From 8b12338920d451c8feb130b5e955e8d182cd0f71 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Fri, 29 Sep 2023 18:07:56 +0530 Subject: [PATCH 01/23] Initialize Terraform configuration for EKS cluster --- terraform/aws/examples/eks/main.tf | 11 ++++++ terraform/aws/examples/eks/provider.tf | 20 +++++++++++ terraform/aws/modules/eks/eks.tf | 40 +++++++++++++++++++++ terraform/aws/modules/eks/igw.tf | 7 ++++ terraform/aws/modules/eks/nat.tf | 18 ++++++++++ terraform/aws/modules/eks/outputs.tf | 29 +++++++++++++++ terraform/aws/modules/eks/routes.tf | 45 +++++++++++++++++++++++ terraform/aws/modules/eks/subnets.tf | 49 ++++++++++++++++++++++++++ terraform/aws/modules/eks/variables.tf | 35 ++++++++++++++++++ terraform/aws/modules/eks/vpc.tf | 7 ++++ 10 files changed, 261 insertions(+) create mode 100644 terraform/aws/examples/eks/main.tf create mode 100644 terraform/aws/examples/eks/provider.tf create mode 100644 terraform/aws/modules/eks/eks.tf create mode 100644 terraform/aws/modules/eks/igw.tf create mode 100644 terraform/aws/modules/eks/nat.tf create mode 100644 terraform/aws/modules/eks/outputs.tf create mode 100644 terraform/aws/modules/eks/routes.tf create mode 100644 terraform/aws/modules/eks/subnets.tf create mode 100644 terraform/aws/modules/eks/variables.tf create mode 100644 terraform/aws/modules/eks/vpc.tf diff --git a/terraform/aws/examples/eks/main.tf b/terraform/aws/examples/eks/main.tf new file mode 100644 index 0000000..c831fce --- /dev/null +++ b/terraform/aws/examples/eks/main.tf @@ -0,0 +1,11 @@ +module "eks_cluster" { + source = "../../modules/eks" # Relative path to your module directory + + # Pass input variables to the module + vpc_cidr_block = "10.0.0.0/16" # Example value, adjust as needed + igw_name = "qburst-igw" # Example value, adjust as needed + private_subnet_cidr_blocks = ["10.0.0.0/19", "10.0.32.0/19"] # Example values, adjust as needed + public_subnet_cidr_blocks = ["10.0.64.0/19", "10.0.96.0/19"] # Example values, adjust as needed + nat_gateway_name = "nat" # Example value, adjust as needed + eks_cluster_name = "my_eks_cluster" # Provide a name for your EKS cluster +} diff --git a/terraform/aws/examples/eks/provider.tf b/terraform/aws/examples/eks/provider.tf new file mode 100644 index 0000000..5bf3033 --- /dev/null +++ b/terraform/aws/examples/eks/provider.tf @@ -0,0 +1,20 @@ +terraform { + required_version = "~>1.5.0" +} + + +provider "aws" { + region = var.region + default_tags { + tags = { + Environment = "Test" + Project = "QBurst" + } + } +} + +variable "region" { + type = string + description = "The default region to use" + default = "us-east-1" +} \ No newline at end of file diff --git a/terraform/aws/modules/eks/eks.tf b/terraform/aws/modules/eks/eks.tf new file mode 100644 index 0000000..678d1a9 --- /dev/null +++ b/terraform/aws/modules/eks/eks.tf @@ -0,0 +1,40 @@ +resource "aws_iam_role" "demo" { + name = "eks-cluster-demo" + + assume_role_policy = < Date: Wed, 4 Oct 2023 15:53:09 +0530 Subject: [PATCH 02/23] created a node-group for the eks cluster --- terraform/aws/modules/eks/eks-node-group.tf | 60 +++++++++++++++++++++ terraform/aws/modules/eks/variables.tf | 5 ++ 2 files changed, 65 insertions(+) create mode 100644 terraform/aws/modules/eks/eks-node-group.tf diff --git a/terraform/aws/modules/eks/eks-node-group.tf b/terraform/aws/modules/eks/eks-node-group.tf new file mode 100644 index 0000000..a99adfe --- /dev/null +++ b/terraform/aws/modules/eks/eks-node-group.tf @@ -0,0 +1,60 @@ +resource "aws_iam_role" "nodes_general" { + name = "eks-node-groupgeneral" + assume_role_policy = < Date: Wed, 4 Oct 2023 16:50:38 +0530 Subject: [PATCH 03/23] Added a README.md file to provide documentation for the Terraform project --- terraform/aws/modules/eks/README.md | 76 +++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 terraform/aws/modules/eks/README.md diff --git a/terraform/aws/modules/eks/README.md b/terraform/aws/modules/eks/README.md new file mode 100644 index 0000000..7debd7d --- /dev/null +++ b/terraform/aws/modules/eks/README.md @@ -0,0 +1,76 @@ +# AWS EKS Cluster Terraform Project + +This Terraform project sets up an Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) cluster along with the necessary infrastructure components in your AWS environment. + +## Project Structure + +The project is organized into the following directories and files: + +- **/home/rithin/Documents/Code/DevOps-OpenSource/DevOps-Automations/terraform/aws/modules/eks**: This directory contains the Terraform modules for setting up the EKS cluster and related infrastructure components. + + - `eks-node-group.tf`: Defines the EKS node group resources, including the IAM role, policies, and the node group itself. + - `eks.tf`: Configures the EKS cluster, including IAM roles and policies. + - `vpc.tf`: Defines the AWS Virtual Private Cloud (VPC) and its configuration. + - `subnets.tf`: Configures the subnets used by the EKS cluster. + - `igw.tf`: Sets up the AWS Internet Gateway. + - `nat.tf`: Configures the Network Address Translation (NAT) Gateway. + - `routes.tf`: Defines the routing tables for private and public subnets. + - `variables.tf`: Declares input variables used throughout the module. + - `outputs.tf`: Defines the output values of the module. + +- **/home/rithin/Documents/Code/DevOps-OpenSource/DevOps-Automations/terraform/aws/examples/eks**: This directory contains example configurations that use the EKS module defined in the `modules/eks` directory. + + - `provider.tf`: Configures the Terraform provider for AWS and specifies the default AWS region. + - `main.tf`: Calls the EKS module and passes input variables to create an EKS cluster and its associated infrastructure. + +## Prerequisites + +Before using this Terraform configuration, ensure you have the following prerequisites: + +1. [Terraform](https://www.terraform.io/) (v1.5.0 or later) installed. +2. AWS CLI configured with appropriate access credentials. + + +## Configuration +You can customize the configuration by modifying the input variables in the main.tf file. The following are the available input variables: + + `vpc_cidr_block`: The CIDR block for the VPC. + `igw_name`: The name for the Internet Gateway. + `private_subnet_cidr_blocks`: A list of CIDR blocks for the private subnets. + `public_subnet_cidr_blocks`: A list of CIDR blocks for the public subnets. + `nat_gateway_name`: The name for the NAT Gateway. + `eks_cluster_name`: The name for the EKS cluster. + +Please adjust these variables to match your specific requirements. + +## Usage + +To use this Terraform project, follow these steps: + +1. Clone this repository: + ```bash + git clone + ``` +2. Change to the project directory: + ```bash + cd terraform/aws/examples/eks + ``` +3. Initialize Terraform: + ```bash + terraform init + ``` +4. Review the plan to ensure everything looks correct: + ```bash + terraform plan + ``` +5. Apply the Terraform configuration to create the Lambda function and associated resources: + ```bash + terraform apply + +**Cleanup** + +To destroy the created resources and clean up, run: + +```bash +terraform destroy +``` \ No newline at end of file From 317b0de671d4b655227f622a44d51a2727dda645 Mon Sep 17 00:00:00 2001 From: Rithin-QB <144108213+Rithin-QB@users.noreply.github.com> Date: Thu, 5 Oct 2023 18:22:57 +0530 Subject: [PATCH 04/23] Update EKS node group Kubernetes version to 1.23 --- terraform/aws/modules/eks/eks-node-group.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/aws/modules/eks/eks-node-group.tf b/terraform/aws/modules/eks/eks-node-group.tf index a99adfe..6956365 100644 --- a/terraform/aws/modules/eks/eks-node-group.tf +++ b/terraform/aws/modules/eks/eks-node-group.tf @@ -33,8 +33,8 @@ resource "aws_eks_node_group" "nodes_general" { node_group_name = var.eks_node_group_name node_role_arn = aws_iam_role.nodes_general.arn subnet_ids = [ - aws_subnet.private_us_east_1a, - aws_subnet.private_us_east_1b + aws_subnet.private_us_east_1a.id, + aws_subnet.private_us_east_1b.id ] scaling_config { desired_size = 1 @@ -50,7 +50,7 @@ instance_types = ["t3.small"] labels = { role = "nodes_general" } -version = "1.18" +version = "1.23" depends_on = [ aws_iam_role_policy_attachment.amazon_eks_worker_node_policy_general, From 349179673c983baf1c5586184b6e7359ed82f8d5 Mon Sep 17 00:00:00 2001 From: Rithin-QB <144108213+Rithin-QB@users.noreply.github.com> Date: Thu, 5 Oct 2023 20:08:59 +0530 Subject: [PATCH 05/23] Update eks-node-group.tf --- terraform/aws/modules/eks/eks-node-group.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/terraform/aws/modules/eks/eks-node-group.tf b/terraform/aws/modules/eks/eks-node-group.tf index 6956365..1655f40 100644 --- a/terraform/aws/modules/eks/eks-node-group.tf +++ b/terraform/aws/modules/eks/eks-node-group.tf @@ -29,13 +29,13 @@ resource "aws_iam_role_policy_attachment" "amazon_ec2_container_registry_read_on } resource "aws_eks_node_group" "nodes_general" { - cluster_name = var.eks_cluster_name - node_group_name = var.eks_node_group_name - node_role_arn = aws_iam_role.nodes_general.arn -subnet_ids = [ + cluster_name = aws_eks_cluster.demo.name + node_group_name = "nodes-general" + node_role_arn = aws_iam_role.nodes_general.arn + subnet_ids = [ aws_subnet.private_us_east_1a.id, aws_subnet.private_us_east_1b.id -] + ] scaling_config { desired_size = 1 max_size = 1 @@ -57,4 +57,4 @@ depends_on = [ aws_iam_role_policy_attachment.amazon_eks_cni_policy_general, aws_iam_role_policy_attachment.amazon_ec2_container_registry_read_only_policy ] -} \ No newline at end of file +} From 4fee299a1046d09fabbbada6b149e5d4b48f4ba4 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Mon, 9 Oct 2023 16:05:54 +0530 Subject: [PATCH 06/23] Removed leading spaces in the assume_role_policy JSON block to ensure it is valid --- terraform/aws/examples/eks/main.tf | 2 +- terraform/aws/modules/eks/eks-node-group.tf | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/terraform/aws/examples/eks/main.tf b/terraform/aws/examples/eks/main.tf index c831fce..859109c 100644 --- a/terraform/aws/examples/eks/main.tf +++ b/terraform/aws/examples/eks/main.tf @@ -6,6 +6,6 @@ module "eks_cluster" { igw_name = "qburst-igw" # Example value, adjust as needed private_subnet_cidr_blocks = ["10.0.0.0/19", "10.0.32.0/19"] # Example values, adjust as needed public_subnet_cidr_blocks = ["10.0.64.0/19", "10.0.96.0/19"] # Example values, adjust as needed - nat_gateway_name = "nat" # Example value, adjust as needed + nat_gateway_name = "qburst-nat" # Example value, adjust as needed eks_cluster_name = "my_eks_cluster" # Provide a name for your EKS cluster } diff --git a/terraform/aws/modules/eks/eks-node-group.tf b/terraform/aws/modules/eks/eks-node-group.tf index 1655f40..e0e2b49 100644 --- a/terraform/aws/modules/eks/eks-node-group.tf +++ b/terraform/aws/modules/eks/eks-node-group.tf @@ -1,7 +1,7 @@ resource "aws_iam_role" "nodes_general" { name = "eks-node-groupgeneral" assume_role_policy = < Date: Mon, 9 Oct 2023 17:29:41 +0530 Subject: [PATCH 07/23] changed node group vesron to 1.24 --- terraform/aws/modules/eks/eks-node-group.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/aws/modules/eks/eks-node-group.tf b/terraform/aws/modules/eks/eks-node-group.tf index e0e2b49..e220344 100644 --- a/terraform/aws/modules/eks/eks-node-group.tf +++ b/terraform/aws/modules/eks/eks-node-group.tf @@ -51,7 +51,7 @@ instance_types = ["t3.small"] labels = { role = "nodes_general" } -version = "1.23" +version = "1.24" depends_on = [ aws_iam_role_policy_attachment.amazon_eks_worker_node_policy_general, From cc9f3e1fc36bb97efed0fa6f15957c159a40e8c6 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Mon, 9 Oct 2023 18:56:30 +0530 Subject: [PATCH 08/23] Changed node-group version --- terraform/aws/modules/eks/eks-node-group.