github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-03-25 10:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Better examples, PR template changes, general tidy up (#375)

Browse Source 
* adding 3 examples

* removing old example

* updating PR template

* fix this typo

* update after renaming default example

* add missing launch_template_mixed stuff to aws_auth

* fix 2 examples with public subnets

* update changelog for new minor release
This commit is contained in:
Max Williams
2019-05-08 15:11:05 +02:00
committed by GitHub
parent f0838165e2
commit d6fa9f48ff
20 changed files with 270 additions and 231 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -6,8 +6,7 @@ Please explain the changes you made here and link to any relevant issues.
### Checklist ### Checklist
- [ ] `terraform fmt` and `terraform validate` both work from the root and `examples/eks_test_fixture` directories (look in CI for an example) - [ ] `terraform fmt` and `terraform validate` both work from the root and `examples/*` directories
- [ ] Tests for the changes have been added and passing (for bug fixes/features) - [ ] CI tests are passing
- [ ] Test results are pasted in this PR (in lieu of CI) - [ ] I've added my change to CHANGELOG.md and highlighted any breaking changes
- [ ] I've added my change to CHANGELOG.md - [ ] README.md has been updated after any changes to variables and outputs. See https://github.com/terraform-aws-modules/terraform-aws-eks/#doc-generation
- [ ] Any breaking changes are highlighted above

2
.kitchen.yml
View File

@@ -1,7 +1,7 @@
--- ---
driver: driver:
name: "terraform" name: "terraform"
root_module_directory: "examples/eks_test_fixture" root_module_directory: "examples/basic"
provisioner: provisioner:
name: "terraform" name: "terraform"

20
.travis.yml
View File

@@ -34,19 +34,15 @@ script:
- terraform init - terraform init
- terraform fmt -check=true - terraform fmt -check=true
- terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]" -var "cluster_name=test_cluster" - terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]" -var "cluster_name=test_cluster"
# - docker run --rm -v $(pwd):/app/ --workdir=/app/ -t wata727/tflint --error-with-issues - |
- cd examples/eks_test_fixture for example in $(find examples -maxdepth 1 -mindepth 1 -type d); do
- terraform init cd $example
- terraform fmt -check=true terraform init
- terraform validate terraform fmt -check=true
- cd - terraform validate
cd -
done
- terraform -v - terraform -v
# - bundle exec kitchen test --destroy always
# deploy:
# provider: script
# script: ci/deploy.sh
# on:
# branch: master
notifications: notifications:
email: email:

9
CHANGELOG.md
View File

@@ -19,6 +19,15 @@ project adheres to [Semantic Versioning](http://semver.org/).
# History # History
## [[v4.0.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.0...v4.0.1)] - 2019-05-07]
### Changed
- Added 2 new examples, also tidy up basic example (by @max-rocket-internet)
- Updates to travis, PR template (by @max-rocket-internet)
- Fix typo in data.tf (by @max-rocket-internet)
- Add missing launch template items in `aws_auth.tf` (by @max-rocket-internet)
## [[v4.0.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.0...v4.0.1)] - 2019-05-07] ## [[v4.0.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.0...v4.0.1)] - 2019-05-07]
### Changed ### Changed

