Revert changes to EKS test-infra (#1225)

Revert changes to EKS test-infra back to commit 078e9db.
Add experimental test-infra for testing provider authentication issues.

Author: dak1n1

kubernetes/test-infra/eks-experimental/README.md

@@ -0,0 +1,57 @@
+# EKS test infrastructure
+
+This directory contains files used for testing the Kubernetes provider in our internal CI system. See the [examples](https://github.com/hashicorp/terraform-provider-kubernetes/tree/master/_examples/eks) directory instead, if you're looking for example code.
+
+To run this test infrastructure, you will need the following environment variables to be set:
+
+  - `AWS_ACCESS_KEY_ID`
+  - `AWS_SECRET_ACCESS_KEY`
+
+See [AWS Provider docs](https://www.terraform.io/docs/providers/aws/index.html#configuration-reference) for more details about these variables and alternatives, like `AWS_PROFILE`.
+
+Ensure that `KUBE_CONFIG_PATH` and `KUBE_CONFIG_PATHS` environment variables are NOT set, as they will interfere with the cluster build.
+
+```
+unset KUBE_CONFIG_PATH
+unset KUBE_CONFIG_PATHS
+```
+
+To install the EKS cluster using default values, run terraform init and apply from the directory containing this README.
+
+```
+terraform init
+terraform apply
+```
+
+## Kubeconfig for manual CLI access
+
+The token contained in the kubeconfig expires in 15 minutes. The token can be refreshed by running `terraform apply` again. Export the KUBECONFIG to manually access the cluster:
+
+```
+terraform apply
+export KUBECONFIG=$(terraform output -raw kubeconfig_path)
+kubectl get pods -n test
+```
+
+## Optional variables
+
+The Kubernetes version can be specified at apply time:
+
+```
+terraform apply -var=kubernetes_version=1.18
+```
+
+See https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html for currently available versions.
+
+
+### Worker node count and instance type
+
+The number of worker nodes, and the instance type, can be specified at apply time:
+
+```
+terraform apply -var=workers_count=4 -var=workers_type=m4.xlarge
+```
+
+## Additional configuration of EKS
+
+To view all available configuration options for the EKS module used in this example, see [terraform-aws-modules/eks docs](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/latest).

kubernetes/test-infra/eks-experimental/kubernetes-config/main.tf

@@ -0,0 +1,46 @@
+terraform {
+  required_providers {
+    kubernetes-local = {
+      source = "localhost/test/kubernetes"
+      version = "9.9.9"
+    }
+    helm = {
+      source  = "localhost/test/helm"
+      version = "9.9.9"
+    }
+  }
+}
+
+# For this resource, we need to explicitly establish the dependency on the cluster API, because the dependency is not yet present in this file.
+# https://github.com/terraform-aws-modules/terraform-aws-eks/blob/31ad394dbc61390dc46643b571249a2b670e9caa/kubectl.tf
+resource "kubernetes_namespace" "test" {
+  depends_on  = [var.cluster_name]
+  provider = kubernetes-local
+  metadata {
+    name = "test"
+  }
+}
+
+resource helm_release nginx_ingress {
+  wait       = true
+  timeout    = 600
+
+  name       = "ingress-nginx"
+
+  repository = "https://kubernetes.github.io/ingress-nginx"
+  chart      = "ingress-nginx"
+  version    = "v3.24.0"
+
+  set {
+    name  = "controller.updateStrategy.rollingUpdate.maxUnavailable"
+    value = "1"
+  }
+  set {
+    name  = "controller.replicaCount"
+    value = "2"
+  }
+  set_sensitive {
+    name = "controller.maxmindLicenseKey"
+    value = "testSensitiveValue"
+  }
+}

