-
Notifications
You must be signed in to change notification settings - Fork 89
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #44 from arunlalp/master
[Feat] Added EKS Module
- Loading branch information
Showing
7 changed files
with
432 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
provider "aws" { | ||
region = var.region | ||
} | ||
|
||
module "eks-cluster" { | ||
source = "../modules/eks" | ||
cluster_name = var.cluster_name | ||
role_name = var.role_name | ||
vpc_subnets = var.vpc_subnets | ||
node_group_name = var.node_group_name | ||
node_instance_type = var.node_instance_type | ||
node_disk_size = var.node_disk_size | ||
policy_arns = var.policy_arns | ||
eks_addons = var.eks_addons | ||
principal_arn = var.principal_arn | ||
kubernetes_groups = var.kubernetes_groups | ||
access_policy_arn = var.access_policy_arn | ||
} |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
variable "region" { | ||
type = string | ||
description = "Region of the EC2 instance" | ||
} | ||
|
||
variable "cluster_name" { | ||
description = "The name of the EKS cluster" | ||
type = string | ||
} | ||
|
||
variable "role_name" { | ||
description = "Name of the IAM role for EKS" | ||
type = string | ||
} | ||
|
||
variable "vpc_subnets" { | ||
description = "List of VPC subnet IDs" | ||
type = list(string) | ||
} | ||
|
||
variable "node_group_name" { | ||
description = "The name of the node group" | ||
type = string | ||
} | ||
|
||
variable "node_instance_type" { | ||
description = "EC2 instance type for the node group" | ||
type = list(string) | ||
} | ||
|
||
variable "node_disk_size" { | ||
description = "Disk size for the node group instances" | ||
type = number | ||
} | ||
|
||
variable "policy_arns" { | ||
description = "List of IAM policy ARNs to attach to the roles" | ||
type = list(string) | ||
} | ||
|
||
variable "eks_addons" { | ||
description = "List of EKS addons and their versions" | ||
type = map(string) | ||
} | ||
|
||
variable "principal_arn" { | ||
description = "The ARN of the principal" | ||
type = string | ||
} | ||
|
||
variable "kubernetes_groups" { | ||
description = "Kubernetes groups" | ||
type = list(string) | ||
} | ||
|
||
variable "access_policy_arn" { | ||
description = "The ARN of the access policy" | ||
type = string | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,198 @@ | ||
resource "aws_eks_cluster" "eks_cluster" { | ||
name = var.cluster_name | ||
role_arn = aws_iam_role.cluster_role.arn | ||
|
||
vpc_config { | ||
subnet_ids = var.vpc_subnets | ||
endpoint_private_access = true | ||
endpoint_public_access = true | ||
} | ||
|
||
access_config { | ||
authentication_mode = "API_AND_CONFIG_MAP" | ||
bootstrap_cluster_creator_admin_permissions = true | ||
} | ||
|
||
depends_on = [ | ||
aws_iam_role_policy_attachment.AmazonEKSClusterPolicy, | ||
aws_iam_role_policy_attachment.AmazonEKSVPCResourceController, | ||
] | ||
} | ||
|
||
output "endpoint" { | ||
value = aws_eks_cluster.eks_cluster.endpoint | ||
} | ||
|
||
output "kubeconfig-certificate-authority-data" { | ||
value = aws_eks_cluster.eks_cluster.certificate_authority[0].data | ||
} | ||
|
||
data "aws_iam_policy_document" "assume_role" { | ||
statement { | ||
effect = "Allow" | ||
|
||
principals { | ||
type = "Service" | ||
identifiers = ["eks.amazonaws.com"] | ||
} | ||
|
||
actions = ["sts:AssumeRole"] | ||
} | ||
} | ||
|
||
resource "aws_iam_role" "cluster_role" { | ||
name = var.role_name | ||
assume_role_policy = data.aws_iam_policy_document.assume_role.json | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" { | ||
policy_arn = var.policy_arns[0] | ||
