github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-05-08 00:43:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Better examples, PR template changes, general tidy up (#375)

Browse Source 
* adding 3 examples

* removing old example

* updating PR template

* fix this typo

* update after renaming default example

* add missing launch_template_mixed stuff to aws_auth

* fix 2 examples with public subnets

* update changelog for new minor release
This commit is contained in:
Max Williams
2019-05-08 15:11:05 +02:00
committed by GitHub
parent f0838165e2
commit d6fa9f48ff
20 changed files with 270 additions and 231 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
examples/eks_test_fixture/README.md
View File

@@ -1,117 +0,0 @@
# eks_test_fixture example
This set of templates serves a few purposes. It:
1. shows developers how to use the module in a straightforward way as integrated with other terraform community supported modules.
2. serves as the test infrastructure for CI on the project.
3. provides a simple way to play with the Kubernetes cluster you create.
## IAM Permissions
The following IAM policy is the minimum needed to execute the module from the test suite.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"autoscaling:AttachInstances",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:CreateOrUpdateTags",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:DeleteTags",
"autoscaling:Describe*",
"autoscaling:DetachInstances",
"autoscaling:SetDesiredCapacity",
"autoscaling:UpdateAutoScalingGroup",
"ec2:AllocateAddress",
"ec2:AssignPrivateIpAddresses",
"ec2:Associate*",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateDefaultSubnet",
"ec2:CreateDhcpOptions",
"ec2:CreateEgressOnlyInternetGateway",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkInterface",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateVpc",
"ec2:DeleteDhcpOptions",
"ec2:DeleteEgressOnlyInternetGateway",
"ec2:DeleteInternetGateway",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkInterface",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DeleteVpc",
"ec2:DeleteVpnGateway",
"ec2:Describe*",
"ec2:DetachInternetGateway",
"ec2:DetachNetworkInterface",
"ec2:DetachVolume",
"ec2:Disassociate*",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:UpdateSecurityGroupRuleDescriptionsEgress",
"ec2:UpdateSecurityGroupRuleDescriptionsIngress",
"ec2:CreateLaunchTemplate",
"ec2:CreateLaunchTemplateVersion",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ec2:GetLaunchTemplateData",
"ec2:ModifyLaunchTemplate",
"eks:CreateCluster",
"eks:DeleteCluster",
"eks:DescribeCluster",
"eks:ListClusters",
"iam:AddRoleToInstanceProfile",
"iam:AttachRolePolicy",
"iam:CreateInstanceProfile",
"iam:CreatePolicy",
"iam:CreatePolicyVersion",
"iam:CreateRole",
"iam:DeleteInstanceProfile",
"iam:DeletePolicy",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DeleteServiceLinkedRole",
"iam:DetachRolePolicy",
"iam:GetInstanceProfile",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:List*",
"iam:PassRole",
"iam:PutRolePolicy",
"iam:RemoveRoleFromInstanceProfile",
"iam:UpdateAssumeRolePolicy"
],
"Resource": "*"
}
]
}
```

168
examples/eks_test_fixture/main.tf
View File

@@ -1,168 +0,0 @@
terraform {
required_version = ">= 0.11.8"
}
provider "aws" {
version = ">= 2.6.0"
region = "${var.region}"
}
provider "random" {
version = "= 1.3.1"
}
data "aws_availability_zones" "available" {}
locals {
cluster_name = "test-eks-${random_string.suffix.result}"
# the commented out worker group list below shows an example of how to define
# multiple worker groups of differing configurations
# worker_groups = [
# {
# asg_desired_capacity = 2
# asg_max_size = 10
# asg_min_size = 2
# instance_type = "m4.xlarge"
# name = "worker_group_a"
# additional_userdata = "echo foo bar"
# subnets = "${join(",", module.vpc.private_subnets)}"
# },
# {
# asg_desired_capacity = 1
# asg_max_size = 5
# asg_min_size = 1
# instance_type = "m4.2xlarge"
# name = "worker_group_b"
# additional_userdata = "echo foo bar"
# subnets = "${join(",", module.vpc.private_subnets)}"
# },
# ]
# the commented out worker group tags below shows an example of how to define
# custom tags for the worker groups ASG
# worker_group_tags = {
# worker_group_a = [
# {
# key = "k8s.io/cluster-autoscaler/node-template/taint/nvidia.com/gpu"
# value = "gpu:NoSchedule"
# propagate_at_launch = true
# },
# ],
# worker_group_b = [
# {
# key = "k8s.io/cluster-autoscaler/node-template/taint/nvidia.com/gpu"
# value = "gpu:NoSchedule"
# propagate_at_launch = true
# },
# ],
# }
worker_groups = [
