Add eks module. Add eks-backing-services-peering module (#42)

* Add EKS modules * Update EKS modules * Update EKS modules * Update EKS modules * Add triggers
cloudposse · Oct 1, 2018 · 4043504 · 4043504
1 parent 31116b6
commit 4043504
Show file tree

Hide file tree

Showing 11 changed files with 471 additions and 1 deletion.
diff --git a/aws/backing-services/elasticsearch.tf b/aws/backing-services/elasticsearch.tf
@@ -63,7 +63,7 @@ locals {
 }
 
 module "elasticsearch" {
-  source                  = "git::https://github.com/cloudposse/terraform-aws-elasticsearch.git?ref=tags/0.1.1"
+  source                  = "git::https://github.com/cloudposse/terraform-aws-elasticsearch.git?ref=tags/0.1.2"
   namespace               = "${var.namespace}"
   stage                   = "${var.stage}"
   name                    = "${var.ELASTICSEARCH_NAME}"

diff --git a/aws/eks-backing-services-peering/main.tf b/aws/eks-backing-services-peering/main.tf
@@ -0,0 +1,27 @@
+# Lookup the EKS VPC
+data "aws_vpc" "eks_vpc" {
+  filter {
+    name   = "tag:Name"
+    values = ["${var.namespace}${var.delimiter}${var.stage}${var.delimiter}${var.name}"]
+  }
+}
+
+# Lookup the backing services VPC
+data "aws_vpc" "backing_services_vpc" {
+  filter {
+    name   = "tag:Name"
+    values = ["${var.namespace}${var.delimiter}${var.stage}${var.delimiter}backing-services"]
+  }
+}
+
+module "vpc_peering" {
+  source           = "git::https://github.com/cloudposse/terraform-aws-vpc-peering.git?ref=tags/0.1.2"
+  namespace        = "${var.namespace}"
+  stage            = "${var.stage}"
+  name             = "${var.name}"
+  delimiter        = "${var.delimiter}"
+  attributes       = ["${compact(concat(var.attributes, list("peering")))}"]
+  tags             = "${var.tags}"
+  requestor_vpc_id = "${data.aws_vpc.eks_vpc.id}"
+  acceptor_vpc_id  = "${data.aws_vpc.backing_services_vpc.id}"
+}
diff --git a/aws/eks-backing-services-peering/outputs.tf b/aws/eks-backing-services-peering/outputs.tf
@@ -0,0 +1,9 @@
+output "vpc_peering_connection_id" {
+  value       = "${module.vpc_peering.connection_id}"
+  description = "VPC peering connection ID"
+}
+
+output "vpc_peering_accept_status" {
+  value       = "${module.vpc_peering.accept_status}"
+  description = "The status of the VPC peering connection request"
+}
diff --git a/aws/eks-backing-services-peering/terraform.tfvars.example b/aws/eks-backing-services-peering/terraform.tfvars.example
@@ -0,0 +1,3 @@
+namespace="cp"
+stage="staging"
+name="eks"
diff --git a/aws/eks-backing-services-peering/variables.tf b/aws/eks-backing-services-peering/variables.tf
@@ -0,0 +1,33 @@
+variable "namespace" {
+  type        = "string"
+  description = "Namespace, which could be your organization name, e.g. 'eg' or 'cp'"
+}
+
+variable "stage" {
+  type        = "string"
+  description = "Stage, e.g. 'prod', 'staging', 'dev' or 'testing'"
+}
+
+variable "name" {
+  type        = "string"
+  default     = "eks"
+  description = "Solution name, e.g. 'app' or 'cluster'"
+}
+
+variable "delimiter" {
+  type        = "string"
+  default     = "-"
+  description = "Delimiter to be used between `name`, `namespace`, `stage`, etc."
