-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
223 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,20 +1,24 @@ | ||
# AWS VPC and EC2 Instance Example | ||
The work here assumes you have an AWS account and have the AWS CLI installed and configured. | ||
The work here assumes you have an AWS account and have the AWS CLI installed and configured to this account. | ||
|
||
The [main.tf](main.tf) contains the configuration that Terraform will use to create the resources in the cloud. | ||
|
||
Initialize the Terraform configuration by running the following command | ||
1. Initialize the Terraform configuration by running the following command | ||
```shell | ||
terraform init | ||
``` | ||
|
||
Plan the Terraform configuration by running the following command | ||
2. Plan the Terraform configuration by running the following command | ||
```shell | ||
terraform plan | ||
``` | ||
|
||
Apply the Terraform configuration by running the following command | ||
3. Apply the Terraform configuration by running the following command | ||
```shell | ||
terraform apply | ||
``` | ||
|
||
4. When you are done, you can destroy the resources by running the following command | ||
```shell | ||
terraform destroy | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
# AWS EKS (Kubernetes) Example | ||
The work here assumes you have an AWS account and have the AWS CLI installed and configured to this account. | ||
|
||
The [main.tf](main.tf) contains the configuration that Terraform will use to create all the resources needed for running an [EKS](https://aws.amazon.com/eks/) cluster. | ||
|
||
Set and store the needed variables values in the [terraform.tfvars](terraform.tfvars) file | ||
```text | ||
region = "eu-central-1" | ||
cluster_name = "demo-eks-cluster-test" | ||
cluster_public_access_cidrs = "1.2.3.4/0" | ||
``` | ||
|
||
1. Initialize the Terraform configuration by running the following command | ||
```shell | ||
terraform init | ||
``` | ||
|
||
2. Plan the Terraform configuration by running the following command | ||
```shell | ||
terraform plan | ||
``` | ||
|
||
3. Apply the Terraform configuration by running the following command | ||
```shell | ||
terraform apply | ||
``` | ||
|
||
To get the `kubectl` configuration for the EKS cluster, run the following command | ||
```shell | ||
aws eks --region $(terraform output -raw region) update-kubeconfig --name $(terraform output -raw cluster_name) | ||
``` | ||
|
||
Check the connection to the EKS cluster by running the following command | ||
```shell | ||
kubectl get nodes | ||
``` | ||
|
||
4. When you are done, you can destroy the resources by running the following command | ||
```shell | ||
terraform destroy | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,128 @@ | ||
# This file is used to create an AWS EKS cluster and the managed node group(s) | ||
|
||
variable "region" { | ||
default = "eu-central-1" | ||
} | ||
|
||
# WARNING: CIDR "0.0.0.0/0" is full public access to the cluster, you should use a more restrictive CIDR | ||
variable "cluster_public_access_cidrs" { | ||
default = "0.0.0.0/0" | ||
} | ||
|
||
variable "cluster_name" { | ||
default = "demo-eks-cluster" | ||
} | ||
|
||
provider "aws" { | ||
region = var.region | ||
} | ||
|
||
data "aws_availability_zones" "available" { | ||
filter { | ||
name = "opt-in-status" | ||
values = ["opt-in-not-required"] | ||
} | ||
} | ||
|
||
locals { | ||
cluster_name = var.cluster_name | ||
} | ||
|
||
resource "aws_security_group_rule" "allow_management_from_my_ip" { | ||
type = "ingress" | ||
from_port = 0 | ||
to_port = 65535 | ||
protocol = "-1" | ||
cidr_blocks = [var.cluster_public_access_cidrs] | ||
security_group_id = module.eks.cluster_security_group_id | ||
description = "Allow all traffic from my public IP for management" | ||
} | ||
|
||
module "vpc" { | ||
source = "terraform-aws-modules/vpc/aws" | ||
version = "5.15.0" | ||
|
||
name = "demo-vpc" | ||
|
||
cidr = "10.0.0.0/16" | ||
azs = slice(data.aws_availability_zones.available.names, 0, 3) | ||
|
||
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] | ||
public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] | ||
|
||
enable_nat_gateway = true | ||
single_nat_gateway = true | ||
enable_dns_hostnames = true | ||
|
||
public_subnet_tags = { | ||
"kubernetes.io/role/elb" = 1 | ||
} | ||
|
||
private_subnet_tags = { | ||
"kubernetes.io/role/internal-elb" = 1 | ||
} | ||
} | ||
|
||
module "eks" { | ||
source = "terraform-aws-modules/eks/aws" | ||
version = "20.28.0" | ||
|
||
cluster_name = local.cluster_name | ||
cluster_version = "1.31" | ||
|
||
enable_cluster_creator_admin_permissions = true | ||
cluster_endpoint_public_access = true | ||
cluster_endpoint_public_access_cidrs = [var.cluster_public_access_cidrs] | ||
|
||
cluster_addons = { | ||
aws-ebs-csi-driver = { | ||
service_account_role_arn = module.irsa-ebs-csi.iam_role_arn | ||
} | ||
} | ||
|
||
vpc_id = module.vpc.vpc_id | ||
subnet_ids = module.vpc.private_subnets | ||
|
||
eks_managed_node_group_defaults = { | ||
ami_type = "AL2_x86_64" | ||
} | ||
|
||
eks_managed_node_groups = { | ||
one = { | ||
name = "node-group-1" | ||
|
||
instance_types = ["t3.small"] | ||
|
||
min_size = 1 | ||
max_size = 3 | ||
desired_size = 2 | ||
} | ||
|
||
# two = { | ||
# name = "node-group-2" | ||
# | ||
# instance_types = ["t3.small"] | ||
# | ||
# min_size = 1 | ||
# max_size = 2 | ||
# desired_size = 1 | ||
# } | ||
} | ||
} | ||
|
||
|
||
# https://aws.amazon.com/blogs/containers/amazon-ebs-csi-driver-is-now-generally-available-in-amazon-eks-add-ons/ | ||
data "aws_iam_policy" "ebs_csi_policy" { | ||
arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy" | ||
} | ||
|
||
module "irsa-ebs-csi" { | ||
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" | ||
version = "5.39.0" | ||
|
||
create_role = true | ||
role_name = "AmazonEKSTFEBSCSIRole-${module.eks.cluster_name}" | ||
provider_url = module.eks.oidc_provider | ||
role_policy_arns = [data.aws_iam_policy.ebs_csi_policy.arn] | ||
oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Copyright (c) HashiCorp, Inc. | ||
# SPDX-License-Identifier: MPL-2.0 | ||
|
||
output "cluster_endpoint" { | ||
description = "Endpoint for EKS control plane" | ||
value = module.eks.cluster_endpoint | ||
} | ||
|
||
output "cluster_security_group_id" { | ||
description = "Security group ids attached to the cluster control plane" | ||
value = module.eks.cluster_security_group_id | ||
} | ||
|
||
output "region" { | ||
description = "AWS region" | ||
value = var.region | ||
} | ||
|
||
output "cluster_name" { | ||
description = "Kubernetes Cluster Name" | ||
value = module.eks.cluster_name | ||
} |