{
instance_type = "t2.small"
additional_userdata = "echo foo bar"
asg_desired_capacity = 2
},
]
worker_groups_launch_template = [
{
instance_type = "t2.small"
additional_userdata = "echo foo bar"
additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}"
asg_desired_capacity = 2
},
]
tags = {
Environment = "test"
GithubRepo = "terraform-aws-eks"
GithubOrg = "terraform-aws-modules"
Workspace = "${terraform.workspace}"
}
}
resource "random_string" "suffix" {
length = 8
special = false
}
resource "aws_security_group" "worker_group_mgmt_one" {
name_prefix = "worker_group_mgmt_one"
description = "SG to be applied to all *nix machines"
vpc_id = "${module.vpc.vpc_id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [
"10.0.0.0/8",
]
}
}
resource "aws_security_group" "worker_group_mgmt_two" {
name_prefix = "worker_group_mgmt_two"
vpc_id = "${module.vpc.vpc_id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [
"192.168.0.0/16",
]
}
}
resource "aws_security_group" "all_worker_mgmt" {
name_prefix = "all_worker_management"
vpc_id = "${module.vpc.vpc_id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16",
]
}
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "1.60.0"
name = "test-vpc"
cidr = "10.0.0.0/16"
azs = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}", "${data.aws_availability_zones.available.names[2]}"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
enable_nat_gateway = true
single_nat_gateway = true
tags = "${merge(local.tags, map("kubernetes.io/cluster/${local.cluster_name}", "shared"))}"
}
module "eks" {
source = "../.."
cluster_name = "${local.cluster_name}"
subnets = ["${module.vpc.private_subnets}"]
tags = "${local.tags}"
vpc_id = "${module.vpc.vpc_id}"
worker_groups = "${local.worker_groups}"
worker_groups_launch_template = "${local.worker_groups_launch_template}"
worker_group_count = 1
worker_group_launch_template_count = 1
worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"]
map_roles = "${var.map_roles}"
map_roles_count = "${var.map_roles_count}"
map_users = "${var.map_users}"
map_users_count = "${var.map_users_count}"
map_accounts = "${var.map_accounts}"
map_accounts_count = "${var.map_accounts_count}"
}

24
examples/eks_test_fixture/outputs.tf
View File

@@ -1,24 +0,0 @@
output "cluster_endpoint" {
description = "Endpoint for EKS control plane."
value = "${module.eks.cluster_endpoint}"
}
output "cluster_security_group_id" {
description = "Security group ids attached to the cluster control plane."
value = "${module.eks.cluster_security_group_id}"
}
output "kubectl_config" {
description = "kubectl config as generated by the module."
value = "${module.eks.kubeconfig}"
}
output "config_map_aws_auth" {
description = ""
value = "${module.eks.config_map_aws_auth}"
}
output "region" {
description = "AWS region."
value = "${var.region}"
}

62
examples/eks_test_fixture/variables.tf
View File

@@ -1,62 +0,0 @@
variable "region" {
default = "us-west-2"
}
variable "map_accounts" {
description = "Additional AWS account numbers to add to the aws-auth configmap."
type = "list"
default = [
"777777777777",
"888888888888",
]
}
variable "map_accounts_count" {
description = "The count of accounts in the map_accounts list."
type = "string"
default = 2
}
variable "map_roles" {
description = "Additional IAM roles to add to the aws-auth configmap."
type = "list"
default = [
{
role_arn = "arn:aws:iam::66666666666:role/role1"
username = "role1"
group = "system:masters"
},
]
}
variable "map_roles_count" {
description = "The count of roles in the map_roles list."
type = "string"
default = 1
}
variable "map_users" {
description = "Additional IAM users to add to the aws-auth configmap."
type = "list"
default = [
{
user_arn = "arn:aws:iam::66666666666:user/user1"
username = "user1"
group = "system:masters"
},
{
user_arn = "arn:aws:iam::66666666666:user/user2"
username = "user2"
group = "system:masters"
},
]
}
variable "map_users_count" {
description = "The count of roles in the map_users list."
type = "string"
default = 2
}