role = aws_iam_role.cluster_role.name | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "AmazonEKSVPCResourceController" { | ||
policy_arn = var.policy_arns[1] | ||
role = aws_iam_role.cluster_role.name | ||
} | ||
|
||
data "tls_certificate" "tls_cert" { | ||
url = aws_eks_cluster.eks_cluster.identity[0].oidc[0].issuer | ||
} | ||
|
||
resource "aws_iam_openid_connect_provider" "eks_oidc_provider" { | ||
client_id_list = ["sts.amazonaws.com"] | ||
thumbprint_list = [data.tls_certificate.tls_cert.certificates[0].sha1_fingerprint] | ||
url = data.tls_certificate.tls_cert.url | ||
} | ||
|
||
data "aws_iam_policy_document" "assume_role_policy" { | ||
statement { | ||
actions = ["sts:AssumeRoleWithWebIdentity"] | ||
effect = "Allow" | ||
|
||
condition { | ||
test = "StringEquals" | ||
variable = "${replace(aws_iam_openid_connect_provider.eks_oidc_provider.url, "https://", "")}:sub" | ||
values = ["system:serviceaccount:kube-system:aws-node"] | ||
} | ||
|
||
principals { | ||
identifiers = [aws_iam_openid_connect_provider.eks_oidc_provider.arn] | ||
type = "Federated" | ||
} | ||
} | ||
} | ||
|
||
resource "aws_eks_addon" "coredns" { | ||
cluster_name = aws_eks_cluster.eks_cluster.name | ||
addon_name = "coredns" | ||
addon_version = var.eks_addons["coredns"] | ||
resolve_conflicts_on_update = "PRESERVE" | ||
} | ||
|
||
resource "aws_iam_role" "vpc_cni_role" { | ||
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json | ||
name = "vpc-cni-role" | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "vpc_cni_policy" { | ||
policy_arn = var.policy_arns[3] | ||
role = aws_iam_role.vpc_cni_role.name | ||
} | ||
|
||
resource "aws_eks_addon" "vpc-cni" { | ||
cluster_name = aws_eks_cluster.eks_cluster.name | ||
addon_name = "vpc-cni" | ||
addon_version = var.eks_addons["vpc-cni"] | ||
resolve_conflicts_on_update = "PRESERVE" | ||
service_account_role_arn = aws_iam_role.vpc_cni_role.arn | ||
} | ||
|
||
resource "aws_eks_addon" "kube-proxy" { | ||
cluster_name = aws_eks_cluster.eks_cluster.name | ||
addon_name = "kube-proxy" | ||
addon_version = var.eks_addons["kube-proxy"] | ||
resolve_conflicts_on_update = "PRESERVE" | ||
} | ||
|
||
resource "aws_eks_addon" "eks-pod-identity-agent" { | ||
cluster_name = aws_eks_cluster.eks_cluster.name | ||
addon_name = "eks-pod-identity-agent" | ||
addon_version = var.eks_addons["eks-pod-identity-agent"] | ||
resolve_conflicts_on_update = "PRESERVE" | ||
} | ||
|
||
resource "aws_eks_node_group" "node_group" { | ||
cluster_name = aws_eks_cluster.eks_cluster.name | ||
node_group_name = var.node_group_name | ||
version = aws_eks_cluster.eks_cluster.version | ||
node_role_arn = aws_iam_role.node-group-iam-role.arn | ||
subnet_ids = var.vpc_subnets | ||
capacity_type = "ON_DEMAND" | ||
disk_size = var.node_disk_size | ||
instance_types = var.node_instance_type | ||
|
||
scaling_config { | ||
desired_size = 1 | ||
max_size = 2 | ||
min_size = 1 | ||
} | ||
|
||
update_config { | ||
max_unavailable = 1 | ||
} | ||
|
||
depends_on = [ | ||
aws_iam_role_policy_attachment.AmazonEKSWorkerNodePolicy, | ||
aws_iam_role_policy_attachment.AmazonEKS_CNI_Policy, | ||
aws_iam_role_policy_attachment.AmazonEC2ContainerRegistryReadOnly, | ||
] | ||
} | ||
|
||
resource "aws_iam_role" "node-group-iam-role" { | ||
name = "eks-node-group-role" | ||
|
||
assume_role_policy = jsonencode({ | ||
Statement = [{ | ||
Action = "sts:AssumeRole" | ||
Effect = "Allow" | ||
Principal = { | ||
Service = "ec2.amazonaws.com" | ||
} | ||
}] | ||
Version = "2012-10-17" | ||
}) | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "AmazonEKSWorkerNodePolicy" { | ||