+}
+
+variable "attributes" {
+  type        = "list"
+  default     = []
+  description = "Additional attributes (e.g. `1`)"
+}
+
+variable "tags" {
+  type        = "map"
+  default     = {}
+  description = "Additional tags (e.g. `map('BusinessUnit`,`XYZ`)"
+}
diff --git a/aws/eks/eks.tf b/aws/eks/eks.tf
@@ -0,0 +1,89 @@
+module "label" {
+  source     = "git::https://github.com/cloudposse/terraform-terraform-label.git?ref=tags/0.1.6"
+  namespace  = "${var.namespace}"
+  name       = "${var.name}"
+  stage      = "${var.stage}"
+  delimiter  = "${var.delimiter}"
+  attributes = "${var.attributes}"
+  tags       = "${var.tags}"
+  enabled    = "${var.enabled}"
+}
+
+locals {
+  # The usage of the specific kubernetes.io/cluster/* resource tags below are required
+  # for EKS and Kubernetes to discover and manage networking resources
+  # https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html#base-vpc-networking
+  tags = "${merge(var.tags, map("kubernetes.io/cluster/${module.label.id}", "shared"))}"
+}
+
+data "aws_availability_zones" "available" {}
+
+module "vpc" {
+  source     = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.3.4"
+  namespace  = "${var.namespace}"
+  stage      = "${var.stage}"
+  name       = "${var.name}"
+  attributes = "${var.attributes}"
+  tags       = "${local.tags}"
+  cidr_block = "${var.vpc_cidr_block}"
+}
+
+module "subnets" {
+  source              = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.3.6"
+  availability_zones  = ["${data.aws_availability_zones.available.names}"]
+  namespace           = "${var.namespace}"
+  stage               = "${var.stage}"
+  name                = "${var.name}"
+  attributes          = "${var.attributes}"
+  tags                = "${local.tags}"
+  region              = "${var.region}"
+  vpc_id              = "${module.vpc.vpc_id}"
+  igw_id              = "${module.vpc.igw_id}"
+  cidr_block          = "${module.vpc.vpc_cidr_block}"
+  nat_gateway_enabled = "true"
+}
+
+module "eks_cluster" {
+  source                  = "git::https://github.com/cloudposse/terraform-aws-eks-cluster.git?ref=tags/0.1.1"
+  namespace               = "${var.namespace}"
+  stage                   = "${var.stage}"
+  name                    = "${var.name}"
+  attributes              = "${var.attributes}"
+  tags                    = "${var.tags}"
+  vpc_id                  = "${module.vpc.vpc_id}"
+  subnet_ids              = ["${module.subnets.public_subnet_ids}"]
+  allowed_security_groups = ["${distinct(compact(concat(var.allowed_security_groups_cluster, list(module.eks_workers.security_group_id))))}"]
+  allowed_cidr_blocks     = ["${var.allowed_cidr_blocks_cluster}"]
+  enabled                 = "${var.enabled}"
+}
+
+module "eks_workers" {
+  source                             = "git::https://github.com/cloudposse/terraform-aws-eks-workers.git?ref=tags/0.1.1"
+  namespace                          = "${var.namespace}"
+  stage                              = "${var.stage}"
+  name                               = "${var.name}"
+  attributes                         = "${var.attributes}"
+  tags                               = "${var.tags}"
+  image_id                           = "${var.image_id}"
+  eks_worker_ami_name_filter         = "${var.eks_worker_ami_name_filter}"
+  instance_type                      = "${var.instance_type}"
+  vpc_id                             = "${module.vpc.vpc_id}"
+  subnet_ids                         = ["${module.subnets.public_subnet_ids}"]
+  health_check_type                  = "${var.health_check_type}"
+  min_size                           = "${var.min_size}"
+  max_size                           = "${var.max_size}"
