From 2aa3f81f33015570eb849f991f620dac6d67a1e3 Mon Sep 17 00:00:00 2001 From: nimalank7 Date: Fri, 29 Nov 2024 19:08:15 +0000 Subject: [PATCH] Remove clamv_db_efs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Description: - https://github.com/alphagov/govuk-infrastructure/pull/725/files introduced the EBS CSI Driver which created EFS for ClamAV - Next https://github.com/alphagov/govuk-helm-charts/pull/508/files allowed ClamAV to talk to EFS over NFS exposing over clamav-db-govuk.integration.govuk-internal.digital - However this didn’t work so ClamAV was switched to use the EFS CSI driver in https://github.com/alphagov/govuk-helm-charts/pull/514/files. But this removes the reference to clamav-db-govuk.integration.govuk-internal.digital - https://github.com/alphagov/govuk-infrastructure/pull/790 removes the EFS CSI driver - Next https://github.com/alphagov/govuk-helm-charts/pull/572/files makes ClamAV share the EFS instance via the same NFS mount as asset manager. - Now there is a dangling reference to ClamAV EFS instance which can be safely removed as nothing references it anymore. - As part of https://github.com/alphagov/govuk-helm-charts/issues/1883 --- .../cluster-infrastructure/clamav_db_efs.tf | 34 ------------------- .../cluster-infrastructure/outputs.tf | 4 --- .../asset_manager_efs.tf | 2 +- 3 files changed, 1 insertion(+), 39 deletions(-) delete mode 100644 terraform/deployments/cluster-infrastructure/clamav_db_efs.tf diff --git a/terraform/deployments/cluster-infrastructure/clamav_db_efs.tf b/terraform/deployments/cluster-infrastructure/clamav_db_efs.tf deleted file mode 100644 index 5d41b8190..000000000 --- a/terraform/deployments/cluster-infrastructure/clamav_db_efs.tf +++ /dev/null @@ -1,34 +0,0 @@ -# TODO: move this out of cluster-infrastructure; it doesn't belong. -locals { - clamav_db_name = "clamav-db-${var.cluster_name}" -} - -resource "aws_efs_file_system" "clamav-db" { - creation_token = local.clamav_db_name - tags = { - Description = "EFS where Clamav virus signature database is stored" - } -} - -resource "aws_security_group" "clamav-db" { - name = local.clamav_db_name - vpc_id = data.terraform_remote_state.infra_vpc.outputs.vpc_id - description = "Security group of ${local.clamav_db_name}" -} - -resource "aws_security_group_rule" "clamav_db_from_eks_workers" { - description = "Clamav DB EFS accepts requests from EKS nodes" - type = "ingress" - from_port = 2049 - to_port = 2049 - protocol = "tcp" - security_group_id = aws_security_group.clamav-db.id - source_security_group_id = module.eks.cluster_primary_security_group_id -} - -resource "aws_efs_mount_target" "clamav-db-mount-targets" { - for_each = toset(data.terraform_remote_state.infra_networking.outputs.private_subnet_ids) - file_system_id = aws_efs_file_system.clamav-db.id - subnet_id = each.key - security_groups = [aws_security_group.clamav-db.id] -} diff --git a/terraform/deployments/cluster-infrastructure/outputs.tf b/terraform/deployments/cluster-infrastructure/outputs.tf index c820bb3d4..bfcf50747 100644 --- a/terraform/deployments/cluster-infrastructure/outputs.tf +++ b/terraform/deployments/cluster-infrastructure/outputs.tf @@ -118,10 +118,6 @@ output "monitoring_namespace" { value = local.monitoring_namespace } -output "clamav_db_efs_id" { - value = aws_efs_file_system.clamav-db.id -} - output "public_nat_gateway_ips" { value = [for eip in aws_eip.eks_nat : eip.public_ip] } diff --git a/terraform/deployments/govuk-publishing-infrastructure/asset_manager_efs.tf b/terraform/deployments/govuk-publishing-infrastructure/asset_manager_efs.tf index de24da9f2..8180bda5d 100644 --- a/terraform/deployments/govuk-publishing-infrastructure/asset_manager_efs.tf +++ b/terraform/deployments/govuk-publishing-infrastructure/asset_manager_efs.tf @@ -26,7 +26,7 @@ resource "aws_efs_file_system" "assets_efs" { creation_token = "blue-assets" tags = { "Name" = "asset-manager" - "Description" = "Asset Manager and Whitehall attachments are stored here temporarily for malware scanning before being transferred to S3." + "Description" = "ClamAV database configuration is stored here. Asset Manager and Whitehall attachments are stored here temporarily for malware scanning before being transferred to S3." } }