Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
17cb571
commit 5b2c407
Showing
6 changed files
with
228 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
*.tfplan | ||
|
||
# Crash log files | ||
crash.log | ||
|
||
# Exclude all .tfvars files, which are likely to contain sentitive data, such as | ||
# password, private keys, and other secrets. These should not be part of version | ||
# control as they are data points which are potentially sensitive and subject | ||
# to change depending on the environment. | ||
*.tfvars | ||
|
||
# Ignore override files as they are usually used to override resources locally and so | ||
# are not checked in | ||
override.tf | ||
override.tf.json | ||
*_override.tf | ||
*_override.tf.json | ||
|
||
# Ignore CLI configuration files | ||
.terraformrc | ||
terraform.rc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# AWS Terraform EKS Setup | ||
|
||
https://developer.hashicorp.com/terraform/tutorials/kubernetes/eks | ||
|
||
|
||
This tutorial assumes that you are familiar with the Terraform workflow. If you are new to Terraform, complete the [Get Started collection](https://developer.hashicorp.com/terraform/tutorials/aws-get-started) first. | ||
For this tutorial, you will need: | ||
* Terraform v1.3+ installed locally. | ||
* an [AWS account](https://portal.aws.amazon.com/billing/signup?nc2=h_ct&src=default&redirect_url=https%3A%2F%2Faws.amazon.com%2Fregistration-confirmation#/start) | ||
* the AWS CLI v2.7.0/v1.24.0 or newer, [installed](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) and [configured](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) | ||
* [AWS IAM Authenticator](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) | ||
* kubectl v1.24.0 or newer | ||
|
||
|
||
# Deploy Steps | ||
|
||
``` | ||
terraform init | ||
terraform plan -out tfplan | ||
terraform apply “tfplan” | ||
``` | ||
|
||
# Destroy Steps | ||
``` | ||
terraform destroy | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
# Copyright (c) HashiCorp, Inc. | ||
# SPDX-License-Identifier: MPL-2.0 | ||
|
||
provider "aws" { | ||
region = var.region | ||
} | ||
|
||
# Filter out local zones, which are not currently supported | ||
# with managed node groups | ||
data "aws_availability_zones" "available" { | ||
filter { | ||
name = "opt-in-status" | ||
values = ["opt-in-not-required"] | ||
} | ||
} | ||
|
||
locals { | ||
cluster_name = "artworks-eks" | ||
} | ||
|
||
resource "random_string" "suffix" { | ||
length = 8 | ||
special = false | ||
} | ||
|
||
module "vpc" { | ||
source = "terraform-aws-modules/vpc/aws" | ||
version = "5.0.0" | ||
|
||
name = "artworks-vpc" | ||
|
||
cidr = "10.0.0.0/16" | ||
azs = slice(data.aws_availability_zones.available.names, 0, 3) | ||
|
||
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] | ||
public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] | ||
|
||
enable_nat_gateway = true | ||
single_nat_gateway = true | ||
enable_dns_hostnames = true | ||
|
||
public_subnet_tags = { | ||
"kubernetes.io/cluster/${local.cluster_name}" = "shared" | ||
"kubernetes.io/role/elb" = 1 | ||
} | ||
|
||
private_subnet_tags = { | ||
"kubernetes.io/cluster/${local.cluster_name}" = "shared" | ||
"kubernetes.io/role/internal-elb" = 1 | ||
} | ||
} | ||
|
||
module "eks" { | ||
source = "terraform-aws-modules/eks/aws" | ||
version = "19.15.3" | ||
|
||
cluster_name = local.cluster_name | ||
cluster_version = "1.28" | ||
|
||
vpc_id = module.vpc.vpc_id | ||
subnet_ids = module.vpc.private_subnets | ||
cluster_endpoint_public_access = true | ||
|
||
eks_managed_node_group_defaults = { | ||
ami_type = "AL2_x86_64" | ||
|
||
} | ||
|
||
eks_managed_node_groups = { | ||
one = { | ||
name = "node-group-1" | ||
|
||
instance_types = ["t3.small"] | ||
|
||
min_size = 1 | ||
max_size = 3 | ||
desired_size = 1 | ||
} | ||
|
||
} | ||
} | ||
|
||
|
||
# https://aws.amazon.com/blogs/containers/amazon-ebs-csi-driver-is-now-generally-available-in-amazon-eks-add-ons/ | ||
data "aws_iam_policy" "ebs_csi_policy" { | ||
arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy" | ||
} | ||
|
||
module "irsa-ebs-csi" { | ||
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" | ||
version = "4.7.0" | ||
|
||
create_role = true | ||
role_name = "AmazonEKSTFEBSCSIRole-${module.eks.cluster_name}" | ||
provider_url = module.eks.oidc_provider | ||
role_policy_arns = [data.aws_iam_policy.ebs_csi_policy.arn] | ||
oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"] | ||
} | ||
|
||
resource "aws_eks_addon" "ebs-csi" { | ||
cluster_name = module.eks.cluster_name | ||
addon_name = "aws-ebs-csi-driver" | ||
addon_version = "v1.20.0-eksbuild.1" | ||
service_account_role_arn = module.irsa-ebs-csi.iam_role_arn | ||
tags = { | ||
"eks_addon" = "ebs-csi" | ||
"terraform" = "true" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# Copyright (c) HashiCorp, Inc. | ||
# SPDX-License-Identifier: MPL-2.0 | ||
|
||
output "cluster_endpoint" { | ||
description = "Endpoint for EKS control plane" | ||
value = module.eks.cluster_endpoint | ||
} | ||
|
||
output "cluster_security_group_id" { | ||
description = "Security group ids attached to the cluster control plane" | ||
value = module.eks.cluster_security_group_id | ||
} | ||
|
||
output "region" { | ||
description = "AWS region" | ||
value = var.region | ||
} | ||
|
||
output "cluster_name" { | ||
description = "Kubernetes Cluster Name" | ||
value = module.eks.cluster_name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# Copyright (c) HashiCorp, Inc. | ||
# SPDX-License-Identifier: MPL-2.0 | ||
|
||
terraform { | ||
|
||
# cloud { | ||
# workspaces { | ||
# name = "learn-terraform-eks" | ||
# } | ||
# } | ||
|
||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "~> 5.7.0" | ||
} | ||
|
||
random = { | ||
source = "hashicorp/random" | ||
version = "~> 3.5.1" | ||
} | ||
|
||
tls = { | ||
source = "hashicorp/tls" | ||
version = "~> 4.0.4" | ||
} | ||
|
||
cloudinit = { | ||
source = "hashicorp/cloudinit" | ||
version = "~> 2.3.2" | ||
} | ||
} | ||
|
||
required_version = "~> 1.3" | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# Copyright (c) HashiCorp, Inc. | ||
# SPDX-License-Identifier: MPL-2.0 | ||
|
||
variable "region" { | ||
description = "AWS region" | ||
type = string | ||
default = "ap-south-1" | ||
} |