Better examples, PR template changes, general tidy up (#375)

* adding 3 examples * removing old example * updating PR template * fix this typo * update after renaming default example * add missing launch_template_mixed stuff to aws_auth * fix 2 examples with public subnets * update changelog for new minor release
2026-04-30 20:34:37 +02:00 · 2019-05-08 15:11:05 +02:00
parent f0838165e2
commit d6fa9f48ff
20 changed files with 270 additions and 231 deletions
--- a/examples/README.md
+++ b/examples/README.md
@@ -0,0 +1,7 @@
+# Examples
+
+These serve a few purposes:
+
+1.  Shows developers how to use the module in a straightforward way as integrated with other terraform community supported modules.
+2.  Serves as the test infrastructure for CI on the project.
+3.  Provides a simple way to play with the Kubernetes cluster you create.
--- a/examples/eks_test_fixture/main.tf
+++ b/examples/eks_test_fixture/main.tf
@@ -15,71 +15,6 @@ data "aws_availability_zones" "available" {}

 locals {
  cluster_name = "test-eks-${random_string.suffix.result}"
-
-  # the commented out worker group list below shows an example of how to define
-  # multiple worker groups of differing configurations
-  # worker_groups = [
-  #   {
-  #     asg_desired_capacity = 2
-  #     asg_max_size = 10
-  #     asg_min_size = 2
-  #     instance_type = "m4.xlarge"
-  #     name = "worker_group_a"
-  #     additional_userdata = "echo foo bar"
-  #     subnets = "${join(",", module.vpc.private_subnets)}"
-  #   },
-  #   {
-  #     asg_desired_capacity = 1
-  #     asg_max_size = 5
-  #     asg_min_size = 1
-  #     instance_type = "m4.2xlarge"
-  #     name = "worker_group_b"
-  #     additional_userdata = "echo foo bar"
-  #     subnets = "${join(",", module.vpc.private_subnets)}"
-  #   },
-  # ]
-
-
-  # the commented out worker group tags below shows an example of how to define
-  # custom tags for the worker groups ASG
-  # worker_group_tags = {
-  #   worker_group_a = [
-  #     {
-  #       key                 = "k8s.io/cluster-autoscaler/node-template/taint/nvidia.com/gpu"
-  #       value               = "gpu:NoSchedule"
-  #       propagate_at_launch = true
-  #     },
-  #   ],
-  #   worker_group_b = [
-  #     {
-  #       key                 = "k8s.io/cluster-autoscaler/node-template/taint/nvidia.com/gpu"
-  #       value               = "gpu:NoSchedule"
-  #       propagate_at_launch = true
-  #     },
-  #   ],
-  # }
-
-  worker_groups = [
-    {
-      instance_type        = "t2.small"
-      additional_userdata  = "echo foo bar"
-      asg_desired_capacity = 2
-    },
-  ]
-  worker_groups_launch_template = [
-    {
-      instance_type                 = "t2.small"
-      additional_userdata           = "echo foo bar"
-      additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}"
-      asg_desired_capacity          = 2
-    },
-  ]
-  tags = {
-    Environment = "test"
-    GithubRepo  = "terraform-aws-eks"
-    GithubOrg   = "terraform-aws-modules"
-    Workspace   = "${terraform.workspace}"
-  }
 }

 resource "random_string" "suffix" {
@@ -89,7 +24,6 @@ resource "random_string" "suffix" {

 resource "aws_security_group" "worker_group_mgmt_one" {
  name_prefix = "worker_group_mgmt_one"
-  description = "SG to be applied to all *nix machines"
  vpc_id      = "${module.vpc.vpc_id}"

  ingress {
@@ -140,24 +74,57 @@ module "vpc" {
  version            = "1.60.0"
  name               = "test-vpc"
  cidr               = "10.0.0.0/16"
-  azs                = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}", "${data.aws_availability_zones.available.names[2]}"]
+  azs                = ["${data.aws_availability_zones.available.names}"]
  private_subnets    = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  public_subnets     = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
  enable_nat_gateway = true
  single_nat_gateway = true
-  tags               = "${merge(local.tags, map("kubernetes.io/cluster/${local.cluster_name}", "shared"))}"
+
+  tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+  }
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+    "kubernetes.io/role/internal-elb"             = "true"
+  }
 }

