generated from appvia/terraform-aws-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.tf
More file actions
100 lines (88 loc) · 2.57 KB
/
main.tf
File metadata and controls
100 lines (88 loc) · 2.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
locals {
## The account ID of the hub
account_id = data.aws_caller_identity.current.account_id
## The SSO Administrator role ARN
sso_role_name = "AWSReservedSSO_Administrator_fbb916977087a86f"
## EKS Access Entries for authentication
access_entries = {
admin = {
principal_arn = format("arn:aws:iam::%s:role/aws-reserved/sso.amazonaws.com/eu-west-2/%s", local.account_id, local.sso_role_name)
policy_associations = {
cluster_admin = {
policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
access_scope = {
type = "cluster"
}
}
}
}
}
## Resource tags for all resources
tags = {
Environment = "Production"
Product = "EKS"
Owner = "Engineering"
GitRepo = "https://github.com/appvia/terraform-aws-eks"
}
}
## Provision a network for the cluster
module "network" {
source = "appvia/network/aws"
version = "0.6.14"
availability_zones = 3
name = "dev"
private_subnet_netmask = 24
public_subnet_netmask = 24
tags = local.tags
transit_gateway_id = "tgw-0c5994aa363b1e132"
vpc_cidr = "10.90.0.0/21"
transit_gateway_routes = {
private = "0.0.0.0/0"
}
private_subnet_tags = {
"karpenter.sh/discovery" = "dev"
"kubernetes.io/cluster/dev" = "owned"
"kubernetes.io/role/internal-elb" = "1"
}
public_subnet_tags = {
"kubernetes.io/cluster/dev" = "owned"
"kubernetes.io/role/elb" = "1"
}
}
## Provision a EKS cluster for the hub
module "eks" {
source = "../.."
access_entries = local.access_entries
cluster_enabled_log_types = null
cluster_name = "dev"
enable_public_access = true
enable_private_access = true
node_pools = ["system", "general-purpose"]
private_subnet_ids = module.network.private_subnet_ids
tags = local.tags
vpc_id = module.network.vpc_id
## Enable Cert Manager
cert_manager = {
enable = true
}
## Enable External Secrets
external_secrets = {
enable = true
}
## Enable External DNS
external_dns = {
enable = true
}
## Enable the Kubecost platform
kubecosts = {
enable = true
namespace = "kubecost"
service_account = "kubecost"
federated_bucket_name = "dev-federated-bucket"
cloud_costs = {
enable = true
cur_bucket_name = "dev-cur-bucket"
athena_bucket_name = "dev-athena-bucket"
}
}
}