Merge pull request #39 from jetstack/terraform-eks-demo

Adds eks cluster modules

Author: jetstack-bot

demo/Makefile

@@ -1,6 +1,6 @@
 # Copyright Jetstack Ltd. See LICENSE for details.
 BINDIR ?= $(CURDIR)/bin
-CLOUD  := google
+CLOUD  ?= google
 
 KUBECONFIG := $(CURDIR)/.kubeconfig-$(CLOUD)
 

demo/infrastructure/amazon/dns.tf

@@ -0,0 +1,5 @@
+module "dns" {
+  source = "../modules/amazon-dns"
+  suffix = "${random_id.suffix.hex}"
+  region = "${var.region}"
+}

demo/infrastructure/amazon/ouputs.tf

@@ -0,0 +1,20 @@
+locals {
+  config = {
+    cert_manager = "${module.dns.config}"
+    externaldns  = "${module.dns.config}"
+    gangway      = "${module.gangway.config}"
+  }
+}
+
+output "config" {
+  value = "${jsonencode(local.config)}"
+}
+
+#output "kubeconfig_command" {
+#  value = "eksctl utils write-kubeconfig --name=cluster-${random_id.suffix.hex} --kubeconfig=$KUBECONFIG --set-kubeconfig-context=true --region=${var.region} && cat infrastructure/amazon/aws-auth.yaml | sed -e \"s~{{ROLE_ARN}}~${module.cluster.cluster_node_arn}~g\" | kubectl apply -f -"
+#}
+
+output "kubeconfig" {
+  description = "kubectl config as generated by the module."
+  value       = "${module.cluster.kubeconfig}"
+}

demo/infrastructure/amazon/providers.tf

@@ -0,0 +1,12 @@
+variable "region" {
+  default = "eu-west-1"
+}
+
+provider "aws" {
+  region = "${var.region}"
+}
+
+module "cluster" {
+  source = "../modules/amazon-cluster"
+  suffix = "${random_id.suffix.hex}"
+}

demo/infrastructure/amazon/secrets.tf

@@ -0,0 +1,4 @@
+module "gangway" {
+  source = "../modules/gangway"
+  length = 24
+}

demo/infrastructure/amazon/suffix.tf

@@ -0,0 +1,3 @@
+resource "random_id" "suffix" {
+  byte_length = 4
+}

demo/infrastructure/modules/amazon-cluster/cluster.tf

@@ -0,0 +1,105 @@
+variable "suffix" {}
+
+data "aws_availability_zones" "available" {}
+
+locals {
+  cluster_name = "cluster-${var.suffix}"
+
+  worker_groups = [
+    {
+      instance_type        = "t2.large"
+      subnets              = "${join(",", module.vpc.private_subnets)}"
+      asg_desired_capacity = "2"
+    },
+  ]
+  tags = {
+    Workspace   = "${terraform.workspace}"
+  }
+  worker_groups_launch_template = [
+    {
+      # This will launch an autoscaling group with only Spot Fleet instances
+      instance_type                            = "t2.small"
+      additional_userdata                      = "echo foo bar"
+      subnets                                  = "${join(",", module.vpc.private_subnets)}"
+      additional_security_group_ids            = "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}"
+      override_instance_type                   = "t3.small"
+      asg_desired_capacity                     = "2"
+      spot_instance_pools                      = 10
+      on_demand_percentage_above_base_capacity = "0"
+    },
+  ]
+}
+
+resource "aws_security_group" "worker_group_mgmt_one" {
+  name_prefix = "worker_group_mgmt_one"
+  description = "SG to be applied to all *nix machines"
+  vpc_id      = "${module.vpc.vpc_id}"
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "10.0.0.0/8",
+    ]
+  }
+}
+
+resource "aws_security_group" "worker_group_mgmt_two" {
+  name_prefix = "worker_group_mgmt_two"
+  vpc_id      = "${module.vpc.vpc_id}"
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "192.168.0.0/16",
+    ]
+  }
+}
+
+resource "aws_security_group" "all_worker_mgmt" {
+  name_prefix = "all_worker_management"
+  vpc_id      = "${module.vpc.vpc_id}"
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "10.0.0.0/8",
+      "172.16.0.0/12",
+      "192.168.0.0/16",
+    ]
+  }
+}
+
+module "vpc" {
+  source             = "terraform-aws-modules/vpc/aws"
+  version            = "1.60.0"
+  name               = "test-vpc"
+  cidr               = "10.0.0.0/16"
+  azs                = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}", "${data.aws_availability_zones.available.names[2]}"]
+  private_subnets    = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets     = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
+  enable_nat_gateway = true
+  single_nat_gateway = true
+  tags               = "${merge(local.tags, map("kubernetes.io/cluster/${local.cluster_name}", "shared"))}"
+}
+
+module "eks" {
+  source                               = "terraform-aws-modules/eks/aws"
+  cluster_name                         = "${local.cluster_name}"
+  subnets                              = ["${module.vpc.private_subnets}"]
+  tags                                 = "${local.tags}"
+  vpc_id                               = "${module.vpc.vpc_id}"
+  worker_groups                        = "${local.worker_groups}"
+  worker_groups_launch_template        = "${local.worker_groups_launch_template}"
+  worker_group_count                   = "1"
+  worker_group_launch_template_count   = "1"
+  worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"]
+}

demo/infrastructure/modules/amazon-cluster/outputs.tf

@@ -0,0 +1,7 @@
+output "cluster_node_arn" {
+  value = "${module.eks.worker_iam_role_arn}"
+}
+
+output "kubeconfig" {
+  value = "${module.eks.kubeconfig}"
+}

demo/infrastructure/modules/amazon-dns/dns.tf

@@ -0,0 +1,46 @@
+variable "suffix" {}
+variable "region" {}
+
+resource "aws_iam_user" "dns" {
+  name = "cluster-dns-${var.suffix}"
+  path = "/"
+}
+
+resource "aws_iam_access_key" "dns" {
+  user = "${aws_iam_user.dns.name}"
+}
+
+resource "aws_iam_user_policy" "dns" {
+  name = "cluster-dns-${var.suffix}"
+  user = "${aws_iam_user.dns.name}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "route53:GetHostedZone",
+        "route53:ListHostedZones",
+        "route53:ListHostedZonesByName",
+        "route53:GetHostedZoneCount",
+        "route53:ChangeResourceRecordSets",
+        "route53:ListResourceRecordSets",
+        "route53:GetChange"
+      ],
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+
+
+output "config" {
+  value = {
+    service_account_credentials = "${aws_iam_access_key.dns.id}"
+    provider                    = "route53"
+    region                      = "${var.region}"
+  }
+}