plans are done and reported to GitHub **Notes** We use plan with `-lock=false` and `-refresh=false` as done previously in ECS with justifications in #297 and #306 respectively. Ref: 1. [EKS cluster](#372) 2. [EKS cluster addons](#377) 3. [Concourse EKS pipeline](#378) 4. [add CI user to k8s](#391)
alphagov · Aug 18, 2021 · c1d636b · c1d636b
1 parent df29940
commit c1d636b
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 76 deletions.
diff --git a/concourse/parameters/ci/ci.yml b/concourse/parameters/ci/ci.yml
@@ -1,2 +1,3 @@
-govuk_infrastructure_branch: main
+aws_region: eu-west-1
 concourse_ci_role_arn: arn:aws:iam::430354129336:role/govuk-ci-concourse
+govuk_infrastructure_branch: main
diff --git a/concourse/pipelines/ci.yml b/concourse/pipelines/ci.yml
@@ -35,48 +35,66 @@ jobs:
       var_files:
         - govuk-infrastructure/concourse/parameters/ci/ci.yml
 
-  - name: terraform-plan-govuk-deployment
+  - name: terraform-cluster-infrastructure
     plan:
     - get: govuk-infrastructure-commit
       trigger: true
     - put: govuk-infrastructure-commit
-      params: {status: pending, context: terraform-plan-govuk-deployment}
-    - task: terraform-plan
-      file: govuk-infrastructure-commit/repo/concourse/tasks/terraform-plan-govuk-deployment.yml
-      params:
-        ASSUME_ROLE_ARN: ((concourse_ci_role_arn))
+      params: {status: pending, context: terraform-plan-cluster-infrastructure}
+    - task: terraform-cluster
+      config: &terraform-cluster-config
+        inputs:
+        - name: govuk-infrastructure-commit
+        params: &terraform-cluster-params
+          ASSUME_ROLE_ARN: ((concourse_ci_role_arn))
+          AWS_REGION: ((aws_region))
+          DEPLOYMENT_PATH: govuk-infrastructure-commit/repo/terraform/deployments/cluster-infrastructure
+          ENVIRONMENT: ((govuk_environment))
+        platform: linux
+        image_resource:
+          type: docker-image
+          source:
+            repository: digiticketsgroup/terraforming
+            tag: tf-1.0.1-aws-2.2.18-jq-1.5-git-2.32.0 #TODO: build our own image instead.
+            username: ((docker_hub_username))
+            password: ((docker_hub_authtoken))
+        run:
+          path: govuk-infrastructure-commit/repo/concourse/tasks/terraform.sh
+          args: ["plan", "-lock=false", "-refresh=false"]
       on_success:
         put: govuk-infrastructure-commit
-        params: {status: success, context: terraform-plan-govuk-deployment}
+        params: {status: success, context: terraform-plan-cluster-infrastructure}
       on_failure:
         put: govuk-infrastructure-commit
-        params: {status: failure, context: terraform-plan-govuk-deployment}
+        params: {status: failure, context: terraform-plan-cluster-infrastructure}
       on_abort:
         put: govuk-infrastructure-commit
-        params: {status: error, context: terraform-plan-govuk-deployment}
+        params: {status: error, context: terraform-plan-cluster-infrastructure}
       on_error:
         put: govuk-infrastructure-commit
-        params: {status: error, context: terraform-plan-govuk-deployment}
+        params: {status: error, context: terraform-plan-cluster-infrastructure}
 
-  - name: terraform-plan-monitoring
+  - name: terraform-cluster-services
     plan:
     - get: govuk-infrastructure-commit
       trigger: true
     - put: govuk-infrastructure-commit
-      params: {status: pending, context: terraform-plan-govuk-deployment}
-    - task: terraform-plan
-      file: govuk-infrastructure-commit/repo/concourse/tasks/terraform-plan-monitoring.yml
-      params:
-        ASSUME_ROLE_ARN: ((concourse_ci_role_arn))
+      params: {status: pending, context: terraform-plan-cluster-services}
+    - task: terraform-cluster-addons
+      config:
+        <<: *terraform-cluster-config
+        params:
+          <<: *terraform-cluster-params
+          DEPLOYMENT_PATH: govuk-infrastructure-commit/repo/terraform/deployments/cluster-services
       on_success:
         put: govuk-infrastructure-commit
-        params: {status: success, context: terraform-plan-monitoring}
+        params: {status: success, context: terraform-plan-cluster-services}
       on_failure:
         put: govuk-infrastructure-commit
-        params: {status: failure, context: terraform-plan-monitoring}
+        params: {status: failure, context: terraform-plan-cluster-services}
       on_abort:
         put: govuk-infrastructure-commit
-        params: {status: error, context: terraform-plan-monitoring}
+        params: {status: error, context: terraform-plan-cluster-services}
       on_error:
         put: govuk-infrastructure-commit
-        params: {status: error, context: terraform-plan-monitoring}
+        params: {status: error, context: terraform-plan-cluster-services}
diff --git a/concourse/tasks/terraform-plan-govuk-deployment.yml b/concourse/tasks/terraform-plan-govuk-deployment.yml
diff --git a/concourse/tasks/terraform-plan-monitoring.yml b/concourse/tasks/terraform-plan-monitoring.yml