From df423926f14cb167f8f7884d26bc0440414f9b32 Mon Sep 17 00:00:00 2001 From: Eldad Assis Date: Wed, 6 Nov 2024 08:19:20 -0500 Subject: [PATCH] Add an AWS EKS example --- 1.aws-vpc-and-ec2/README.md | 12 ++- 2.kubernetes-nginx/README.md | 11 ++- 3.artifactory-install/README.md | 11 ++- 4.artifactory-config/README.md | 11 ++- 5.aws-eks/README.md | 41 ++++++++++ 5.aws-eks/main.tf | 128 ++++++++++++++++++++++++++++++++ 5.aws-eks/outputs.tf | 22 ++++++ 7 files changed, 223 insertions(+), 13 deletions(-) create mode 100644 5.aws-eks/README.md create mode 100644 5.aws-eks/main.tf create mode 100644 5.aws-eks/outputs.tf diff --git a/1.aws-vpc-and-ec2/README.md b/1.aws-vpc-and-ec2/README.md index f04f874..3a087ff 100644 --- a/1.aws-vpc-and-ec2/README.md +++ b/1.aws-vpc-and-ec2/README.md @@ -1,20 +1,24 @@ # AWS VPC and EC2 Instance Example -The work here assumes you have an AWS account and have the AWS CLI installed and configured. +The work here assumes you have an AWS account and have the AWS CLI installed and configured to this account. The [main.tf](main.tf) contains the configuration that Terraform will use to create the resources in the cloud. -Initialize the Terraform configuration by running the following command +1. Initialize the Terraform configuration by running the following command ```shell terraform init ``` -Plan the Terraform configuration by running the following command +2. Plan the Terraform configuration by running the following command ```shell terraform plan ``` -Apply the Terraform configuration by running the following command +3. Apply the Terraform configuration by running the following command ```shell terraform apply ``` +4. When you are done, you can destroy the resources by running the following command +```shell +terraform destroy +``` diff --git a/2.kubernetes-nginx/README.md b/2.kubernetes-nginx/README.md index ec64abd..ebffb4f 100644 --- a/2.kubernetes-nginx/README.md +++ b/2.kubernetes-nginx/README.md @@ -3,17 +3,22 @@ The work here assumes you have a Kubernetes cluster with `kubectl` installed and The [main.tf](main.tf) file has the configuration that Terraform will use to create the Nginx in the Kubernetes cluster. -Initialize the Terraform configuration by running the following command +1. Initialize the Terraform configuration by running the following command ```shell terraform init ``` -Plan the Terraform configuration by running the following command +2. Plan the Terraform configuration by running the following command ```shell terraform plan ``` -Apply the Terraform configuration by running the following command +3. Apply the Terraform configuration by running the following command ```shell terraform apply ``` + +4. When you are done, you can destroy the resources by running the following command +```shell +terraform destroy +``` diff --git a/3.artifactory-install/README.md b/3.artifactory-install/README.md index 23b034a..0143425 100644 --- a/3.artifactory-install/README.md +++ b/3.artifactory-install/README.md @@ -5,17 +5,22 @@ The [main.tf](main.tf) file has the configuration that Terraform will use to ins The [artifactory-values.yaml](artifactory-values.yaml) file has the values that Helm will use to configure the Artifactory installation. -Initialize the Terraform configuration by running the following command +1. Initialize the Terraform configuration by running the following command ```shell terraform init ``` -Plan the Terraform configuration by running the following command +2. Plan the Terraform configuration by running the following command ```shell terraform plan ``` -Apply the Terraform configuration by running the following command +3. Apply the Terraform configuration by running the following command ```shell terraform apply ``` + +4. When you are done, you can destroy the resources by running the following command +```shell +terraform destroy +``` diff --git a/4.artifactory-config/README.md b/4.artifactory-config/README.md index 254a156..2afa8a0 100644 --- a/4.artifactory-config/README.md +++ b/4.artifactory-config/README.md @@ -18,17 +18,22 @@ artifactory_access_token = "eyJ2ZXI..." The [main.tf](main.tf) file has the configuration that Terraform will use to configure the Artifactory server. -Initialize the Terraform configuration by running the following command +1. Initialize the Terraform configuration by running the following command ```shell terraform init ``` -Plan the Terraform configuration by running the following command +2. Plan the Terraform configuration by running the following command ```shell terraform plan ``` -Apply the Terraform configuration by running the following command +3. Apply the Terraform configuration by running the following command ```shell terraform apply ``` + +4. When you are done, you can destroy the resources by running the following command +```shell +terraform destroy +``` diff --git a/5.aws-eks/README.md b/5.aws-eks/README.md new file mode 