diff --git a/examples/aws/infra/main.tf b/examples/aws/infra/main.tf new file mode 100644 index 0000000..a807602 --- /dev/null +++ b/examples/aws/infra/main.tf @@ -0,0 +1,140 @@ + +provider "aws" { + region = var.region + profile = "" +} + +terraform { + backend "s3" { + bucket = "" + key = "" + region = "" + profile = "" + } +} +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "3.18.1" + name = var.vpc_name + cidr = var.cidr + azs = var.azs + private_subnets = var.private_subnets + public_subnets = var.public_subnets + enable_nat_gateway = true + single_nat_gateway = true + enable_dns_hostnames = true + + public_subnet_tags = { + "kubernetes.io/cluster/${var.cluster_name}" = "shared" + "kubernetes.io/role/elb" = "1" + } + + private_subnet_tags = { + "kubernetes.io/cluster/${var.cluster_name}" = "shared" + "kubernetes.io/role/internal-elb" = "1" + } + tags = { + Name = var.cluster_name + } +} +resource "aws_db_subnet_group" "db_subnet_group" { + name = "subnets-lsaf-${var.application_name}-${var.env}-private" + subnet_ids = module.vpc.private_subnets + tags = { + Name = var.cluster_name + } +} + + +module "eks" { + source = "terraform-aws-modules/eks/aws" + version = "19.14.0" + cluster_endpoint_public_access = true + cluster_endpoint_private_access = false + cluster_name = var.cluster_name + cluster_version = var.eks_version + subnet_ids = module.vpc.private_subnets + + # EKS Addons + cluster_addons = { + coredns = { + most_recent = true + } + kube-proxy = { + most_recent = true + } + aws-ebs-csi-driver = { + addon_version = "v1.18.0-eksbuild.1" + service_account_role_arn = module.ebs_role.iam_role_arn + } + + } + + vpc_id = module.vpc.vpc_id + node_security_group_additional_rules = { + + vpc_inbound = { + type = "ingress" + description = "communication between cluster nodes" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = module.vpc.private_subnets_cidr_blocks + } + } + + # Extend cluster security group rules + cluster_security_group_additional_rules = { + + ingress_nodes_ephemeral_ports_tcp = { + description = "Nodes on ephemeral ports" + protocol = "tcp" + from_port = 1025 + to_port = 65535 + type = "ingress" + source_node_security_group = true + } + + vpc_all_outbound = { + type = "egress" + description = "outbound communication from nodes including to DB (RDS)" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + } + + eks_managed_node_groups = { + null_cloud_controle_plan_node_group = { + desired_capacity = 2 + max_capacity = 3 + min_capacity = 1 + instance_types = var.eks_instance_types + } + } + tags = { + Name = var.cluster_name + } + +} + +module "ebs_role" { + + source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" + + role_name = "${var.cluster_name}_eks_ebs" + attach_ebs_csi_policy = true + + oidc_providers = { + main = { + provider_arn = module.eks.oidc_provider_arn + namespace_service_accounts = ["kube-system:ebs-csi-controller-sa"] + } + } + tags = { + Name = var.cluster_name + } + +} diff --git a/examples/aws/infra/variabel.tf b/examples/aws/infra/variabel.tf new file mode 100644 index 0000000..3a88828 --- /dev/null +++ b/examples/aws/infra/variabel.tf @@ -0,0 +1,30 @@ +variable "vpc_name" { + type = string +} +variable "cluster_name" { + type = string +} + +variable "region" { + type = string +} +variable "cidr" { + type = string +} +variable "private_subnets" {} +variable "public_subnets" {} +variable "eks_version" { + type = string +} +variable "eks_instance_types" { + type = list(string) +} +variable "cidr_blocks" { + type = string +} + + +variable "azs" { + type = list(any) +} +