Merge pull request #38 from qburst/terraform-eks

Terraform eks
qburst · Oct 20, 2023 · c2a5766 · c2a5766
2 parents e453864 + 067aa23
commit c2a5766
Show file tree

Hide file tree

Showing 8 changed files with 486 additions and 0 deletions.
diff --git a/terraform/aws/examples/eks/app.yaml b/terraform/aws/examples/eks/app.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:1.14.2
+        ports:
+        - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: internal-nginx-service
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: nlb
+    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
+    service.beta.kubernetes.io/aws-load-balancer-internal: 10.0.0.0/16
+spec:
+  selector:
+    app: nginx
+  type: LoadBalancer
+  ports:
+    - protocol: TCP
+      port: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: external-nginx-service
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: nlb
+    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
+spec:
+  selector:
+    app: nginx
+  type: LoadBalancer
+  ports:
+    - protocol: TCP
+      port: 80
diff --git a/terraform/aws/examples/eks/main.tf b/terraform/aws/examples/eks/main.tf
@@ -0,0 +1,26 @@
+module "vpc" {
+  source                                  = "../../modules/vpc"
+  name_prefix                             = "qburst"
+  ipv4_primary_cidr_block                 = "10.0.0.0/16"
+  public_subnets_cidr                     = ["10.0.64.0/19", "10.0.96.0/19"]
+  private_subnets_cidr                    = ["10.0.0.0/19", "10.0.32.0/19"]
+  availability_zones                      = ["us-east-1a", "us-east-1b"]
+  ipv4_additional_cidr_block_associations = []
+}
+
+module "eks" {
+  source = "../../modules/eks"
+
+  vpc_cidr_block             = "10.0.0.0/16"
+  private_subnet_cidr_blocks = ["10.0.0.0/19", "10.0.32.0/19"]
+  public_subnet_cidr_blocks  = ["10.0.64.0/19", "10.0.96.0/19"]
+  availability_zones         = ["us-east-1a", "us-east-1b"]
+  vpc_id                     = module.vpc.vpc_id
+  private_subnet_ids         = module.vpc.private_subnet_ids
+  public_subnet_ids          = module.vpc.public_subnet_ids
+
+  eks_cluster_name    = "my-eks-cluster"
+  eks_cluster_version = "1.24"
+
+}
+
diff --git a/terraform/aws/examples/eks/provider.tf b/terraform/aws/examples/eks/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_version = "~>1.5.0"
+}
+
+
+provider "aws" {
+  region = var.region
+  default_tags {
+    tags = {
+      Environment = "Test"
+      Project     = "QBurst"
+    }
+  }
+}
+
+variable "region" {
+  type        = string
+  description = "The default region to use"
+  default     = "us-east-1"
+}
diff --git a/terraform/aws/modules/eks/README.md b/terraform/aws/modules/eks/README.md
@@ -0,0 +1,117 @@
+# AWS EKS Cluster Terraform Project
+
+This Terraform project sets up an Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) cluster along with the necessary infrastructure components in your AWS environment.
+
+## Project Structure
+
+The project is organized into the following directories and files:
+
+- **/DevOps-Automations/terraform/aws/modules/eks**: This directory contains the Terraform modules for setting up the EKS cluster and related infrastructure components.
+
+  - `eks-node-group.tf`: Defines the EKS node group resources, including the IAM role, policies, and the node group itself.
+  - `eks.tf`: Configures the EKS cluster, including IAM roles and policies.
+  - `variables.tf`: Declares input variables used throughout the module.
+  - `outputs.tf`: Defines the output values of the module.
+
+- **/DevOps-Automations/terraform/aws/examples/eks**: This directory contains example configurations that use the EKS module defined in the `modules/eks` directory.
+
+  - `provider.tf`: Configures the Terraform provider for AWS and specifies the default AWS region.
+  - `main.tf`: Calls both the EKS and VPC module and passes input variables to create an EKS cluster and its associated infrastructure within the VPC.
+  - `app.yaml`:YAML file for deploying a sample NGINX web application in the EKS cluster.
+
+- **/DevOps-Automations/terraform/aws/modules/vpc**: This directory contains the Terraform module for configuring the VPC.
+
+
+## Prerequisites
+
+Before using this Terraform configuration, ensure you have the following prerequisites:
+
+1. [Terraform](https://www.terraform.io/) (v1.5.0 or later) installed.
+2. AWS CLI configured with appropriate access credentials.
+3. [kubectl](https://kubernetes.io/docs/tasks/tools/) (or managing the EKS cluster).
+
+## Configuration
+
+**Variables for EKS Cluster Configuration**
+
+- `eks_cluster_name`: The name of the EKS cluster.
+- `eks_cluster_version`: The version of the EKS cluster.
+
+**Variables for EKS Node Group Configuration**
+- `node_group_name`: The name of the EKS node group.
+- `node_group_desired_size`: Desired size of the node group.
+- `node_group_max_size`: Maximum size of the node group.
+- `node_group_min_size`: Minimum size of the node group.
+- `node_group_ami_type`: AMI type for the node group (e.g., AL2_x86_64).
+- `node_group_capacity_type`: Capacity type for the node group (e.g., ON_DEMAND).
+- `node_group_disk_size`: Disk size (in GB) for nodes in the group.
+- `node_group_instance_types`: List of instance types for the node group.
+- `node_group_labels`: Labels for the node group instances.