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/aws/modules/eks/eks-node-group.tf b/terraform/aws/modules/eks/eks-node-group.tf index e220344..e0e2b49 100644 --- a/terraform/aws/modules/eks/eks-node-group.tf +++ b/terraform/aws/modules/eks/eks-node-group.tf @@ -51,7 +51,7 @@ instance_types = ["t3.small"] labels = { role = "nodes_general" } -version = "1.24" +version = "1.23" depends_on = [ aws_iam_role_policy_attachment.amazon_eks_worker_node_policy_general, From 8c682bc4583b0821c1a3f150d8e736f26d4ece3c Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Tue, 10 Oct 2023 15:02:06 +0530 Subject: [PATCH 09/23] Add Nginx Deployment and Services YAML --- terraform/aws/examples/eks/app.yaml | 53 ++++++++++++++++++++++++++ terraform/aws/examples/eks/provider.tf | 2 +- terraform/aws/modules/eks/subnets.tf | 16 ++++---- 3 files changed, 62 insertions(+), 9 deletions(-) create mode 100644 terraform/aws/examples/eks/app.yaml diff --git a/terraform/aws/examples/eks/app.yaml b/terraform/aws/examples/eks/app.yaml new file mode 100644 index 0000000..79abb0a --- /dev/null +++ b/terraform/aws/examples/eks/app.yaml @@ -0,0 +1,53 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nginx + labels: + app: nginx +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + template: + metadata: + labels: + app: nginx + spec: + containers: + - name: nginx + image: nginx:1.14.2 + ports: + - containerPort: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: internal-nginx-service + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: nlb + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' + service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 +spec: + selector: + app: nginx + type: LoadBalancer + ports: + - protocol: TCP + port: 80 +--- +apiVersion: v1 +kind: Service +metadata: + name: external-nginx-service + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: nlb + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' +spec: + selector: + app: nginx + type: LoadBalancer + ports: + - protocol: TCP + port: 80 diff --git a/terraform/aws/examples/eks/provider.tf b/terraform/aws/examples/eks/provider.tf index 5bf3033..b2ee326 100644 --- a/terraform/aws/examples/eks/provider.tf +++ b/terraform/aws/examples/eks/provider.tf @@ -17,4 +17,4 @@ variable "region" { type = string description = "The default region to use" default = "us-east-1" -} \ No newline at end of file +} diff --git a/terraform/aws/modules/eks/subnets.tf b/terraform/aws/modules/eks/subnets.tf index b4da9f5..366bcb7 100644 --- a/terraform/aws/modules/eks/subnets.tf +++ b/terraform/aws/modules/eks/subnets.tf @@ -5,8 +5,8 @@ resource "aws_subnet" "private_us_east_1a" { tags = { "Name" = "private-us-east-1a" - "kubernetes.io/role/internal-elb" = "1" - "kubernetes.io/cluster/demo" = "owned" + "kubernetes.io/role/internal-elb" = 1 + "kubernetes.io/cluster/my_eks_cluster" = "shared" } } @@ -17,8 +17,8 @@ resource "aws_subnet" "private_us_east_1b" { tags = { "Name" = "private-us-east-1b" - "kubernetes.io/role/internal-elb" = "1" - "kubernetes.io/cluster/demo" = "owned" + "kubernetes.io/role/internal-elb" = 1 + "kubernetes.io/cluster/my_eks_cluster" = "shared" } } @@ -30,8 +30,8 @@ resource "aws_subnet" "public_us_east_1a" { tags = { "Name" = "public-us-east-1a" - "kubernetes.io/role/elb" = "1" - "kubernetes.io/cluster/demo" = "owned" + "kubernetes.io/role/elb" = 1 + "kubernetes.io/cluster/my_eks_cluster" = "shared" } } @@ -43,7 +43,7 @@ resource "aws_subnet" "public_us_east_1b" { tags = { "Name" = "public-us-east-1b" - "kubernetes.io/role/elb" = "1" - "kubernetes.io/cluster/demo" = "owned" + "kubernetes.io/role/elb" = 1 + "kubernetes.io/cluster/my_eks_cluster" = "shared" } } From ed33404361b3adb6ccbc50f67fa89dffda8d028e Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Tue, 10 Oct 2023 15:36:03 +0530 Subject: [PATCH 10/23] Update README.md with NGINX deployment instructions --- terraform/aws/modules/eks/README.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/terraform/aws/modules/eks/README.md b/terraform/aws/modules/eks/README.md index 7debd7d..03e09bc 100644 --- a/terraform/aws/modules/eks/README.md +++ b/terraform/aws/modules/eks/README.md @@ -22,6 +22,8 @@ The project is organized into the following directories and files: - `provider.tf`: Configures the Terraform provider for AWS and specifies the default AWS region. - `main.tf`: Calls the EKS module and passes input variables to create an EKS cluster and its associated infrastructure. + - `app.yaml`:YAML file for deploying a sample NGINX web application in the EKS cluster. + ## Prerequisites @@ -29,7 +31,7 @@ Before using this Terraform configuration, ensure you have the following prerequ 1. [Terraform](https://www.terraform.io/) (v1.5.0 or later) installed. 2. AWS CLI configured with appropriate access credentials. - +3. [kubectl](https://kubernetes.io/docs/tasks/tools/) (or managing the EKS cluster). ## Configuration You can customize the configuration by modifying the input variables in the main.tf file. The following are the available input variables: @@ -66,6 +68,18 @@ To use this Terraform project, follow these steps: 5. Apply the Terraform configuration to create the Lambda function and associated resources: ```bash terraform apply + ``` +6. Configure kubectl: + ```bash + aws eks --region update-kubeconfig --name + ``` +7. Deploy NGINX Web Application: + ```bash + kubectl apply -f app.yaml + ``` +8. Access the Application: + After a few moments, you should be able to access the NGINX web application using the Load Balancer's DNS name or IP address. + **Cleanup** From a578cbb875c166641043d57f58f8566d606b7f93 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Tue, 10 Oct 2023 15:45:07 +0530 Subject: [PATCH 11/23] Update README.md with NGINX deployment instructions --- terraform/aws/modules/eks/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/aws/modules/eks/README.md b/terraform/aws/modules/eks/README.md index 03e09bc..06e243b 100644 --- a/terraform/aws/modules/eks/README.md +++ b/terraform/aws/modules/eks/README.md @@ -6,7 +6,7 @@ This Terraform project sets up an Amazon Web Services (AWS) Elastic Kubernetes S The project is organized into the following directories and files: -- **/home/rithin/Documents/Code/DevOps-OpenSource/DevOps-Automations/terraform/aws/modules/eks**: This directory contains the Terraform modules for setting up the EKS cluster and related infrastructure components. +- **/DevOps-Automations/terraform/aws/modules/eks**: This directory contains the Terraform modules for setting up the EKS cluster and related infrastructure