100644 index 0000000..42afaf0 --- /dev/null +++ b/5.aws-eks/README.md @@ -0,0 +1,41 @@ +# AWS EKS (Kubernetes) Example +The work here assumes you have an AWS account and have the AWS CLI installed and configured to this account. + +The [main.tf](main.tf) contains the configuration that Terraform will use to create all the resources needed for running an [EKS](https://aws.amazon.com/eks/) cluster. + +Set and store the needed variables values in the [terraform.tfvars](terraform.tfvars) file +```text +region = "eu-central-1" +cluster_name = "demo-eks-cluster-test" +cluster_public_access_cidrs = "1.2.3.4/0" +``` + +1. Initialize the Terraform configuration by running the following command +```shell +terraform init +``` + +2. Plan the Terraform configuration by running the following command +```shell +terraform plan +``` + +3. Apply the Terraform configuration by running the following command +```shell +terraform apply +``` + +To get the `kubectl` configuration for the EKS cluster, run the following command +```shell +aws eks --region $(terraform output -raw region) update-kubeconfig --name $(terraform output -raw cluster_name) +``` + +Check the connection to the EKS cluster by running the following command +```shell +kubectl get nodes +``` + +4. When you are done, you can destroy the resources by running the following command +```shell +terraform destroy +``` diff --git a/5.aws-eks/main.tf b/5.aws-eks/main.tf new file mode 100644 index 0000000..ca63cf7 --- /dev/null +++ b/5.aws-eks/main.tf @@ -0,0 +1,128 @@ +# This file is used to create an AWS EKS cluster and the managed node group(s) + +variable "region" { + default = "eu-central-1" +} + +# WARNING: CIDR "0.0.0.0/0" is full public access to the cluster, you should use a more restrictive CIDR +variable "cluster_public_access_cidrs" { + default = "0.0.0.0/0" +} + +variable "cluster_name" { + default = "demo-eks-cluster" +} + +provider "aws" { + region = var.region +} + +data "aws_availability_zones" "available" { + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} + +locals { + cluster_name = var.cluster_name +} + +resource "aws_security_group_rule" "allow_management_from_my_ip" { + type = "ingress" + from_port = 0 + to_port = 65535 + protocol = "-1" + cidr_blocks = [var.cluster_public_access_cidrs] + security_group_id = module.eks.cluster_security_group_id + description = "Allow all traffic from my public IP for management" +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "5.15.0" + + name = "demo-vpc" + + cidr = "10.0.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) + + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] + + enable_nat_gateway = true + single_nat_gateway = true + enable_dns_hostnames = true + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = 1 + } +} + +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "20.28.0" + + cluster_name = local.cluster_name + cluster_version = "1.31" + + enable_cluster_creator_admin_permissions = true + cluster_endpoint_public_access = true + cluster_endpoint_public_access_cidrs = [var.cluster_public_access_cidrs] + + cluster_addons = { + aws-ebs-csi-driver = { + service_account_role_arn = module.irsa-ebs-csi.iam_role_arn + } + } + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + + eks_managed_node_group_defaults = { + ami_type = "AL2_x86_64" + } + + eks_managed_node_groups = { + one = { + name = "node-group-1" + + instance_types = ["t3.small"] + + min_size = 1 + max_size = 3 + desired_size = 2 + } + + # two = { + # name = "node-group-2" + # + # instance_types = ["t3.small"] + # + # min_size = 1 + # max_size = 2 + # desired_size = 1 + # } + } +} + + +# https://aws.amazon.com/blogs/containers/amazon-ebs-csi-driver-is-now-generally-available-in-amazon-eks-add-ons/ +data "aws_iam_policy" "ebs_csi_policy" { + arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy" +} + +module "irsa-ebs-csi" { + source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" + version = "5.39.0" + + create_role = true + role_name = "AmazonEKSTFEBSCSIRole-${module.eks.cluster_name}" + provider_url = module.eks.oidc_provider + role_policy_arns = [data.aws_iam_policy.ebs_csi_policy.arn] + oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"] +} \ No newline at end of file diff --git a/5.aws-eks/outputs.tf b/5.aws-eks/outputs.tf new file mode 100644 index 0000000..3610001 --- /dev/null +++ b/5.aws-eks/outputs.tf @@ -0,0 +1,22 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +output "cluster_endpoint" { + description = "Endpoint for EKS control plane" + value = module.eks.cluster_endpoint +} + +output "cluster_security_group_id" { + description = "Security group ids attached to the cluster control plane" + value = module.eks.cluster_security_group_id +} + +output "region" { + description = "AWS region" + value = var.region +} + +output "cluster_name" { + description = "Kubernetes Cluster Name" + value = module.eks.cluster_name +}