+- `node_group_version`: Version for the node group.
+
+**Variables for VPC Configuration (Referencing External VPC Module)**
+- `vpc_cidr_block`: CIDR block for the VPC.
+- `private_subnet_cidr_blocks`: CIDR blocks for private subnets.
+- `public_subnet_cidr_blocks`: CIDR blocks for public subnets.
+- `availability_zones`: The various availability zones in which to create subnets.
+- `ipv4_additional_cidr`: Additional IPv4 CIDR blocks for association with the VPC.
+
+Please adjust these variables to match your specific requirements.
+
+## Usage
+
+To use this Terraform project, follow these steps:
+
+1. Clone this repository:
+   ```bash
+   git clone <repository_url>
+   ```
+2. Change to the project directory:
+   ```bash
+   cd terraform/aws/examples/eks
+   ```
+3. Initialize Terraform:
+   ```bash
+   terraform init
+   ```
+4. Review the plan to ensure everything looks correct:
+   ```bash
+   terraform plan
+   ```
+5. Apply the Terraform configuration to create the Lambda function and associated resources:
+   ```bash
+   terraform apply
+   ```
+6. List the cluster you have just created by running `terraform apply`:
+   ```bash
+   aws eks list-clusters
+   ```
+7. Configure kubectl:
+   ```bash
+    aws eks --region <region> update-kubeconfig --name <cluster-name>
+    ```
+8. To get the service :
+   ```bash
+   kubectl get svc
+   ```
+9. Deploy NGINX Web Application:
+   ```bash
+   kubectl apply -f app.yaml
+   ```
+10. Access the Application:
+
+   After a few moments, you should be able to access the NGINX web application using the Load Balancer's DNS name or IP address.
+
+11. Delete NGINX Pods and Service (Before Cleanup):
+   ```bash
+   kubectl delete -f app.yaml
+   ```
+
+
+**Cleanup**
+
+To destroy the created resources and clean up, run:
+
+```bash
+terraform destroy
+```
diff --git a/terraform/aws/modules/eks/eks-node-group.tf b/terraform/aws/modules/eks/eks-node-group.tf
@@ -0,0 +1,69 @@
+resource "aws_iam_role" "nodes_general" {
+  name = "eks-node-groupgeneral"
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "amazon_eks_worker_node_policy_general" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+  role       = aws_iam_role.nodes_general.name
+}
+
+resource "aws_iam_role_policy_attachment" "amazon_eks_cni_policy_general" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  role       = aws_iam_role.nodes_general.name
+}
+
+resource "aws_iam_role_policy_attachment" "amazon_ec2_container_registry_read_only_policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+  role       = aws_iam_role.nodes_general.name
+}
+
+resource "aws_eks_node_group" "nodes_general" {
+  cluster_name    = var.eks_cluster_name
+  node_group_name = var.node_group_name
+  node_role_arn   = aws_iam_role.nodes_general.arn
+  subnet_ids      = concat(
+    var.private_subnet_ids,
+    var.public_subnet_ids
+  )
+
+  scaling_config {
+    desired_size = var.node_group_desired_size
+    max_size     = var.node_group_max_size
+    min_size     = var.node_group_min_size
+  }
+
+  lifecycle {
+  ignore_changes = [
+    scaling_config[0].desired_size,
+  ]
+}
+
+  ami_type        = var.node_group_ami_type
+  capacity_type   = var.node_group_capacity_type
+  disk_size       = var.node_group_disk_size
+  force_update_version = false
+  instance_types  = var.node_group_instance_types
+  labels          = var.node_group_labels
+  version         = var.node_group_version
+
+  depends_on = [
+    aws_eks_cluster.default,
+    aws_iam_role_policy_attachment.amazon_eks_worker_node_policy_general,
+    aws_iam_role_policy_attachment.amazon_eks_cni_policy_general,
+    aws_iam_role_policy_attachment.amazon_ec2_container_registry_read_only_policy
+  ]
+}
diff --git a/terraform/aws/modules/eks/eks.tf b/terraform/aws/modules/eks/eks.tf
@@ -0,0 +1,74 @@
+resource "aws_security_group" "eks_cluster_sg" {
+  name        = var.security_group_name
+  description = "EKS Cluster Security Group"
+  vpc_id = var.vpc_id
+
+  ingress {
+  from_port   = 443
+  to_port     = 443
+  protocol    = "tcp"
+  cidr_blocks = var.allowed_mgmt_cidr
+}
+
+ingress {
+  from_port   = 80
+  to_port     = 80
+  protocol    = "tcp"
+  cidr_blocks = var.allowed_http_cidr
+}
+
+ingress {
+  from_port   = 22
+  to_port     = 22
+  protocol    = "tcp"
+  cidr_blocks = ["0.0.0.0/0"]
+}
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_iam_role" "default" {
+  name = "eks-cluster-role"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "default_amazon_eks_cluster_policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.default.name
+}
+
+resource "aws_eks_cluster" "default" {
+  name     = var.eks_cluster_name
+  version  = var.eks_cluster_version
+  role_arn = aws_iam_role.default.arn
+
+  vpc_config {
+    subnet_ids = concat(
+      var.public_subnet_ids,
+      var.private_subnet_ids
+    )
+    security_group_ids = [aws_security_group.eks_cluster_sg.id]
+  }
+
+
+  depends_on = [aws_iam_role_policy_attachment.default_amazon_eks_cluster_policy]
+}
diff --git a/terraform/aws/modules/eks/outputs.tf b/terraform/aws/modules/eks/outputs.tf
@@ -0,0 +1,9 @@
+output "eks_cluster_id" {
+  value       = aws_eks_cluster.default.id
+  description = "The ID of the EKS cluster"
+}
+
+output "node_group_id" {
+  value       = aws_eks_node_group.nodes_general.id
+  description = "The ID of the EKS node group"
+}