13
README.md
View File

@@ -19,7 +19,7 @@ Read the [AWS docs on EKS to get connected to the k8s dashboard](https://docs.aw
## Usage example ## Usage example
A full example leveraging other community modules is contained in the [examples/eks_test_fixture directory](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks_test_fixture). Here's the gist of using it via the Terraform registry: A full example leveraging other community modules is contained in the [examples/basic directory](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/basic). Here's the gist of using it via the Terraform registry:
```hcl ```hcl
module "my-cluster" { module "my-cluster" {
@@ -89,11 +89,6 @@ Report issues/questions/feature requests on in the [issues](https://github.com/t
Full contributing [guidelines are covered here](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/CONTRIBUTING.md). Full contributing [guidelines are covered here](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/CONTRIBUTING.md).
## IAM Permissions
Testing and using this repo requires a minimum set of IAM permissions. Test permissions
are listed in the [eks_test_fixture README](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks_test_fixture/README.md).
## Change log ## Change log
The [changelog](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/CHANGELOG.md) captures all important release notes. The [changelog](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/CHANGELOG.md) captures all important release notes.
@@ -133,11 +128,11 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
| manage\_aws\_auth | Whether to apply the aws-auth configmap file. | string | `"true"` | no | | manage\_aws\_auth | Whether to apply the aws-auth configmap file. | string | `"true"` | no |
| manage\_cluster\_iam\_resources | Whether to let the module manage cluster IAM resources. If set to false, cluster_iam_role_name must be specified. | string | `"true"` | no | | manage\_cluster\_iam\_resources | Whether to let the module manage cluster IAM resources. If set to false, cluster_iam_role_name must be specified. | string | `"true"` | no |
| manage\_worker\_iam\_resources | Whether to let the module manage worker IAM resources. If set to false, iam_instance_profile_name must be specified for workers. | string | `"true"` | no | | manage\_worker\_iam\_resources | Whether to let the module manage worker IAM resources. If set to false, iam_instance_profile_name must be specified for workers. | string | `"true"` | no |
| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no | | map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no |
| map\_accounts\_count | The count of accounts in the map_accounts list. | string | `"0"` | no | | map\_accounts\_count | The count of accounts in the map_accounts list. | string | `"0"` | no |
| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no | | map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no |
| map\_roles\_count | The count of roles in the map_roles list. | string | `"0"` | no | | map\_roles\_count | The count of roles in the map_roles list. | string | `"0"` | no |
| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no | | map\_users | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no |
| map\_users\_count | The count of roles in the map_users list. | string | `"0"` | no | | map\_users\_count | The count of roles in the map_users list. | string | `"0"` | no |
| permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | string | `""` | no | | permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | string | `""` | no |
| subnets | A list of subnets to place the EKS cluster and workers within. | list | n/a | yes | | subnets | A list of subnets to place the EKS cluster and workers within. | list | n/a | yes |