 module "eks" {
-  source                               = "../.."
-  cluster_name                         = "${local.cluster_name}"
-  subnets                              = ["${module.vpc.private_subnets}"]
-  tags                                 = "${local.tags}"
-  vpc_id                               = "${module.vpc.vpc_id}"
-  worker_groups                        = "${local.worker_groups}"
-  worker_groups_launch_template        = "${local.worker_groups_launch_template}"
-  worker_group_count                   = 1
-  worker_group_launch_template_count   = 1
+  source       = "../.."
+  cluster_name = "${local.cluster_name}"
+  subnets      = ["${module.vpc.private_subnets}"]
+
+  tags = {
+    Environment = "test"
+    GithubRepo  = "terraform-aws-eks"
+    GithubOrg   = "terraform-aws-modules"
+  }
+
+  vpc_id             = "${module.vpc.vpc_id}"
+  worker_group_count = 2
+
+  worker_groups = [
+    {
+      name                          = "worker-group-1"
+      instance_type                 = "t2.small"
+      additional_userdata           = "echo foo bar"
+      asg_desired_capacity          = 2
+      additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id}"
+    },
+    {
+      name                          = "worker-group-2"
+      instance_type                 = "t2.medium"
+      additional_userdata           = "echo foo bar"
+      additional_security_group_ids = "${aws_security_group.worker_group_mgmt_two.id}"
+      asg_desired_capacity          = 1
+    },
+  ]
+
  worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"]
  map_roles                            = "${var.map_roles}"
  map_roles_count                      = "${var.map_roles_count}"
--- a/examples/eks_test_fixture/outputs.tf
+++ b/examples/eks_test_fixture/outputs.tf
@@ -14,7 +14,7 @@ output "kubectl_config" {
 }

 output "config_map_aws_auth" {
-  description = ""
+  description = "A kubernetes configuration to authenticate to this EKS cluster."
  value       = "${module.eks.config_map_aws_auth}"
 }