components. - `eks-node-group.tf`: Defines the EKS node group resources, including the IAM role, policies, and the node group itself. - `eks.tf`: Configures the EKS cluster, including IAM roles and policies. @@ -18,7 +18,7 @@ The project is organized into the following directories and files: - `variables.tf`: Declares input variables used throughout the module. - `outputs.tf`: Defines the output values of the module. -- **/home/rithin/Documents/Code/DevOps-OpenSource/DevOps-Automations/terraform/aws/examples/eks**: This directory contains example configurations that use the EKS module defined in the `modules/eks` directory. +- **/DevOps-Automations/terraform/aws/examples/eks**: This directory contains example configurations that use the EKS module defined in the `modules/eks` directory. - `provider.tf`: Configures the Terraform provider for AWS and specifies the default AWS region. - `main.tf`: Calls the EKS module and passes input variables to create an EKS cluster and its associated infrastructure. From 4efe431ba4f46fbe59bb18a7fa5f4525506ac810 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Tue, 10 Oct 2023 17:11:57 +0530 Subject: [PATCH 12/23] Update README.md with NGINX deployment instructions --- terraform/aws/modules/eks/README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/terraform/aws/modules/eks/README.md b/terraform/aws/modules/eks/README.md index 06e243b..2768659 100644 --- a/terraform/aws/modules/eks/README.md +++ b/terraform/aws/modules/eks/README.md @@ -6,7 +6,7 @@ This Terraform project sets up an Amazon Web Services (AWS) Elastic Kubernetes S The project is organized into the following directories and files: -- **/DevOps-Automations/terraform/aws/modules/eks**: This directory contains the Terraform modules for setting up the EKS cluster and related infrastructure components. +- **/home/rithin/Documents/Code/DevOps-OpenSource/DevOps-Automations/terraform/aws/modules/eks**: This directory contains the Terraform modules for setting up the EKS cluster and related infrastructure components. - `eks-node-group.tf`: Defines the EKS node group resources, including the IAM role, policies, and the node group itself. - `eks.tf`: Configures the EKS cluster, including IAM roles and policies. @@ -18,7 +18,7 @@ The project is organized into the following directories and files: - `variables.tf`: Declares input variables used throughout the module. - `outputs.tf`: Defines the output values of the module. -- **/DevOps-Automations/terraform/aws/examples/eks**: This directory contains example configurations that use the EKS module defined in the `modules/eks` directory. +- **/home/rithin/Documents/Code/DevOps-OpenSource/DevOps-Automations/terraform/aws/examples/eks**: This directory contains example configurations that use the EKS module defined in the `modules/eks` directory. - `provider.tf`: Configures the Terraform provider for AWS and specifies the default AWS region. - `main.tf`: Calls the EKS module and passes input variables to create an EKS cluster and its associated infrastructure. @@ -78,8 +78,14 @@ To use this Terraform project, follow these steps: kubectl apply -f app.yaml ``` 8. Access the Application: - After a few moments, you should be able to access the NGINX web application using the Load Balancer's DNS name or IP address. + After a few moments, you should be able to access the NGINX web application using the Load Balancer's DNS name or IP address. + +9. Delete NGINX Pods and Service (Before Cleanup): + ```bash + kubectl delete -f app.yaml + ``` + **Cleanup** From 4601204f0324b7657ffc16daa965a34a6ecb1579 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Thu, 12 Oct 2023 17:26:04 +0530 Subject: [PATCH 13/23] Added Variables for eks-node-group configuration --- terraform/aws/modules/eks/eks-node-group.tf | 51 ++++++------ terraform/aws/modules/eks/variables.tf | 90 ++++++++++++++++++++- 2 files changed, 111 insertions(+), 30 deletions(-) diff --git a/terraform/aws/modules/eks/eks-node-group.tf b/terraform/aws/modules/eks/eks-node-group.tf index e0e2b49..23d1e7f 100644 --- a/terraform/aws/modules/eks/eks-node-group.tf +++ b/terraform/aws/modules/eks/eks-node-group.tf @@ -14,48 +14,47 @@ resource "aws_iam_role" "nodes_general" { ] } POLICY - } + resource "aws_iam_role_policy_attachment" "amazon_eks_worker_node_policy_general" { policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" - role = aws_iam_role.nodes_general.name + role = aws_iam_role.nodes_general.name } + resource "aws_iam_role_policy_attachment" "amazon_eks_cni_policy_general" { policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" - role = aws_iam_role.nodes_general.name + role = aws_iam_role.nodes_general.name } + resource "aws_iam_role_policy_attachment" "amazon_ec2_container_registry_read_only_policy" { policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - role = aws_iam_role.nodes_general.name + role = aws_iam_role.nodes_general.name } resource "aws_eks_node_group" "nodes_general" { - cluster_name = aws_eks_cluster.demo.name - node_group_name = "nodes-general" + cluster_name = var.eks_cluster_name + node_group_name = var.node_group_name node_role_arn = aws_iam_role.nodes_general.arn - subnet_ids = [ - aws_subnet.private_us_east_1a.id, - aws_subnet.private_us_east_1b.id - ] -scaling_config { - desired_size = 1 - max_size = 1 - min_size = 1 + subnet_ids = var.node_group_subnet_ids -} -ami_type = "AL2_x86_64" -capacity_type = "ON_DEMAND" -disk_size = 20 -force_update_version = false -instance_types = ["t3.small"] -labels = { - role = "nodes_general" -} -version = "1.23" + scaling_config { + desired_size = var.node_group_desired_size + max_size = var.node_group_max_size + min_size = var.node_group_min_size + } + + ami_type = var.node_group_ami_type + capacity_type = var.node_group_capacity_type + disk_size = var.node_group_disk_size + force_update_version = false + instance_types = var.node_group_instance_types + labels = var.node_group_labels + version = var.node_group_version -depends_on = [ + depends_on = [ aws_iam_role_policy_attachment.amazon_eks_worker_node_policy_general, aws_iam_role_policy_attachment.amazon_eks_cni_policy_general, aws_iam_role_policy_attachment.amazon_ec2_container_registry_read_only_policy - ] + ] } + diff --git a/terraform/aws/modules/eks/variables.tf b/terraform/aws/modules/eks/variables.tf index 8a12784..1055ac2 100644 --- a/terraform/aws/modules/eks/variables.tf +++ b/terraform/aws/modules/eks/variables.tf @@ -29,12 +29,94 @@ variable "nat_gateway_name" { } variable "eks_cluster_name" { - description = "Name for the EKS Cluster" type = string - default = "demo" + description = "Name of the EKS cluster." + default = "my-eks-cluster" } -variable "eks_node_group_name" { - description = "Name of the EKS node group" + +variable "eks_cluster_version" { type = string + description = "Version of the EKS cluster." + default = "1.24" +} + +variable "eks_cluster_region" { + type = string + description = "AWS region for the EKS cluster." + default = "us-east-1" +} + +variable "node_group_name" { + type = string + description = "Name of the EKS node group." default = "nodes-general" } + +variable "node_group_subnet_ids" { + type = list(string) + description = "List of subnet IDs for the node group." + default = ["subnet-06296791b48518207", + "subnet-09b57ef336acf2868", + "subnet-0bf698a94602fa750", + "subnet-086708cfd5a439019" +] +} + +variable "node_group_desired_size" { + type = number + description = "Desired size of the node group." + default = 1 +} + +variable "node_group_max_size" { + type = number + description = "Maximum size of the node group." + default = 2 +} + +variable "node_group_min_size" { + type = number + description = "Minimum size of the node group." + default = 1 +} + +variable "node_group_ami_type" { + type = string + description = "AMI type for the node group (e.g., AL2_x86_64)." + default = "AL2_x86_64" +} + +variable "node_group_capacity_type" { + type = string + description = "Capacity type for the node group (e.g., ON_DEMAND)." + default = "ON_DEMAND" +} + +variable "node_group_disk_size" { + type = number + description = "Disk size (in GB) for nodes in the group." + default = 20 +} + +variable "node_group_instance_types" { + type = list(string) + description = "List of instance types for the node group." + default = ["t3.small"] +} + +variable "node_group_labels" { + type = map(string) + description = "Labels for the node group instances." + default = { role = "nodes_general" } +} + +variable "node_group_version" { + type = string + description = "Version for the node group." + default = "1.24" +} + +# Define other variables as needed. + + + From a5bc5a1d4b72fa0191f2aec36c10ca1f6a07ba3d Mon Sep 17 00:00:00 2001 From: Rithin-QB <144108213+Rithin-QB@users.noreply.github.com> Date: Thu, 12 Oct 2023 17:31:33 +0530 Subject: [PATCH 14/23] Update variables.tf --- terraform/aws/modules/eks/variables.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform/aws/modules/eks/variables.tf b/terraform/aws/modules/eks/variables.tf index 1055ac2..e40b1fa 100644 --- a/terraform/aws/modules/eks/variables.tf +++ b/terraform/aws/modules/eks/variables.tf @@ -116,7 +116,6 @@ variable "node_group_version" { default = "1.24" } -# Define other variables as needed. From 7f0668d4bf775dd80d2104e8bf3daee9a5d1e14f Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Mon, 16 Oct 2023 10:29:58 +0530 Subject: [PATCH 15/23] Apply changes based on PR feedback for improved configurability --- terraform/aws/examples/eks/main.tf | 20 +++--- terraform/aws/modules/eks/README.md | 51 ++++++++++----- terraform/aws/modules/eks/eks-node-group.tf | 9 ++- terraform/aws/modules/eks/eks.tf | 15 +++-- terraform/aws/modules/eks/igw.tf | 7 --- terraform/aws/modules/eks/nat.tf | 18 ------ terraform/aws/modules/eks/outputs.tf | 32 ++-------- terraform/aws/modules/eks/routes.tf | 45 ------------- terraform/aws/modules/eks/subnets.tf | 49 --------------- terraform/aws/modules/eks/variables.tf | 70 +++++++-------------- terraform/aws/modules/eks/vpc.tf | 15 +++-- 11 files changed, 95 insertions(+), 236 deletions(-) delete mode 100644 terraform/aws/modules/eks/igw.tf delete mode 100644 terraform/aws/modules/eks/nat.tf delete mode 100644 terraform/aws/modules/eks/routes.tf delete mode 100644 terraform/aws/modules/eks/subnets.tf diff --git a/terraform/aws/examples/eks/main.tf b/terraform/aws/examples/eks/main.tf index 859109c..63a3314 100644 --- a/terraform/aws/examples/eks/main.tf +++ b/terraform/aws/examples/eks/main.tf @@ -1,11 +1,13 @@ -module "eks_cluster" { - source = "../../modules/eks" # Relative path to your module directory +module "eks" { + source = "../../modules/eks" - # Pass input variables to the module - vpc_cidr_block = "10.0.0.0/16" # Example value, adjust as needed - igw_name = "qburst-igw" # Example value, adjust as needed - private_subnet_cidr_blocks = ["10.0.0.0/19", "10.0.32.0/19"] # Example values, adjust as needed - public_subnet_cidr_blocks = ["10.0.64.0/19", "10.0.96.0/19"] # Example values, adjust as needed - nat_gateway_name = "qburst-nat" # Example value, adjust as needed - eks_cluster_name = "my_eks_cluster" # Provide a name for your EKS cluster + vpc_cidr_block = "10.0.0.0/16" + private_subnet_cidr_blocks = ["10.0.0.0/19", "10.0.32.0/19"] + public_subnet_cidr_blocks = ["10.0.64.0/19", "10.0.96.0/19"] + availability_zones = ["us-east-1a", "us-east-1b"] + + eks_cluster_name = "my-eks-cluster" + eks_cluster_version = "1.24" + } + diff --git a/terraform/aws/modules/eks/README.md b/terraform/aws/modules/eks/README.md index 2768659..97498a5 100644 --- a/terraform/aws/modules/eks/README.md +++ b/terraform/aws/modules/eks/README.md @@ -10,13 +10,9 @@ The project is organized into the following directories and files: - `eks-node-group.tf`: Defines the EKS node group resources, including the IAM role, policies, and the node group itself. - `eks.tf`: Configures the EKS cluster, including IAM roles and policies. - - `vpc.tf`: Defines the AWS Virtual Private Cloud (VPC) and its configuration. - - `subnets.tf`: Configures the subnets used by the EKS cluster. - - `igw.tf`: Sets up the AWS Internet Gateway. - - `nat.tf`: Configures the Network Address Translation (NAT) Gateway. - - `routes.tf`: Defines the routing