Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
15 changed files
with
294 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
module "network" { | ||
source = "./modules/network" | ||
|
||
// pass variables from .tfvars | ||
aws_region = "${var.aws_region}" | ||
subnet_count = "${var.subnet_count}" | ||
} | ||
|
||
module "security_groups" { | ||
source = "./modules/security_groups" | ||
|
||
// pass variables from .tfvars | ||
accessing_computer_ip = "${var.accessing_computer_ip}" | ||
|
||
// inputs from modules | ||
vpc_id = "${module.network.vpc_id}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
resource "aws_internet_gateway" "example" { | ||
vpc_id = "${aws_vpc.example.id}" | ||
|
||
tags { | ||
Name = "internet_gateway" | ||
} | ||
} | ||
|
||
|
||
resource "aws_eip" "nat_gateway" { | ||
count = "${var.subnet_count}" | ||
vpc = true | ||
} | ||
|
||
resource "aws_nat_gateway" "example" { | ||
count = "${var.subnet_count}" | ||
allocation_id = "${aws_eip.nat_gateway.*.id[count.index]}" | ||
subnet_id = "${aws_subnet.gateway.*.id[count.index]}" | ||
tags { | ||
Name = "nat_gateway" | ||
} | ||
depends_on = ["aws_internet_gateway.example"] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
output "vpc_id" { | ||
value = "${aws_vpc.example.id}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
resource "aws_route_table" "application" { | ||
count = "${var.subnet_count}" | ||
vpc_id = "${aws_vpc.example.id}" | ||
route { | ||
cidr_block = "0.0.0.0/0" | ||
nat_gateway_id = "${aws_nat_gateway.example.*.id[count.index]}" | ||
} | ||
tags { | ||
Name = "example_application" | ||
} | ||
} | ||
|
||
resource "aws_route_table" "database" { | ||
vpc_id = "${aws_vpc.example.id}" | ||
|
||
tags { | ||
Name = "example_database" | ||
} | ||
} | ||
resource "aws_route_table" "gateway" { | ||
vpc_id = "${aws_vpc.example.id}" | ||
|
||
route { | ||
cidr_block = "0.0.0.0/0" | ||
gateway_id = "${aws_internet_gateway.example.id}" | ||
} | ||
tags { | ||
Name = "example_gateway" | ||
} | ||
} | ||
|
||
resource "aws_route_table_association" "application" { | ||
count = "${var.subnet_count}" | ||
|
||
subnet_id = "${aws_subnet.application.*.id[count.index]}" | ||
route_table_id = "${aws_route_table.application.*.id[count.index]}" | ||
} | ||
|
||
resource "aws_route_table_association" "database" { | ||
count = "${var.subnet_count}" | ||
|
||
subnet_id = "${aws_subnet.database.*.id[count.index]}" | ||
route_table_id = "${aws_route_table.database.id}" | ||
} | ||
|
||
resource "aws_route_table_association" "gateway" { | ||
count = "${var.subnet_count}" | ||
|
||
subnet_id = "${aws_subnet.gateway.*.id[count.index]}" | ||
route_table_id = "${aws_route_table.gateway.id}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
data "aws_availability_zones" "available" {} | ||
|
||
resource "aws_subnet" "gateway" { | ||
count = "${var.subnet_count}" | ||
availability_zone = "${data.aws_availability_zones.available.names[count.index]}" | ||
cidr_block = "10.0.1${count.index}.0/24" | ||
vpc_id = "${aws_vpc.example.id}" | ||
tags = "${ | ||
map( | ||
"Name", "example_gateway" | ||
) | ||
}" | ||
} | ||
resource "aws_subnet" "application" { | ||
count = "${var.subnet_count}" | ||
availability_zone = "${data.aws_availability_zones.available.names[count.index]}" | ||
cidr_block = "10.0.2${count.index}.0/24" | ||
vpc_id = "${aws_vpc.example.id}" | ||
tags = "${ | ||
map( | ||
"Name", "example_application", | ||
"kubernetes.io/cluster/example", "shared", | ||
) | ||
}" | ||
} | ||
|
||
resource "aws_subnet" "database" { | ||
count = "${var.subnet_count}" | ||
availability_zone = "${data.aws_availability_zones.available.names[count.index]}" | ||
cidr_block = "10.0.3${count.index}.0/24" | ||
vpc_id = "${aws_vpc.example.id}" | ||
|
||
tags = "${ | ||
map( | ||
"Name", "example_database" | ||
) | ||
}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
variable "aws_region" { | ||
type = "string" | ||
description = "Used AWS Region." | ||
} | ||
variable "subnet_count" { | ||
type = "string" | ||
description = "The number of subnets we want to create per type to ensure high availability." | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
resource "aws_vpc" "example" { | ||
cidr_block = "10.0.0.0/16" | ||
enable_dns_hostnames = true | ||
enable_dns_support = true | ||
tags = "${ | ||
map( | ||
"Name", "terraform-eks", | ||
"kubernetes.io/cluster/example", "shared", | ||
) | ||
}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
|
||
resource "aws_security_group" "tf-eks-master" { | ||
name = "terraform-eks-cluster" | ||
description = "Cluster communication with worker nodes" | ||
vpc_id = "${var.vpc_id}" | ||
|
||
