/
cfn_template.go
184 lines (163 loc) · 4.25 KB
/
cfn_template.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
package controlplane
var controlplaneCFNTemplate = `
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Amazon EKS Networking + Control Plane [managed by aws-eks-cluster-controller]'
Parameters:
EKSVersion:
Type: String
Description: EKS Version this control plane should run on
Default: {{ .Version }}
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: {{ .Network.VpcCidr }}
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-VPC'
InternetGateway:
Type: "AWS::EC2::InternetGateway"
VPCGatewayAttachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public Subnets
- Key: Network
Value: Public
Route:
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
Subnet01:
Type: AWS::EC2::Subnet
Metadata:
Comment: Subnet 01
Properties:
AvailabilityZone:
Fn::Select:
- '0'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: {{ index .Network.SubnetCidrs 0 }}
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-Subnet01"
Subnet02:
Type: AWS::EC2::Subnet
Metadata:
Comment: Subnet 02
Properties:
AvailabilityZone:
Fn::Select:
- '1'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: {{ index .Network.SubnetCidrs 1 }}
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-Subnet02"
Subnet03:
Type: AWS::EC2::Subnet
Metadata:
Comment: Subnet 03
Properties:
AvailabilityZone:
Fn::Select:
- '2'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: {{ index .Network.SubnetCidrs 2 }}
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-Subnet03"
Subnet01RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref Subnet01
RouteTableId: !Ref RouteTable
Subnet02RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref Subnet02
RouteTableId: !Ref RouteTable
Subnet03RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref Subnet03
RouteTableId: !Ref RouteTable
ControlPlaneSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Cluster communication with worker nodes
VpcId: !Ref VPC
ServiceRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- 'sts:AssumeRole'
Effect: Allow
Principal:
Service:
- eks.amazonaws.com
Version: '2012-10-17'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/AmazonEKSServicePolicy'
- 'arn:aws:iam::aws:policy/AmazonEKSClusterPolicy'
ControlPlane:
Type: 'AWS::EKS::Cluster'
Properties:
Name: {{ .ClusterName }}
ResourcesVpcConfig:
SecurityGroupIds:
- Ref: ControlPlaneSecurityGroup
SubnetIds:
- !Ref 'Subnet01'
- !Ref 'Subnet02'
- !Ref 'Subnet03'
RoleArn:
!GetAtt ServiceRole.Arn
Version: !Ref EKSVersion
Outputs:
SubnetIds:
Export:
Name: !Sub '${AWS::StackName}::SubnetIds'
Value: !Join [ ",", [ !Ref Subnet01, !Ref Subnet02, !Ref Subnet03 ] ]
SecurityGroup:
Export:
Name: !Sub '${AWS::StackName}::SecurityGroup'
Value: !Join [ ",", [ !Ref ControlPlaneSecurityGroup ] ]
VPC:
Export:
Name: !Sub '${AWS::StackName}::VPC'
Value: !Ref VPC
ClusterStackName:
Export:
Name: !Sub '${AWS::StackName}::ClusterStackName'
Value: !Ref 'AWS::StackName'
Endpoint:
Export:
Name: !Sub '${AWS::StackName}::Endpoint'
Value:
!GetAtt ControlPlane.Endpoint
`