tables for private and public subnets. - `variables.tf`: Declares input variables used throughout the module. - `outputs.tf`: Defines the output values of the module. + - `vpc.tf`: Configures the VPC by calling the external VPC module and specifying input variables such as the CIDR blocks, subnets, availability zones,and NAT gateway settings. - **/home/rithin/Documents/Code/DevOps-OpenSource/DevOps-Automations/terraform/aws/examples/eks**: This directory contains example configurations that use the EKS module defined in the `modules/eks` directory. @@ -34,14 +30,29 @@ Before using this Terraform configuration, ensure you have the following prerequ 3. [kubectl](https://kubernetes.io/docs/tasks/tools/) (or managing the EKS cluster). ## Configuration -You can customize the configuration by modifying the input variables in the main.tf file. The following are the available input variables: - `vpc_cidr_block`: The CIDR block for the VPC. - `igw_name`: The name for the Internet Gateway. - `private_subnet_cidr_blocks`: A list of CIDR blocks for the private subnets. - `public_subnet_cidr_blocks`: A list of CIDR blocks for the public subnets. - `nat_gateway_name`: The name for the NAT Gateway. - `eks_cluster_name`: The name for the EKS cluster. +**Variables for EKS Cluster Configuration** + +`eks_cluster_name`: The name of the EKS cluster. +`eks_cluster_version`: The version of the EKS cluster. + +**Variables for EKS Node Group Configuration** +`node_group_name`: The name of the EKS node group. +`node_group_desired_size`: Desired size of the node group. +`node_group_max_size`: Maximum size of the node group. +`node_group_min_size`: Minimum size of the node group. +`node_group_ami_type`: AMI type for the node group (e.g., AL2_x86_64). +`node_group_capacity_type`: Capacity type for the node group (e.g., ON_DEMAND). +`node_group_disk_size`: Disk size (in GB) for nodes in the group. +`node_group_instance_types`: List of instance types for the node group. +`node_group_labels`: Labels for the node group instances. +`node_group_version`: Version for the node group. +**Variables for VPC Configuration (Referencing External VPC Module)** +`vpc_cidr_block`: CIDR block for the VPC. +`private_subnet_cidr_blocks`: CIDR blocks for private subnets. +`public_subnet_cidr_blocks`: CIDR blocks for public subnets. +`availability_zones`: The various availability zones in which to create subnets. +`ipv4_additional_cidr`: Additional IPv4 CIDR blocks for association with the VPC. Please adjust these variables to match your specific requirements. @@ -69,19 +80,27 @@ To use this Terraform project, follow these steps: ```bash terraform apply ``` -6. Configure kubectl: +6. List the cluster you have just created by running `terraform apply`: + ```bash + aws eks list-clusters + ``` +7. Configure kubectl: ```bash aws eks --region update-kubeconfig --name ``` -7. Deploy NGINX Web Application: +8. To get the service : + ```bash + kubectl get svc + ``` +9. Deploy NGINX Web Application: ```bash kubectl apply -f app.yaml ``` -8. Access the Application: +10. Access the Application: After a few moments, you should be able to access the NGINX web application using the Load Balancer's DNS name or IP address. -9. Delete NGINX Pods and Service (Before Cleanup): +11. Delete NGINX Pods and Service (Before Cleanup): ```bash kubectl delete -f app.yaml ``` diff --git a/terraform/aws/modules/eks/eks-node-group.tf b/terraform/aws/modules/eks/eks-node-group.tf index 23d1e7f..4d270fd 100644 --- a/terraform/aws/modules/eks/eks-node-group.tf +++ b/terraform/aws/modules/eks/eks-node-group.tf @@ -35,7 +35,10 @@ resource "aws_eks_node_group" "nodes_general" { cluster_name = var.eks_cluster_name node_group_name = var.node_group_name node_role_arn = aws_iam_role.nodes_general.arn - subnet_ids = var.node_group_subnet_ids + subnet_ids = concat( + module.vpc.private_subnet_ids, + module.vpc.public_subnet_ids + ) scaling_config { desired_size = var.node_group_desired_size @@ -52,9 +55,9 @@ resource "aws_eks_node_group" "nodes_general" { version = var.node_group_version depends_on = [ + aws_eks_cluster.demo, aws_iam_role_policy_attachment.amazon_eks_worker_node_policy_general, aws_iam_role_policy_attachment.amazon_eks_cni_policy_general, aws_iam_role_policy_attachment.amazon_ec2_container_registry_read_only_policy ] -} - +} \ No newline at end of file diff --git a/terraform/aws/modules/eks/eks.tf b/terraform/aws/modules/eks/eks.tf index 678d1a9..5df4b8f 100644 --- a/terraform/aws/modules/eks/eks.tf +++ b/terraform/aws/modules/eks/eks.tf @@ -24,17 +24,16 @@ resource "aws_iam_role_policy_attachment" "demo_amazon_eks_cluster_policy" { resource "aws_eks_cluster" "demo" { name = var.eks_cluster_name - version = "1.24" + version = var.eks_cluster_version role_arn = aws_iam_role.demo.arn vpc_config { - subnet_ids = [ - aws_subnet.private_us_east_1a.id, - aws_subnet.private_us_east_1b.id, - aws_subnet.public_us_east_1a.id, - aws_subnet.public_us_east_1b.id - ] + subnet_ids = concat( + module.vpc.private_subnet_ids, + module.vpc.public_subnet_ids + ) } + depends_on = [aws_iam_role_policy_attachment.demo_amazon_eks_cluster_policy] -} +} \ No newline at end of file diff --git a/terraform/aws/modules/eks/igw.tf b/terraform/aws/modules/eks/igw.tf deleted file mode 100644 index ce55d6b..0000000 --- a/terraform/aws/modules/eks/igw.tf +++ /dev/null @@ -1,7 +0,0 @@ -resource "aws_internet_gateway" "igw" { - vpc_id = aws_vpc.main.id - - tags = { - Name = var.igw_name - } -} diff --git a/terraform/aws/modules/eks/nat.tf b/terraform/aws/modules/eks/nat.tf deleted file mode 100644 index b02fee6..0000000 --- a/terraform/aws/modules/eks/nat.tf +++ /dev/null @@ -1,18 +0,0 @@ -resource "aws_eip" "nat" { - domain = "vpc" - - tags = { - Name = "Qburst-nat" - } -} - -resource "aws_nat_gateway" "nat" { - allocation_id = aws_eip.nat.id - subnet_id = aws_subnet.public_us_east_1a.id - - tags = { - Name = var.nat_gateway_name - } - - depends_on = [aws_internet_gateway.igw] -} diff --git a/terraform/aws/modules/eks/outputs.tf b/terraform/aws/modules/eks/outputs.tf index cd79b8d..9c561bb 100644 --- a/terraform/aws/modules/eks/outputs.tf +++ b/terraform/aws/modules/eks/outputs.tf @@ -1,29 +1,9 @@ -output "vpc_id" { - description = "ID of the created VPC" - value = aws_vpc.main.id -} - -output "igw_id" { - description = "ID of the created Internet Gateway" - value = aws_internet_gateway.igw.id -} - -output "private_subnet_ids" { - description = "IDs of the created private subnets" - value = [aws_subnet.private_us_east_1a.id, aws_subnet.private_us_east_1b.id] -} - -output "public_subnet_ids" { - description = "IDs of the created public subnets" - value = [aws_subnet.public_us_east_1a.id, aws_subnet.public_us_east_1b.id] -} - -output "nat_gateway_id" { - description = "ID of the created NAT Gateway" - value = aws_nat_gateway.nat.id -} - output "eks_cluster_id" { - description = "ID of the created EKS Cluster" value = aws_eks_cluster.demo.id + description = "The ID of the EKS cluster" +} + +output "node_group_id" { + value = aws_eks_node_group.nodes_general.id + description = "The ID of the EKS node group" } diff --git a/terraform/aws/modules/eks/routes.tf b/terraform/aws/modules/eks/routes.tf deleted file mode 100644 index 47b2f0f..0000000 --- a/terraform/aws/modules/eks/routes.tf +++ /dev/null @@ -1,45 +0,0 @@ -resource "aws_route_table" "private" { - vpc_id = aws_vpc.main.id - - route { - cidr_block = "0.0.0.0/0" - nat_gateway_id = aws_nat_gateway.nat.id - } - - tags = { - Name = "private" - } -} - -resource "aws_route_table" "public" { - vpc_id = aws_vpc.main.id - - route { - cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.igw.id - } - - tags = { - Name = "public" - } -} - -resource "aws_route_table_association" "private_us_east_1a" { - subnet_id = aws_subnet.private_us_east_1a.id - route_table_id = aws_route_table.private.id -} - -resource "aws_route_table_association" "private_us_east_1b" { - subnet_id = aws_subnet.private_us_east_1b.id - route_table_id = aws_route_table.private.id -} - -resource "aws_route_table_association" "public_us_east_1a" { - subnet_id = aws_subnet.public_us_east_1a.id - route_table_id = aws_route_table.public.id -} - -resource "aws_route_table_association" "public_us_east_1b" { - subnet_id = aws_subnet.public_us_east_1b.id - route_table_id = aws_route_table.public.id -} diff --git a/terraform/aws/modules/eks/subnets.tf b/terraform/aws/modules/eks/subnets.tf deleted file mode 100644 index 366bcb7..0000000 --- a/terraform/aws/modules/eks/subnets.tf +++ /dev/null @@ -1,49 +0,0 @@ -resource "aws_subnet" "private_us_east_1a" { - vpc_id = aws_vpc.main.id - cidr_block = var.private_subnet_cidr_blocks[0] - availability_zone = "us-east-1a" - - tags = { - "Name" = "private-us-east-1a" - "kubernetes.io/role/internal-elb" = 1 - "kubernetes.io/cluster/my_eks_cluster" = "shared" - } -} - -resource "aws_subnet" "private_us_east_1b" { - vpc_id = aws_vpc.main.id - cidr_block = var.private_subnet_cidr_blocks[1] - availability_zone = "us-east-1b" - - tags = { - "Name" = "private-us-east-1b" - "kubernetes.io/role/internal-elb" = 1 - "kubernetes.io/cluster/my_eks_cluster" = "shared" - } -} - -resource "aws_subnet" "public_us_east_1a" { - vpc_id = aws_vpc.main.id - cidr_block = var.public_subnet_cidr_blocks[0] - availability_zone = "us-east-1a" - map_public_ip_on_launch = true - - tags = { - "Name" = "public-us-east-1a" - "kubernetes.io/role/elb" = 1 - "kubernetes.io/cluster/my_eks_cluster" = "shared" - } -} - -resource "aws_subnet" "public_us_east_1b" { - vpc_id = aws_vpc.main.id - cidr_block = var.public_subnet_cidr_blocks[1] - availability_zone = "us-east-1b" - map_public_ip_on_launch = true - - tags = { - "Name" = "public-us-east-1b" - "kubernetes.io/role/elb" = 1 - "kubernetes.io/cluster/my_eks_cluster" = "shared" - } -} diff --git a/terraform/aws/modules/eks/variables.tf b/terraform/aws/modules/eks/variables.tf index 1055ac2..a304eb5 100644 --- a/terraform/aws/modules/eks/variables.tf +++ b/terraform/aws/modules/eks/variables.tf @@ -1,33 +1,3 @@ -variable "vpc_cidr_block" { - description = "CIDR block for the VPC" - type = string - default = "10.0.0.0/16" -} - -variable "igw_name" { - description = "Name for the Internet Gateway" - type = string - default = "qburst-igw" -} - -variable "private_subnet_cidr_blocks" { - description = "CIDR blocks for private subnets" - type = list(string) - default = ["10.0.0.0/19", "10.0.32.0/19"] -} - -variable "public_subnet_cidr_blocks" { - description = "CIDR blocks for public subnets" - type = list(string) - default = ["10.0.64.0/19", "10.0.96.0/19"] -} - -variable "nat_gateway_name" { - description = "Name for the NAT Gateway" - type = string - default = "nat" -} - variable "eks_cluster_name" { type = string description = "Name of the EKS cluster." @@ -40,28 +10,12 @@ variable "eks_cluster_version" { default = "1.24" } -variable "eks_cluster_region" { - type = string - description = "AWS region for the EKS cluster." - default = "us-east-1" -} - variable "node_group_name" { type = string description = "Name of the EKS node group." default = "nodes-general" } -variable "node_group_subnet_ids" { - type = list(string) - description = "List of subnet IDs for the node group." - default = ["subnet-06296791b48518207", - "subnet-09b57ef336acf2868", - "subnet-0bf698a94602fa750", - "subnet-086708cfd5a439019" -] -} - variable "node_group_desired_size" { type = number description = "Desired size of the node group." @@ -115,8 +69,26 @@ variable "node_group_version" { description = "Version for the node group." default = "1.24" } +variable "vpc_cidr_block" { + description = "CIDR block for the VPC" + type = string +} -# Define other variables as needed. - - +variable "private_subnet_cidr_blocks" { + description = "CIDR blocks for private subnets" + type = list(string) +} +variable "public_subnet_cidr_blocks" { + description = "CIDR blocks for public subnets" + type = list(string) +} +variable "availability_zones" { + type = list(string) + description = "the various AZs in which to create subnets" + default = [] +} +variable "ipv4_additional_cidr" { + type = list(string) + default = [] +} \ No newline at end of file diff --git a/terraform/aws/modules/eks/vpc.tf b/terraform/aws/modules/eks/vpc.tf