egress { | ||
from_port = 0 | ||
to_port = 0 | ||
protocol = "-1" | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
|
||
tags { | ||
Name = "terraform-eks" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
resource "aws_security_group" "tf-eks-node" { | ||
name = "terraform-eks-node" | ||
description = "Security group for all nodes in the cluster" | ||
vpc_id = "${var.vpc_id}" | ||
|
||
egress { | ||
from_port = 0 | ||
to_port = 0 | ||
protocol = "-1" | ||
cidr_blocks = ["0.0.0.0/0"] | ||
} | ||
|
||
tags { | ||
Name = "terraform-eks" | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# Allow inbound traffic from your local workstation external IP | ||
# to the Kubernetes. You will need to replace A.B.C.D below with | ||
# your real IP. Services like icanhazip.com can help you find this. | ||
resource "aws_security_group_rule" "tf-eks-cluster-ingress-workstation-https" { | ||
cidr_blocks = ["${var.accessing_computer_ip}/32"] | ||
description = "Allow workstation to communicate with the cluster API Server" | ||
from_port = 443 | ||
protocol = "tcp" | ||
security_group_id = "${aws_security_group.tf-eks-master.id}" | ||
to_port = 443 | ||
type = "ingress" | ||
} | ||
|
||
######################################################################################## | ||
# Setup worker node security group | ||
|
||
resource "aws_security_group_rule" "tf-eks-node-ingress-self" { | ||
description = "Allow node to communicate with each other" | ||
from_port = 0 | ||
protocol = "-1" | ||
security_group_id = "${aws_security_group.tf-eks-node.id}" | ||
source_security_group_id = "${aws_security_group.tf-eks-node.id}" | ||
to_port = 65535 | ||
type = "ingress" | ||
} | ||
|
||
resource "aws_security_group_rule" "tf-eks-node-ingress-cluster" { | ||
description = "Allow worker Kubelets and pods to receive communication from the cluster control plane" | ||
from_port = 1025 | ||
protocol = "tcp" | ||
security_group_id = "${aws_security_group.tf-eks-node.id}" | ||
source_security_group_id = "${aws_security_group.tf-eks-master.id}" | ||
to_port = 65535 | ||
type = "ingress" | ||
} | ||
|
||
# allow worker nodes to access EKS master | ||
resource "aws_security_group_rule" "tf-eks-cluster-ingress-node-https" { | ||
description = "Allow pods to communicate with the cluster API Server" | ||
from_port = 443 | ||
protocol = "tcp" | ||
security_group_id = "${aws_security_group.tf-eks-node.id}" | ||
source_security_group_id = "${aws_security_group.tf-eks-master.id}" | ||
to_port = 443 | ||
type = "ingress" | ||
} | ||
|
||
resource "aws_security_group_rule" "tf-eks-node-ingress-master" { | ||
description = "Allow cluster control to receive communication from the worker Kubelets" | ||
from_port = 443 | ||
protocol = "tcp" | ||
security_group_id = "${aws_security_group.tf-eks-master.id}" | ||
source_security_group_id = "${aws_security_group.tf-eks-node.id}" | ||
to_port = 443 | ||
type = "ingress" | ||
} | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
variable "accessing_computer_ip" { | ||
type = "string" | ||
description = "IP of the computer to be allowed to connect to EKS master and nodes." | ||
} | ||
|
||
variable "vpc_id" { | ||
type = "string" | ||
description = "ID of the VPC used to setup the cluster." | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
provider "aws" { | ||
region = "${var.aws_region}" | ||
version = "~> 1.55.0" | ||
access_key = "${var.aws_access_key}" | ||
secret_key = "${var.aws_secret_key}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
terraform { | ||
backend "s3" { | ||
region = "eu-west-1" | ||
bucket = "tf-article" | ||
key = "terraform.tfstate" | ||
encrypt = "true" | ||
dynamodb_table = "tf-article-statelock" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
aws_region = "placeholder" | ||
aws_access_key = "placeholder" | ||
aws_secret_key = "placeholder" | ||
subnet_count = "placeholder" | ||
accessing_computer_ip = "placeholder" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
variable "aws_region" { | ||
type = "string" | ||
description = "Used AWS Region." | ||
} | ||
variable "aws_access_key" { | ||
type = "string" | ||
description = "The account identification key used by your Terraform client." | ||
} | ||
variable "aws_secret_key" { | ||
type = "string" | ||
description = "The secret key used by your terraform client to access AWS." | ||
} | ||
|
||
variable "subnet_count" { | ||
type = "string" | ||
description = "The number of subnets we want to create per type to ensure high availability." | ||
} | ||
|
||
variable "accessing_computer_ip" { | ||
type = "string" | ||
description = "IP of the computer to be allowed to connect to EKS master and nodes." | ||
} |