11
aws_auth.tf
View File

@@ -33,6 +33,15 @@ EOS
data "aws_caller_identity" "current" {} data "aws_caller_identity" "current" {}
data "template_file" "launch_template_mixed_worker_role_arns" {
count = "${var.worker_group_launch_template_mixed_count}"
template = "${file("${path.module}/templates/worker-role.tpl")}"
vars {
worker_role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${element(coalescelist(aws_iam_instance_profile.workers_launch_template_mixed.*.role, data.aws_iam_instance_profile.custom_worker_group_launch_template_mixed_iam_instance_profile.*.role_name), count.index)}"
}
}
data "template_file" "launch_template_worker_role_arns" { data "template_file" "launch_template_worker_role_arns" {
count = "${var.worker_group_launch_template_count}" count = "${var.worker_group_launch_template_count}"
template = "${file("${path.module}/templates/worker-role.tpl")}" template = "${file("${path.module}/templates/worker-role.tpl")}"
@@ -55,7 +64,7 @@ data "template_file" "config_map_aws_auth" {
template = "${file("${path.module}/templates/config-map-aws-auth.yaml.tpl")}" template = "${file("${path.module}/templates/config-map-aws-auth.yaml.tpl")}"
vars { vars {
worker_role_arn = "${join("", distinct(concat(data.template_file.launch_template_worker_role_arns.*.rendered, data.template_file.worker_role_arns.*.rendered)))}" worker_role_arn = "${join("", distinct(concat(data.template_file.launch_template_worker_role_arns.*.rendered, data.template_file.worker_role_arns.*.rendered, data.template_file.launch_template_mixed_worker_role_arns.*.rendered)))}"
map_users = "${join("", data.template_file.map_users.*.rendered)}" map_users = "${join("", data.template_file.map_users.*.rendered)}"
map_roles = "${join("", data.template_file.map_roles.*.rendered)}" map_roles = "${join("", data.template_file.map_roles.*.rendered)}"
map_accounts = "${join("", data.template_file.map_accounts.*.rendered)}" map_accounts = "${join("", data.template_file.map_accounts.*.rendered)}"

8
data.tf
View File

@@ -109,10 +109,10 @@ data "template_file" "workers_launch_template_mixed" {
cluster_name = "${aws_eks_cluster.this.name}" cluster_name = "${aws_eks_cluster.this.name}"
endpoint = "${aws_eks_cluster.this.endpoint}" endpoint = "${aws_eks_cluster.this.endpoint}"
cluster_auth_base64 = "${aws_eks_cluster.this.certificate_authority.0.data}" cluster_auth_base64 = "${aws_eks_cluster.this.certificate_authority.0.data}"
pre_userdata = "${lookup(var.worker_groups_launch_template[count.index], "pre_userdata", local.workers_group_defaults["pre_userdata"])}" pre_userdata = "${lookup(var.worker_groups_launch_template_mixed[count.index], "pre_userdata", local.workers_group_defaults["pre_userdata"])}"
additional_userdata = "${lookup(var.worker_groups_launch_template[count.index], "additional_userdata", local.workers_group_defaults["additional_userdata"])}" additional_userdata = "${lookup(var.worker_groups_launch_template_mixed[count.index], "additional_userdata", local.workers_group_defaults["additional_userdata"])}"
bootstrap_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "bootstrap_extra_args", local.workers_group_defaults["bootstrap_extra_args"])}" bootstrap_extra_args = "${lookup(var.worker_groups_launch_template_mixed[count.index], "bootstrap_extra_args", local.workers_group_defaults["bootstrap_extra_args"])}"
kubelet_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "kubelet_extra_args", local.workers_group_defaults["kubelet_extra_args"])}" kubelet_extra_args = "${lookup(var.worker_groups_launch_template_mixed[count.index], "kubelet_extra_args", local.workers_group_defaults["kubelet_extra_args"])}"
} }
} }

7
examples/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Examples
These serve a few purposes:
1. Shows developers how to use the module in a straightforward way as integrated with other terraform community supported modules.
2. Serves as the test infrastructure for CI on the project.
3. Provides a simple way to play with the Kubernetes cluster you create.

121
examples/eks_test_fixture/main.tf → examples/basic/main.tf
View File

@@ -15,71 +15,6 @@ data "aws_availability_zones" "available" {}
locals { locals {
cluster_name = "test-eks-${random_string.suffix.result}" cluster_name = "test-eks-${random_string.suffix.result}"
# the commented out worker group list below shows an example of how to define
# multiple worker groups of differing configurations
# worker_groups = [
# {
# asg_desired_capacity = 2
# asg_max_size = 10
# asg_min_size = 2
# instance_type = "m4.xlarge"
# name = "worker_group_a"
# additional_userdata = "echo foo bar"
# subnets = "${join(",", module.vpc.private_subnets)}"
# },
# {
# asg_desired_capacity = 1
# asg_max_size = 5
# asg_min_size = 1
# instance_type = "m4.2xlarge"
# name = "worker_group_b"
# additional_userdata = "echo foo bar"
# subnets = "${join(",", module.vpc.private_subnets)}"
# },
# ]
# the commented out worker group tags below shows an example of how to define
# custom tags for the worker groups ASG
# worker_group_tags = {
# worker_group_a = [
# {
# key = "k8s.io/cluster-autoscaler/node-template/taint/nvidia.com/gpu"
# value = "gpu:NoSchedule"
# propagate_at_launch = true
# },
# ],
# worker_group_b = [
# {
# key = "k8s.io/cluster-autoscaler/node-template/taint/nvidia.com/gpu"
# value = "gpu:NoSchedule"
# propagate_at_launch = true
# },
# ],
# }
worker_groups = [
{
instance_type = "t2.small"
additional_userdata = "echo foo bar"
asg_desired_capacity = 2
},
]
worker_groups_launch_template = [
{
instance_type = "t2.small"
additional_userdata = "echo foo bar"
additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}"
asg_desired_capacity = 2
},
]
tags = {
Environment = "test"
GithubRepo = "terraform-aws-eks"
GithubOrg = "terraform-aws-modules"
Workspace = "${terraform.workspace}"
}
} }
resource "random_string" "suffix" { resource "random_string" "suffix" {
@@ -89,7 +24,6 @@ resource "random_string" "suffix" {
resource "aws_security_group" "worker_group_mgmt_one" { resource "aws_security_group" "worker_group_mgmt_one" {
name_prefix = "worker_group_mgmt_one" name_prefix = "worker_group_mgmt_one"
description = "SG to be applied to all *nix machines"
vpc_id = "${module.vpc.vpc_id}" vpc_id = "${module.vpc.vpc_id}"
ingress { ingress {
@@ -140,24 +74,57 @@ module "vpc" {
version = "1.60.0" version = "1.60.0"
name = "test-vpc" name = "test-vpc"
cidr = "10.0.0.0/16" cidr = "10.0.0.0/16"
azs = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}", "${data.aws_availability_zones.available.names[2]}"] azs = ["${data.aws_availability_zones.available.names}"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
enable_nat_gateway = true enable_nat_gateway = true
single_nat_gateway = true single_nat_gateway = true
tags = "${merge(local.tags, map("kubernetes.io/cluster/${local.cluster_name}", "shared"))}"
tags = {
"kubernetes.io/cluster/${local.cluster_name}" = "shared"
}
public_subnet_tags = {
"kubernetes.io/cluster/${local.cluster_name}" = "shared"
}
private_subnet_tags = {
"kubernetes.io/cluster/${local.cluster_name}" = "shared"
"kubernetes.io/role/internal-elb" = "true"
}
} }
module "eks" { module "eks" {
source = "../.." source = "../.."
cluster_name = "${local.cluster_name}" cluster_name = "${local.cluster_name}"
subnets = ["${module.vpc.private_subnets}"] subnets = ["${module.vpc.private_subnets}"]
tags = "${local.tags}"
vpc_id = "${module.vpc.vpc_id}" tags = {
worker_groups = "${local.worker_groups}" Environment = "test"
worker_groups_launch_template = "${local.worker_groups_launch_template}" GithubRepo = "terraform-aws-eks"