+  wait_for_capacity_timeout          = "${var.wait_for_capacity_timeout}"
+  associate_public_ip_address        = "${var.associate_public_ip_address}"
+  cluster_name                       = "${module.eks_cluster.eks_cluster_id}"
+  cluster_endpoint                   = "${module.eks_cluster.eks_cluster_endpoint}"
+  cluster_certificate_authority_data = "${module.eks_cluster.eks_cluster_certificate_authority_data}"
+  cluster_security_group_id          = "${module.eks_cluster.security_group_id}"
+  allowed_security_groups            = ["${var.allowed_security_groups_workers}"]
+  allowed_cidr_blocks                = ["${var.allowed_cidr_blocks_workers}"]
+  enabled                            = "${var.enabled}"
+
+  # Auto-scaling policies and CloudWatch metric alarms
+  autoscaling_policies_enabled           = "${var.autoscaling_policies_enabled}"
+  cpu_utilization_high_threshold_percent = "${var.cpu_utilization_high_threshold_percent}"
+  cpu_utilization_low_threshold_percent  = "${var.cpu_utilization_low_threshold_percent}"
+}
diff --git a/aws/eks/kubectl.tf b/aws/eks/kubectl.tf
@@ -0,0 +1,29 @@
+locals {
+  kubeconfig_filename          = "${path.module}/kubeconfig${var.delimiter}${module.eks_cluster.eks_cluster_id}.yaml"
+  config_map_aws_auth_filename = "${path.module}/config-map-aws-auth${var.delimiter}${module.eks_cluster.eks_cluster_id}.yaml"
+}
+
+resource "local_file" "kubeconfig" {
+  count    = "${var.enabled == "true" && var.apply_config_map_aws_auth == "true" ? 1 : 0}"
+  content  = "${module.eks_cluster.kubeconfig}"
+  filename = "${local.kubeconfig_filename}"
+}
+
+resource "local_file" "config_map_aws_auth" {
+  count    = "${var.enabled == "true" && var.apply_config_map_aws_auth == "true" ? 1 : 0}"
+  content  = "${module.eks_workers.config_map_aws_auth}"
+  filename = "${local.config_map_aws_auth_filename}"
+}
+
+resource "null_resource" "apply_config_map_aws_auth" {
+  count = "${var.enabled == "true" && var.apply_config_map_aws_auth == "true" ? 1 : 0}"
+
+  provisioner "local-exec" {
+    command = "kubectl apply -f ${local.config_map_aws_auth_filename} --kubeconfig ${local.kubeconfig_filename}"
+  }
+
+  triggers {
+    kubeconfig_rendered          = "${module.eks_cluster.kubeconfig}"
+    config_map_aws_auth_rendered = "${module.eks_workers.config_map_aws_auth}"
+  }
+}
diff --git a/aws/eks/main.tf b/aws/eks/main.tf
@@ -0,0 +1,15 @@
+terraform {
+  required_version = ">= 0.11.2"
+
+  backend "s3" {}
+}
+
+variable "aws_assume_role_arn" {
+  type = "string"
+}
+
+provider "aws" {
+  assume_role {
+    role_arn = "${var.aws_assume_role_arn}"
+  }
+}
diff --git a/aws/eks/outputs.tf b/aws/eks/outputs.tf
@@ -0,0 +1,119 @@
+output "kubeconfig" {
+  description = "`kubeconfig` configuration to connect to the cluster using `kubectl`. https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html#obtaining-kubectl-configuration-from-terraform"
+  value       = "${module.eks_cluster.kubeconfig}"
+}
+
+output "config_map_aws_auth" {
+  description = "Kubernetes ConfigMap configuration to allow the worker nodes to join the EKS cluster. https://www.terraform.io/docs/providers/aws/guides/eks-getting-started.html#required-kubernetes-configuration-to-join-worker-nodes"
+  value       = "${module.eks_workers.config_map_aws_auth}"
+}
+
+output "eks_cluster_security_group_id" {
+  description = "ID of the EKS cluster Security Group"
+  value       = "${module.eks_cluster.security_group_id}"
+}
+
+output "eks_cluster_security_group_arn" {
+  description = "ARN of the EKS cluster Security Group"
+  value       = "${module.eks_cluster.security_group_arn}"
+}
+