policy_arn = var.policy_arns[2] | ||
role = aws_iam_role.node-group-iam-role.name | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "AmazonEKS_CNI_Policy" { | ||
policy_arn = var.policy_arns[3] | ||
role = aws_iam_role.node-group-iam-role.name | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly" { | ||
policy_arn = var.policy_arns[4] | ||
role = aws_iam_role.node-group-iam-role.name | ||
} | ||
|
||
resource "aws_eks_access_entry" "access_entry" { | ||
cluster_name = aws_eks_cluster.eks_cluster.name | ||
principal_arn = var.principal_arn | ||
kubernetes_groups = var.kubernetes_groups | ||
type = "STANDARD" | ||
} | ||
|
||
resource "aws_eks_access_policy_association" "access_association" { | ||
cluster_name = aws_eks_cluster.eks_cluster.name | ||
policy_arn = var.access_policy_arn | ||
principal_arn = aws_eks_access_entry.access_entry.principal_arn | ||
|
||
access_scope { | ||
type = "cluster" | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
output "cluster_name" { | ||
description = "The name of the EKS cluster" | ||
value = aws_eks_cluster.eks_cluster.name | ||
} | ||
|
||
output "cluster_endpoint" { | ||
description = "The endpoint of the EKS cluster" | ||
value = aws_eks_cluster.eks_cluster.endpoint | ||
} | ||
|
||
output "cluster_certificate_authority_data" { | ||
description = "The certificate authority data for the cluster" | ||
value = aws_eks_cluster.eks_cluster.certificate_authority[0].data | ||
} | ||
|
||
output "cluster_arn" { | ||
description = "The ARN of the EKS cluster" | ||
value = aws_eks_cluster.eks_cluster.arn | ||
} | ||
|
||
output "oidc_provider_arn" { | ||
description = "The ARN of the OIDC provider" | ||
value = aws_iam_openid_connect_provider.eks_oidc_provider.arn | ||
} | ||
|
||
output "node_group_name" { | ||
description = "The name of the EKS node group" | ||
value = aws_eks_node_group.node_group.node_group_name | ||
} | ||
|
||
output "node_group_instance_types" { | ||
description = "The instance types used in the EKS node group" | ||
value = aws_eks_node_group.node_group.instance_types | ||
} | ||
|
||
output "node_group_disk_size" { | ||
description = "The disk size for the EKS node group instances" | ||
value = aws_eks_node_group.node_group.disk_size | ||
} | ||
|
||
output "iam_role_name" { | ||
description = "The name of the IAM role used for the EKS cluster" | ||
value = aws_iam_role.cluster_role.name | ||
} | ||
|
||
output "vpc_subnets" { | ||
description = "The VPC subnets used by the EKS cluster" | ||
value = aws_eks_cluster.eks_cluster.vpc_config[0].subnet_ids | ||
} | ||
|
||
output "coredns_addon_version" { | ||
description = "The version of the CoreDNS addon" | ||
value = aws_eks_addon.coredns.addon_version | ||
} | ||
|
||
output "vpc_cni_addon_version" { | ||
description = "The version of the VPC CNI addon" | ||
value = aws_eks_addon.vpc-cni.addon_version | ||
} | ||
|
||
output "kube_proxy_addon_version" { | ||
description = "The version of the kube-proxy addon" | ||
value = aws_eks_addon.kube-proxy.addon_version | ||
} | ||
|
||
output "eks_pod_identity_agent_addon_version" { | ||
description = "The version of the EKS Pod Identity Agent addon" | ||
value = aws_eks_addon.eks-pod-identity-agent.addon_version | ||
} | ||
|
||
output "access_entry_principal_arn" { | ||
description = "The ARN of the principal for the access entry" | ||
value = aws_eks_access_entry.access_entry.principal_arn | ||
} | ||
|
||
output "access_policy_arn" { | ||
description = "The ARN of the access policy associated with the EKS cluster" | ||
value = aws_eks_access_policy_association.access_association.policy_arn | ||
} |
Oops, something went wrong.