--- a/examples/eks_test_fixture/variables.tf
+++ b/examples/eks_test_fixture/variables.tf
--- a/examples/eks_test_fixture/README.md
+++ b/examples/eks_test_fixture/README.md
@@ -1,117 +0,0 @@
-# eks_test_fixture example
-
-This set of templates serves a few purposes. It:
-
-1.  shows developers how to use the module in a straightforward way as integrated with other terraform community supported modules.
-2.  serves as the test infrastructure for CI on the project.
-3.  provides a simple way to play with the Kubernetes cluster you create.
-
-## IAM Permissions
-
-The following IAM policy is the minimum needed to execute the module from the test suite.
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Sid": "VisualEditor0",
-      "Effect": "Allow",
-      "Action": [
-        "autoscaling:AttachInstances",
-        "autoscaling:CreateAutoScalingGroup",
-        "autoscaling:CreateLaunchConfiguration",
-        "autoscaling:CreateOrUpdateTags",
-        "autoscaling:DeleteAutoScalingGroup",
-        "autoscaling:DeleteLaunchConfiguration",
-        "autoscaling:DeleteTags",
-        "autoscaling:Describe*",
-        "autoscaling:DetachInstances",
-        "autoscaling:SetDesiredCapacity",
-        "autoscaling:UpdateAutoScalingGroup",
-        "ec2:AllocateAddress",
-        "ec2:AssignPrivateIpAddresses",
-        "ec2:Associate*",
-        "ec2:AttachInternetGateway",
-        "ec2:AttachNetworkInterface",
-        "ec2:AuthorizeSecurityGroupEgress",
-        "ec2:AuthorizeSecurityGroupIngress",
-        "ec2:CreateDefaultSubnet",
-        "ec2:CreateDhcpOptions",
-        "ec2:CreateEgressOnlyInternetGateway",
-        "ec2:CreateInternetGateway",
-        "ec2:CreateNatGateway",
-        "ec2:CreateNetworkInterface",
-        "ec2:CreateRoute",
-        "ec2:CreateRouteTable",
-        "ec2:CreateSecurityGroup",
-        "ec2:CreateSubnet",
-        "ec2:CreateTags",
-        "ec2:CreateVolume",
-        "ec2:CreateVpc",
-        "ec2:DeleteDhcpOptions",
-        "ec2:DeleteEgressOnlyInternetGateway",
-        "ec2:DeleteInternetGateway",
-        "ec2:DeleteNatGateway",
-        "ec2:DeleteNetworkInterface",
-        "ec2:DeleteRoute",
-        "ec2:DeleteRouteTable",
-        "ec2:DeleteSecurityGroup",
-        "ec2:DeleteSubnet",
-        "ec2:DeleteTags",
-        "ec2:DeleteVolume",
-        "ec2:DeleteVpc",
-        "ec2:DeleteVpnGateway",
-        "ec2:Describe*",
-        "ec2:DetachInternetGateway",
-        "ec2:DetachNetworkInterface",
-        "ec2:DetachVolume",
-        "ec2:Disassociate*",
-        "ec2:ModifySubnetAttribute",
-        "ec2:ModifyVpcAttribute",
-        "ec2:ModifyVpcEndpoint",
-        "ec2:ReleaseAddress",
-        "ec2:RevokeSecurityGroupEgress",
-        "ec2:RevokeSecurityGroupIngress",
-        "ec2:UpdateSecurityGroupRuleDescriptionsEgress",
-        "ec2:UpdateSecurityGroupRuleDescriptionsIngress",
-        "ec2:CreateLaunchTemplate",
-        "ec2:CreateLaunchTemplateVersion",
-        "ec2:DeleteLaunchTemplate",
-        "ec2:DeleteLaunchTemplateVersions",
-        "ec2:DescribeLaunchTemplates",
-        "ec2:DescribeLaunchTemplateVersions",
-        "ec2:GetLaunchTemplateData",
-        "ec2:ModifyLaunchTemplate",
-        "eks:CreateCluster",
-        "eks:DeleteCluster",
-        "eks:DescribeCluster",
-        "eks:ListClusters",
-        "iam:AddRoleToInstanceProfile",
-        "iam:AttachRolePolicy",
-        "iam:CreateInstanceProfile",
-        "iam:CreatePolicy",
-        "iam:CreatePolicyVersion",
-        "iam:CreateRole",
-        "iam:DeleteInstanceProfile",
-        "iam:DeletePolicy",
-        "iam:DeleteRole",
-        "iam:DeleteRolePolicy",
-        "iam:DeleteServiceLinkedRole",
-        "iam:DetachRolePolicy",
-        "iam:GetInstanceProfile",
-        "iam:GetPolicy",
-        "iam:GetPolicyVersion",
-        "iam:GetRole",
-        "iam:GetRolePolicy",
-        "iam:List*",
-        "iam:PassRole",
-        "iam:PutRolePolicy",
-        "iam:RemoveRoleFromInstanceProfile",
-        "iam:UpdateAssumeRolePolicy"
-      ],
-      "Resource": "*"
-    }
-  ]
-}
-```
--- a/examples/launch_templates/main.tf
+++ b/examples/launch_templates/main.tf
@@ -0,0 +1,60 @@
+terraform {
+  required_version = ">= 0.11.8"
+}
+
+provider "aws" {
+  version = ">= 2.6.0"
+  region  = "${var.region}"
+}
+
+provider "random" {
+  version = "= 1.3.1"
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+  cluster_name = "test-eks-lt-${random_string.suffix.result}"
+}
+
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+}
+
+module "vpc" {
+  source         = "terraform-aws-modules/vpc/aws"
+  version        = "1.60.0"