+output "eks_cluster_security_group_name" {
+  description = "Name of the EKS cluster Security Group"
+  value       = "${module.eks_cluster.security_group_name}"
+}
+
+output "eks_cluster_id" {
+  description = "The name of the cluster"
+  value       = "${module.eks_cluster.eks_cluster_id}"
+}
+
+output "eks_cluster_arn" {
+  description = "The Amazon Resource Name (ARN) of the cluster"
+  value       = "${module.eks_cluster.eks_cluster_arn}"
+}
+
+output "eks_cluster_certificate_authority_data" {
+  description = "The base64 encoded certificate data required to communicate with the cluster"
+  value       = "${module.eks_cluster.eks_cluster_certificate_authority_data}"
+}
+
+output "eks_cluster_endpoint" {
+  description = "The endpoint for the Kubernetes API server"
+  value       = "${module.eks_cluster.eks_cluster_endpoint}"
+}
+
+output "eks_cluster_version" {
+  description = "The Kubernetes server version of the cluster"
+  value       = "${module.eks_cluster.eks_cluster_version}"
+}
+
+output "workers_launch_template_id" {
+  description = "ID of the launch template"
+  value       = "${module.eks_workers.launch_template_id}"
+}
+
+output "workers_launch_template_arn" {
+  description = "ARN of the launch template"
+  value       = "${module.eks_workers.launch_template_arn}"
+}
+
+output "workers_autoscaling_group_id" {
+  description = "The AutoScaling Group ID"
+  value       = "${module.eks_workers.autoscaling_group_id}"
+}
+
+output "workers_autoscaling_group_name" {
+  description = "The AutoScaling Group name"
+  value       = "${module.eks_workers.autoscaling_group_name}"
+}
+
+output "workers_autoscaling_group_arn" {
+  description = "ARN of the AutoScaling Group"
+  value       = "${module.eks_workers.autoscaling_group_arn}"
+}
+
+output "workers_autoscaling_group_min_size" {
+  description = "The minimum size of the AutoScaling Group"
+  value       = "${module.eks_workers.autoscaling_group_min_size}"
+}
+
+output "workers_autoscaling_group_max_size" {
+  description = "The maximum size of the AutoScaling Group"
+  value       = "${module.eks_workers.autoscaling_group_max_size}"
+}
+
+output "workers_autoscaling_group_desired_capacity" {
+  description = "The number of Amazon EC2 instances that should be running in the group"
+  value       = "${module.eks_workers.autoscaling_group_desired_capacity}"
+}
+
+output "workers_autoscaling_group_default_cooldown" {
+  description = "Time between a scaling activity and the succeeding scaling activity"
+  value       = "${module.eks_workers.autoscaling_group_default_cooldown}"
+}
+
+output "workers_autoscaling_group_health_check_grace_period" {
+  description = "Time after instance comes into service before checking health"
+  value       = "${module.eks_workers.autoscaling_group_health_check_grace_period}"
+}
+
+output "workers_autoscaling_group_health_check_type" {
+  description = "`EC2` or `ELB`. Controls how health checking is done"
+  value       = "${module.eks_workers.autoscaling_group_health_check_type}"
+}
+
+output "workers_security_group_id" {
+  description = "ID of the worker nodes Security Group"
+  value       = "${module.eks_workers.security_group_id}"
+}
+
+output "workers_security_group_arn" {
+  description = "ARN of the worker nodes Security Group"
+  value       = "${module.eks_workers.security_group_arn}"
+}
+
+output "workers_security_group_name" {
+  description = "Name of the worker nodes Security Group"
+  value       = "${module.eks_workers.security_group_name}"
+}
diff --git a/aws/eks/terraform.tfvars.example b/aws/eks/terraform.tfvars.example
@@ -0,0 +1,3 @@
+namespace="cp"
+stage="staging"
+region="us-west-2"