Skip to content

Commit

Permalink
Add an AWS EKS example
Browse files Browse the repository at this point in the history
  • Loading branch information
eldada committed Nov 6, 2024
1 parent 44ba135 commit df42392
Show file tree
Hide file tree
Showing 7 changed files with 223 additions and 13 deletions.
12 changes: 8 additions & 4 deletions 1.aws-vpc-and-ec2/README.md
Original file line number Diff line number Diff line change
@@ -1,20 +1,24 @@
# AWS VPC and EC2 Instance Example
The work here assumes you have an AWS account and have the AWS CLI installed and configured.
The work here assumes you have an AWS account and have the AWS CLI installed and configured to this account.

The [main.tf](main.tf) contains the configuration that Terraform will use to create the resources in the cloud.

Initialize the Terraform configuration by running the following command
1. Initialize the Terraform configuration by running the following command
```shell
terraform init
```

Plan the Terraform configuration by running the following command
2. Plan the Terraform configuration by running the following command
```shell
terraform plan
```

Apply the Terraform configuration by running the following command
3. Apply the Terraform configuration by running the following command
```shell
terraform apply
```

4. When you are done, you can destroy the resources by running the following command
```shell
terraform destroy
```
11 changes: 8 additions & 3 deletions 2.kubernetes-nginx/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,22 @@ The work here assumes you have a Kubernetes cluster with `kubectl` installed and

The [main.tf](main.tf) file has the configuration that Terraform will use to create the Nginx in the Kubernetes cluster.

Initialize the Terraform configuration by running the following command
1. Initialize the Terraform configuration by running the following command
```shell
terraform init
```

Plan the Terraform configuration by running the following command
2. Plan the Terraform configuration by running the following command
```shell
terraform plan
```

Apply the Terraform configuration by running the following command
3. Apply the Terraform configuration by running the following command
```shell
terraform apply
```

4. When you are done, you can destroy the resources by running the following command
```shell
terraform destroy
```
11 changes: 8 additions & 3 deletions 3.artifactory-install/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,17 +5,22 @@ The [main.tf](main.tf) file has the configuration that Terraform will use to ins

The [artifactory-values.yaml](artifactory-values.yaml) file has the values that Helm will use to configure the Artifactory installation.

Initialize the Terraform configuration by running the following command
1. Initialize the Terraform configuration by running the following command
```shell
terraform init
```

Plan the Terraform configuration by running the following command
2. Plan the Terraform configuration by running the following command
```shell
terraform plan
```

Apply the Terraform configuration by running the following command
3. Apply the Terraform configuration by running the following command
```shell
terraform apply
```

4. When you are done, you can destroy the resources by running the following command
```shell
terraform destroy
```
11 changes: 8 additions & 3 deletions 4.artifactory-config/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,22 @@ artifactory_access_token = "eyJ2ZXI..."

The [main.tf](main.tf) file has the configuration that Terraform will use to configure the Artifactory server.

Initialize the Terraform configuration by running the following command
1. Initialize the Terraform configuration by running the following command
```shell
terraform init
```

Plan the Terraform configuration by running the following command
2. Plan the Terraform configuration by running the following command
```shell
terraform plan
```

Apply the Terraform configuration by running the following command
3. Apply the Terraform configuration by running the following command
```shell
terraform apply
```

4. When you are done, you can destroy the resources by running the following command
```shell
terraform destroy
```
41 changes: 41 additions & 0 deletions 5.aws-eks/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# AWS EKS (Kubernetes) Example
The work here assumes you have an AWS account and have the AWS CLI installed and configured to this account.

The [main.tf](main.tf) contains the configuration that Terraform will use to create all the resources needed for running an [EKS](https://aws.amazon.com/eks/) cluster.