kubernetes/test-infra/eks-experimental/main.tf

@@ -0,0 +1,109 @@
+terraform {
+  required_providers {
+    # This is the locally compiled version of the provider, based on the current branch.
+    kubernetes-local = {
+      source = "localhost/test/kubernetes"
+      version = "9.9.9"
+    }
+    # The following block configures the latest released version of the provider, which is needed for the EKS cluster module.
+    # This configuration is a work-around, because required_providers blocks are not inherited by sub-modules.
+    # A "required_providers" block needs to be added to all sub-modules in order to use a custom "source" and "version".
+    # Otherwise, the sub-module will use defaults, which in our case means an empty provider config.
+    # https://github.com/hashicorp/terraform/issues/27361
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+      version = ">= 2.0.2"
+    }
+    helm = {
+      source  = "localhost/test/helm"
+      version = "9.9.9"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.22.0"
+    }
+  }
+}
+
+data "aws_eks_cluster" "default" {
+  name = module.cluster.cluster_id
+}
+
+data "aws_eks_cluster_auth" "default" {
+  name = module.cluster.cluster_id
+}
+
+# Test exec plugin based auth.
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.default.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority[0].data)
+  exec {
+    api_version = "client.authentication.k8s.io/v1alpha1"
+    args        = ["eks", "get-token", "--cluster-name", module.vpc.cluster_name]
+    command     = "aws"
+  }
+}
+
+# This tests a progressive apply scenario where the kubeconfig is created in the same apply as Kubernetes resources.
+# It should alert us to issues like this one before they're released.
+# https://github.com/hashicorp/terraform-provider-kubernetes/issues/1142
+provider "kubernetes-local" {
+  config_path = module.cluster.kubeconfig_filename
+}
+
+# Test token data source based auth.
+provider "helm" {
+  experiments {
+    manifest = true
+  }
+  kubernetes {
+    host                   = data.aws_eks_cluster.default.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.default.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.default.token
+  }
+}
+
+provider "aws" {
+}
+
+module "vpc" {
+  source = "./vpc"
+}
+
+module "cluster" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "14.0.0"
+
+  vpc_id  = module.vpc.vpc_id
+  subnets = module.vpc.subnets
+
+  cluster_name     = module.vpc.cluster_name
+  cluster_version  = var.kubernetes_version
+  manage_aws_auth  = true
+  write_kubeconfig = true
+
+  # See this file for more options
+  # https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/local.tf#L28
+  workers_group_defaults = {
+    root_volume_type = "gp2"
+  }
+
+  worker_groups = [
+    {
+      name                 = module.vpc.cluster_name
+      instance_type        = "m4.large"
+      asg_min_size         = 1
+      asg_max_size         = 4
+      asg_desired_capacity = 2
+    },
+  ]
+
+  tags = {
+    environment = "test"
+  }
+}
+
+module "kubernetes-config" {
+  cluster_name  = module.cluster.cluster_id
+  source      = "./kubernetes-config"
+}

kubernetes/test-infra/eks-experimental/output.tf

@@ -0,0 +1,8 @@
+output "kubeconfig_path" {
+  value = abspath(module.cluster.kubeconfig_filename)
+}
+
+output "cluster_name" {
+  value = module.vpc.cluster_name
+}
+

kubernetes/test-infra/eks-experimental/variables.tf

@@ -0,0 +1,4 @@
+variable "kubernetes_version" {
+  type    = string
+  default = "1.18"
+}

kubernetes/test-infra/eks-experimental/vpc/main.tf

@@ -0,0 +1,76 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.22.0"
+    }
+  }
+}
+
+# VPC Resources
+#  * VPC
+#  * Subnets
+#  * Internet Gateway
+#  * Route Table
+#
+# Using these data sources allows the configuration to be
+# generic for any region.
+data "aws_region" "current" {
+}
+
+data "aws_availability_zones" "available" {
+}
+
+resource "random_id" "cluster_name" {
+  byte_length = 2
+  prefix      = "k8s-acc-"
+}
+
+resource "aws_vpc" "k8s-acc" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+  tags = {
+    "Name"                                                = "terraform-eks-k8s-acc-node"
+    "kubernetes.io/cluster/${random_id.cluster_name.hex}" = "shared"
+  }
+}
+
+resource "aws_subnet" "k8s-acc" {
+  count = 2
+
+  availability_zone       = data.aws_availability_zones.available.names[count.index]
+  cidr_block              = "10.0.${count.index}.0/24"
+  vpc_id                  = aws_vpc.k8s-acc.id
+  map_public_ip_on_launch = true
+
+  tags = {
+    "Name"                                                = "terraform-eks-k8s-acc-node"
+    "kubernetes.io/cluster/${random_id.cluster_name.hex}" = "shared"
+    "kubernetes.io/role/elb"                              = 1
+  }
+}
+
+resource "aws_internet_gateway" "k8s-acc" {
+  vpc_id = aws_vpc.k8s-acc.id
+
+  tags = {
+    Name = "terraform-eks-k8s-acc"
+  }
+}
+
+resource "aws_route_table" "k8s-acc" {
+  vpc_id = aws_vpc.k8s-acc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.k8s-acc.id
+  }
+}
+
+resource "aws_route_table_association" "k8s-acc" {
+  count = 2
+
+  subnet_id      = aws_subnet.k8s-acc[count.index].id
+  route_table_id = aws_route_table.k8s-acc.id
+}

kubernetes/test-infra/eks-experimental/vpc/outputs.tf

@@ -0,0 +1,12 @@
+output "vpc_id" {
+  value = aws_vpc.k8s-acc.id
+}
+
+output "subnets" {
+  value = aws_subnet.k8s-acc.*.id
+}
+
+output "cluster_name" {
+  value = random_id.cluster_name.hex
+}
+