+  name           = "test-vpc-lt"
+  cidr           = "10.0.0.0/16"
+  azs            = ["${data.aws_availability_zones.available.names}"]
+  public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
+
+  tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+  }
+}
+
+module "eks" {
+  source                             = "../.."
+  cluster_name                       = "${local.cluster_name}"
+  subnets                            = ["${module.vpc.public_subnets}"]
+  vpc_id                             = "${module.vpc.vpc_id}"
+  worker_group_count                 = 0
+  worker_group_launch_template_count = 2
+
+  worker_groups_launch_template = [
+    {
+      name                 = "worker-group-1"
+      instance_type        = "t2.small"
+      asg_desired_capacity = 2
+      public_ip            = true
+    },
+    {
+      name                 = "worker-group-2"
+      instance_type        = "t2.medium"
+      asg_desired_capacity = 1
+      public_ip            = true
+    },
+  ]
+}
--- a/examples/launch_templates/outputs.tf
+++ b/examples/launch_templates/outputs.tf
@@ -0,0 +1,24 @@
+output "cluster_endpoint" {
+  description = "Endpoint for EKS control plane."
+  value       = "${module.eks.cluster_endpoint}"
+}
+
+output "cluster_security_group_id" {
+  description = "Security group ids attached to the cluster control plane."
+  value       = "${module.eks.cluster_security_group_id}"
+}
+
+output "kubectl_config" {
+  description = "kubectl config as generated by the module."
+  value       = "${module.eks.kubeconfig}"
+}
+
+output "config_map_aws_auth" {
+  description = "A kubernetes configuration to authenticate to this EKS cluster."
+  value       = "${module.eks.config_map_aws_auth}"
+}
+
+output "region" {
+  description = "AWS region."
+  value       = "${var.region}"
+}
--- a/examples/launch_templates/variables.tf
+++ b/examples/launch_templates/variables.tf
@@ -0,0 +1,3 @@
+variable "region" {
+  default = "us-west-2"
+}
--- a/examples/spot_instances/main.tf
+++ b/examples/spot_instances/main.tf
@@ -0,0 +1,60 @@
+terraform {
+  required_version = ">= 0.11.8"
+}
+
+provider "aws" {
+  version = ">= 2.6.0"
+  region  = "${var.region}"
+}
+
+provider "random" {
+  version = "= 1.3.1"
+}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+  cluster_name = "test-eks-spot-${random_string.suffix.result}"
+}
+
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+}
+
+module "vpc" {
+  source         = "terraform-aws-modules/vpc/aws"
+  version        = "1.60.0"
+  name           = "test-vpc-spot"
+  cidr           = "10.0.0.0/16"
+  azs            = ["${data.aws_availability_zones.available.names}"]
+  public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
+
+  tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+  }
+}
+
+module "eks" {
+  source                                   = "../.."
+  cluster_name                             = "${local.cluster_name}"
+  subnets                                  = ["${module.vpc.public_subnets}"]
+  vpc_id                                   = "${module.vpc.vpc_id}"
+  worker_group_count                       = 0
+  worker_group_launch_template_mixed_count = 1
+
+  worker_groups_launch_template_mixed = [
+    {
+      name                     = "spot-1"
+      override_instance_type_1 = "m5.large"
+      override_instance_type_2 = "c5.large"
+      override_instance_type_3 = "t3.large"
+      override_instance_type_4 = "r5.large"
+      spot_instance_pools      = 4
+      asg_max_size             = 5
+      asg_desired_capacity     = 5
+      kubelet_extra_args       = "--node-labels=kubernetes.io/lifecycle=spot"
+      public_ip                = true
+    },
+  ]
+}
--- a/examples/spot_instances/outputs.tf
+++ b/examples/spot_instances/outputs.tf
@@ -0,0 +1,24 @@
+output "cluster_endpoint" {
+  description = "Endpoint for EKS control plane."
+  value       = "${module.eks.cluster_endpoint}"
+}
+
+output "cluster_security_group_id" {
+  description = "Security group ids attached to the cluster control plane."
+  value       = "${module.eks.cluster_security_group_id}"
+}
+
+output "kubectl_config" {
+  description = "kubectl config as generated by the module."
+  value       = "${module.eks.kubeconfig}"
+}
+
+output "config_map_aws_auth" {
+  description = "A kubernetes configuration to authenticate to this EKS cluster."
+  value       = "${module.eks.config_map_aws_auth}"
+}
+
+output "region" {
+  description = "AWS region."
+  value       = "${var.region}"
+}
--- a/examples/spot_instances/variables.tf
+++ b/examples/spot_instances/variables.tf
@@ -0,0 +1,3 @@
+variable "region" {
+  default = "us-west-2"
+}