Set and store the needed variables values in the [terraform.tfvars](terraform.tfvars) file
```text
region = "eu-central-1"
cluster_name = "demo-eks-cluster-test"
cluster_public_access_cidrs = "1.2.3.4/0"
```

1. Initialize the Terraform configuration by running the following command
```shell
terraform init
```

2. Plan the Terraform configuration by running the following command
```shell
terraform plan
```

3. Apply the Terraform configuration by running the following command
```shell
terraform apply
```

To get the `kubectl` configuration for the EKS cluster, run the following command
```shell
aws eks --region $(terraform output -raw region) update-kubeconfig --name $(terraform output -raw cluster_name)
```

Check the connection to the EKS cluster by running the following command
```shell
kubectl get nodes
```

4. When you are done, you can destroy the resources by running the following command
```shell
terraform destroy
```
128 changes: 128 additions & 0 deletions 5.aws-eks/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
# This file is used to create an AWS EKS cluster and the managed node group(s)

variable "region" {
default = "eu-central-1"
}

# WARNING: CIDR "0.0.0.0/0" is full public access to the cluster, you should use a more restrictive CIDR
variable "cluster_public_access_cidrs" {
default = "0.0.0.0/0"
}

variable "cluster_name" {
default = "demo-eks-cluster"
}

provider "aws" {
region = var.region
}

data "aws_availability_zones" "available" {
filter {
name = "opt-in-status"
values = ["opt-in-not-required"]
}
}

locals {
cluster_name = var.cluster_name
}

resource "aws_security_group_rule" "allow_management_from_my_ip" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "-1"
cidr_blocks = [var.cluster_public_access_cidrs]
security_group_id = module.eks.cluster_security_group_id
description = "Allow all traffic from my public IP for management"
}

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.15.0"

name = "demo-vpc"

cidr = "10.0.0.0/16"
azs = slice(data.aws_availability_zones.available.names, 0, 3)

private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]

enable_nat_gateway = true
single_nat_gateway = true
enable_dns_hostnames = true

public_subnet_tags = {
"kubernetes.io/role/elb" = 1
}

private_subnet_tags = {
"kubernetes.io/role/internal-elb" = 1
}
}

module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "20.28.0"

cluster_name = local.cluster_name
cluster_version = "1.31"

enable_cluster_creator_admin_permissions = true
cluster_endpoint_public_access = true
cluster_endpoint_public_access_cidrs = [var.cluster_public_access_cidrs]

cluster_addons = {
aws-ebs-csi-driver = {
service_account_role_arn = module.irsa-ebs-csi.iam_role_arn
}
}

vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets

eks_managed_node_group_defaults = {
ami_type = "AL2_x86_64"
}

eks_managed_node_groups = {
one = {
name = "node-group-1"

instance_types = ["t3.small"]

min_size = 1
max_size = 3
desired_size = 2
}

# two = {
# name = "node-group-2"
#
# instance_types = ["t3.small"]
#
# min_size = 1
# max_size = 2
# desired_size = 1
# }
}
}


# https://aws.amazon.com/blogs/containers/amazon-ebs-csi-driver-is-now-generally-available-in-amazon-eks-add-ons/
data "aws_iam_policy" "ebs_csi_policy" {
arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
}

module "irsa-ebs-csi" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
version = "5.39.0"

create_role = true
role_name = "AmazonEKSTFEBSCSIRole-${module.eks.cluster_name}"
provider_url = module.eks.oidc_provider
role_policy_arns = [data.aws_iam_policy.ebs_csi_policy.arn]
oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"]
}
22 changes: 22 additions & 0 deletions 5.aws-eks/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

output "cluster_endpoint" {
description = "Endpoint for EKS control plane"
value = module.eks.cluster_endpoint
}

output "cluster_security_group_id" {
description = "Security group ids attached to the cluster control plane"
value = module.eks.cluster_security_group_id
}

output "region" {
description = "AWS region"
value = var.region
}

output "cluster_name" {
description = "Kubernetes Cluster Name"
value = module.eks.cluster_name
}

0 comments on commit df42392

Please sign in to comment.