Working without kms

kaihendry · Jul 29, 2022 · 133b504 · 133b504
1 parent 959642d
commit 133b504
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -15,3 +15,7 @@ Run a service:
     argocd app create guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path guestbook --dest-server https://kubernetes.default.svc --dest-namespace default
     argocd app get guestbook
     argocd app sync guestbook
+
+Run my service
+
+    argocd app create sla --repo https://github.com/kaihendry/sla.git --path k8s --dest-server https://kubernetes.default.svc --dest-namespace kai
diff --git a/init.tf b/init.tf
@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     aws = {
-      source  = "hashicorp/aws"
+      source = "hashicorp/aws"
     }
   }
 }

diff --git a/main.tf b/main.tf
@@ -1,5 +1,5 @@
 locals {
-  name            = "ex-${replace(basename(path.cwd), "_", "-")}"
+  name            = "${replace(basename(path.cwd), "_", "-")}"
   cluster_version = "1.22"
   region          = "ap-southeast-1"
 
@@ -33,11 +33,6 @@ module "eks" {
     }
   }
 
-  cluster_encryption_config = [{
-    provider_key_arn = aws_kms_key.eks.arn
-    resources        = ["secrets"]
-  }]
-
   vpc_id     = module.vpc.vpc_id
   subnet_ids = module.vpc.private_subnets
 
@@ -132,10 +127,6 @@ module "vpc" {
   single_nat_gateway   = true
   enable_dns_hostnames = true
 
-  enable_flow_log                      = true
-  create_flow_log_cloudwatch_iam_role  = true
-  create_flow_log_cloudwatch_log_group = true
-
   public_subnet_tags = {
     "kubernetes.io/cluster/${local.name}" = "shared"
     "kubernetes.io/role/elb"              = 1
@@ -149,10 +140,3 @@ module "vpc" {
   tags = local.tags
 }
 
-resource "aws_kms_key" "eks" {
-  description             = "EKS Secret Encryption Key"
-  deletion_window_in_days = 7
-  enable_key_rotation     = true
-
-  tags = local.tags
-}