worker_group_count = 1 GithubOrg = "terraform-aws-modules"
worker_group_launch_template_count = 1 }
vpc_id = "${module.vpc.vpc_id}"
worker_group_count = 2
worker_groups = [
{
name = "worker-group-1"
instance_type = "t2.small"
additional_userdata = "echo foo bar"
asg_desired_capacity = 2
additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id}"
},
{
name = "worker-group-2"
instance_type = "t2.medium"
additional_userdata = "echo foo bar"
additional_security_group_ids = "${aws_security_group.worker_group_mgmt_two.id}"
asg_desired_capacity = 1
},
]
worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"] worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"]
map_roles = "${var.map_roles}" map_roles = "${var.map_roles}"
map_roles_count = "${var.map_roles_count}" map_roles_count = "${var.map_roles_count}"

2
examples/eks_test_fixture/outputs.tf → examples/basic/outputs.tf
View File

@@ -14,7 +14,7 @@ output "kubectl_config" {
} }
output "config_map_aws_auth" { output "config_map_aws_auth" {
description = "" description = "A kubernetes configuration to authenticate to this EKS cluster."
value = "${module.eks.config_map_aws_auth}" value = "${module.eks.config_map_aws_auth}"
} }

0
examples/eks_test_fixture/variables.tf → examples/basic/variables.tf
View File

117
examples/eks_test_fixture/README.md
View File

@@ -1,117 +0,0 @@
# eks_test_fixture example
This set of templates serves a few purposes. It:
1. shows developers how to use the module in a straightforward way as integrated with other terraform community supported modules.
2. serves as the test infrastructure for CI on the project.
3. provides a simple way to play with the Kubernetes cluster you create.
## IAM Permissions
The following IAM policy is the minimum needed to execute the module from the test suite.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"autoscaling:AttachInstances",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:CreateOrUpdateTags",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:DeleteTags",
"autoscaling:Describe*",
"autoscaling:DetachInstances",
"autoscaling:SetDesiredCapacity",
"autoscaling:UpdateAutoScalingGroup",
"ec2:AllocateAddress",
"ec2:AssignPrivateIpAddresses",
"ec2:Associate*",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateDefaultSubnet",
"ec2:CreateDhcpOptions",
"ec2:CreateEgressOnlyInternetGateway",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkInterface",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateVpc",
"ec2:DeleteDhcpOptions",
"ec2:DeleteEgressOnlyInternetGateway",
"ec2:DeleteInternetGateway",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkInterface",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DeleteVpc",
"ec2:DeleteVpnGateway",
"ec2:Describe*",
"ec2:DetachInternetGateway",
"ec2:DetachNetworkInterface",
"ec2:DetachVolume",
"ec2:Disassociate*",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:UpdateSecurityGroupRuleDescriptionsEgress",
"ec2:UpdateSecurityGroupRuleDescriptionsIngress",
"ec2:CreateLaunchTemplate",
"ec2:CreateLaunchTemplateVersion",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ec2:GetLaunchTemplateData",
"ec2:ModifyLaunchTemplate",
"eks:CreateCluster",
"eks:DeleteCluster",
"eks:DescribeCluster",
"eks:ListClusters",
"iam:AddRoleToInstanceProfile",
"iam:AttachRolePolicy",
"iam:CreateInstanceProfile",
"iam:CreatePolicy",
"iam:CreatePolicyVersion",
"iam:CreateRole",
"iam:DeleteInstanceProfile",
"iam:DeletePolicy",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DeleteServiceLinkedRole",
"iam:DetachRolePolicy",
"iam:GetInstanceProfile",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:List*",
"iam:PassRole",
"iam:PutRolePolicy",
"iam:RemoveRoleFromInstanceProfile",
"iam:UpdateAssumeRolePolicy"
],
"Resource": "*"
}
]
}
```

60
examples/launch_templates/main.tf Normal file
View File

@@ -0,0 +1,60 @@
terraform {
required_version = ">= 0.11.8"
}
provider "aws" {
version = ">= 2.6.0"
region = "${var.region}"
}
provider "random" {
version = "= 1.3.1"
}
data "aws_availability_zones" "available" {}
locals {
cluster_name = "test-eks-lt-${random_string.suffix.result}"
}
resource "random_string" "suffix" {
length = 8
special = false
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "1.60.0"
name = "test-vpc-lt"
cidr = "10.0.0.0/16"
azs = ["${data.aws_availability_zones.available.names}"]
public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
tags = {
"kubernetes.io/cluster/${local.cluster_name}" = "shared"
}
}
module "eks" {
source = "../.."
cluster_name = "${local.cluster_name}"
subnets = ["${module.vpc.public_subnets}"]
vpc_id = "${module.vpc.vpc_id}"
worker_group_count = 0
worker_group_launch_template_count = 2
worker_groups_launch_template = [
{
name = "worker-group-1"
instance_type = "t2.small"
asg_desired_capacity = 2
public_ip = true
},
{
name = "worker-group-2"
instance_type = "t2.medium"
asg_desired_capacity = 1
public_ip = true
},
]
}

24
examples/launch_templates/outputs.tf Normal file
View File

@@ -0,0 +1,24 @@
output "cluster_endpoint" {
description = "Endpoint for EKS control plane."
value = "${module.eks.cluster_endpoint}"
}
output "cluster_security_group_id" {
description = "Security group ids attached to the cluster control plane."
value = "${module.eks.cluster_security_group_id}"
}
output "kubectl_config" {
description = "kubectl config as generated by the module."
value = "${module.eks.kubeconfig}"
}
output "config_map_aws_auth" {
description = "A kubernetes configuration to authenticate to this EKS cluster."
value = "${module.eks.config_map_aws_auth}"
}
output "region" {
description = "AWS region."
value = "${var.region}"
}

3
examples/launch_templates/variables.tf Normal file
View File

@@ -0,0 +1,3 @@
variable "region" {
default = "us-west-2"
}

60
examples/spot_instances/main.tf Normal file
View File

@@ -0,0 +1,60 @@
terraform {
required_version = ">= 0.11.8"
}
provider "aws" {
version = ">= 2.6.0"
region = "${var.region}"
}
provider "random" {
version = "= 1.3.1"
}
data "aws_availability_zones" "available" {}
locals {
cluster_name = "test-eks-spot-${random_string.suffix.result}"
}
resource "random_string" "suffix" {
length = 8
special = false
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "1.60.0"
name = "test-vpc-spot"
cidr = "10.0.0.0/16"
azs = ["${data.aws_availability_zones.available.names}"]
public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
tags = {
"kubernetes.io/cluster/${local.cluster_name}" = "shared"
}
}
module "eks" {
source = "../.."
cluster_name = "${local.cluster_name}"
subnets = ["${module.vpc.public_subnets}"]
vpc_id = "${module.vpc.vpc_id}"
worker_group_count = 0
worker_group_launch_template_mixed_count = 1
worker_groups_launch_template_mixed = [
{
name = "spot-1"
override_instance_type_1 = "m5.large"
override_instance_type_2 = "c5.large"
override_instance_type_3 = "t3.large"
override_instance_type_4 = "r5.large"
spot_instance_pools = 4
asg_max_size = 5
asg_desired_capacity = 5
kubelet_extra_args = "--node-labels=kubernetes.io/lifecycle=spot"
public_ip = true
},
]
}

24
examples/spot_instances/outputs.tf Normal file
View File

@@ -0,0 +1,24 @@
output "cluster_endpoint" {
description = "Endpoint for EKS control plane."
value = "${module.eks.cluster_endpoint}"
}
output "cluster_security_group_id" {
description = "Security group ids attached to the cluster control plane."
value = "${module.eks.cluster_security_group_id}"
}
output "kubectl_config" {
description = "kubectl config as generated by the module."
value = "${module.eks.kubeconfig}"
}
output "config_map_aws_auth" {
description = "A kubernetes configuration to authenticate to this EKS cluster."
value = "${module.eks.config_map_aws_auth}"
}
output "region" {
description = "AWS region."
value = "${var.region}"
}

3
examples/spot_instances/variables.tf Normal file
View File

@@ -0,0 +1,3 @@
variable "region" {
default = "us-west-2"
}

6
variables.tf
View File

@@ -39,7 +39,7 @@ variable "write_aws_auth_config" {
} }
variable "map_accounts" { variable "map_accounts" {
description = "Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format." description = "Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format."
type = "list" type = "list"
default = [] default = []
} }
@@ -51,7 +51,7 @@ variable "map_accounts_count" {
} }
variable "map_roles" { variable "map_roles" {
description = "Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format." description = "Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format."
type = "list" type = "list"
default = [] default = []
} }
@@ -63,7 +63,7 @@ variable "map_roles_count" {
} }
variable "map_users" { variable "map_users" {
description = "Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format." description = "Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format."
type = "list" type = "list"
default = [] default = []
} }

2
version
View File

@@ -1 +1 @@
v4.0.1 v4.0.2