index 8f970fb..5e59851 100644 --- a/terraform/aws/modules/eks/vpc.tf +++ b/terraform/aws/modules/eks/vpc.tf @@ -1,7 +1,10 @@ -resource "aws_vpc" "main" { - cidr_block = var.vpc_cidr_block - - tags = { - Name = "Qburst-vpc" - } +module "vpc" { + source = "../../modules/vpc" + name_prefix = "qburst" + ipv4_primary_cidr_block = var.vpc_cidr_block + public_subnets_cidr = var.public_subnet_cidr_blocks + private_subnets_cidr = var.private_subnet_cidr_blocks + availability_zones = var.availability_zones + ipv4_additional_cidr_block_associations = var.ipv4_additional_cidr + nat_gw_enabled = true } From 439018f2325e1b7a90c73c5c331856fc1c1c4842 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Mon, 16 Oct 2023 11:09:20 +0530 Subject: [PATCH 16/23] Update README and VPC module configurations based on PR feedback --- terraform/aws/modules/eks/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/aws/modules/eks/README.md b/terraform/aws/modules/eks/README.md index 97498a5..9fd8930 100644 --- a/terraform/aws/modules/eks/README.md +++ b/terraform/aws/modules/eks/README.md @@ -6,15 +6,15 @@ This Terraform project sets up an Amazon Web Services (AWS) Elastic Kubernetes S The project is organized into the following directories and files: -- **/home/rithin/Documents/Code/DevOps-OpenSource/DevOps-Automations/terraform/aws/modules/eks**: This directory contains the Terraform modules for setting up the EKS cluster and related infrastructure components. +- **/DevOps-Automations/terraform/aws/modules/eks**: This directory contains the Terraform modules for setting up the EKS cluster and related infrastructure components. - `eks-node-group.tf`: Defines the EKS node group resources, including the IAM role, policies, and the node group itself. - `eks.tf`: Configures the EKS cluster, including IAM roles and policies. - `variables.tf`: Declares input variables used throughout the module. - `outputs.tf`: Defines the output values of the module. - - `vpc.tf`: Configures the VPC by calling the external VPC module and specifying input variables such as the CIDR blocks, subnets, availability zones,and NAT gateway settings. + - `vpc.tf`: Configures the VPC by calling the external VPC module and specifying input variables such as the CIDR blocks, subnets, availability zones, and NAT gateway settings. -- **/home/rithin/Documents/Code/DevOps-OpenSource/DevOps-Automations/terraform/aws/examples/eks**: This directory contains example configurations that use the EKS module defined in the `modules/eks` directory. +- **/DevOps-Automations/terraform/aws/examples/eks**: This directory contains example configurations that use the EKS module defined in the `modules/eks` directory. - `provider.tf`: Configures the Terraform provider for AWS and specifies the default AWS region. - `main.tf`: Calls the EKS module and passes input variables to create an EKS cluster and its associated infrastructure. From ff17850a0e8bcd9709048d10724d009188bb97d5 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Mon, 16 Oct 2023 11:14:20 +0530 Subject: [PATCH 17/23] Update README and VPC module configurations based on PR feedback --- terraform/aws/modules/eks/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/aws/modules/eks/README.md b/terraform/aws/modules/eks/README.md index 9fd8930..ad44486 100644 --- a/terraform/aws/modules/eks/README.md +++ b/terraform/aws/modules/eks/README.md @@ -47,6 +47,7 @@ Before using this Terraform configuration, ensure you have the following prerequ `node_group_instance_types`: List of instance types for the node group. `node_group_labels`: Labels for the node group instances. `node_group_version`: Version for the node group. + **Variables for VPC Configuration (Referencing External VPC Module)** `vpc_cidr_block`: CIDR block for the VPC. `private_subnet_cidr_blocks`: CIDR blocks for private subnets. From c17d57ab183f07ddb15c41f0d2ee16f95ef97e7b Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Mon, 16 Oct 2023 11:19:40 +0530 Subject: [PATCH 18/23] Update README and VPC module configurations based on PR feedback --- terraform/aws/modules/eks/README.md | 34 ++++++++++++++--------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/terraform/aws/modules/eks/README.md b/terraform/aws/modules/eks/README.md index ad44486..515fe10 100644 --- a/terraform/aws/modules/eks/README.md +++ b/terraform/aws/modules/eks/README.md @@ -33,27 +33,27 @@ Before using this Terraform configuration, ensure you have the following prerequ **Variables for EKS Cluster Configuration** -`eks_cluster_name`: The name of the EKS cluster. -`eks_cluster_version`: The version of the EKS cluster. +- `eks_cluster_name`: The name of the EKS cluster. +- `eks_cluster_version`: The version of the EKS cluster. **Variables for EKS Node Group Configuration** -`node_group_name`: The name of the EKS node group. -`node_group_desired_size`: Desired size of the node group. -`node_group_max_size`: Maximum size of the node group. -`node_group_min_size`: Minimum size of the node group. -`node_group_ami_type`: AMI type for the node group (e.g., AL2_x86_64). -`node_group_capacity_type`: Capacity type for the node group (e.g., ON_DEMAND). -`node_group_disk_size`: Disk size (in GB) for nodes in the group. -`node_group_instance_types`: List of instance types for the node group. -`node_group_labels`: Labels for the node group instances. -`node_group_version`: Version for the node group. +- `node_group_name`: The name of the EKS node group. +- `node_group_desired_size`: Desired size of the node group. +- `node_group_max_size`: Maximum size of the node group. +- `node_group_min_size`: Minimum size of the node group. +- `node_group_ami_type`: AMI type for the node group (e.g., AL2_x86_64). +- `node_group_capacity_type`: Capacity type for the node group (e.g., ON_DEMAND). +- `node_group_disk_size`: Disk size (in GB) for nodes in the group. +- `node_group_instance_types`: List of instance types for the node group. +- `node_group_labels`: Labels for the node group instances. +- `node_group_version`: Version for the node group. **Variables for VPC Configuration (Referencing External VPC Module)** -`vpc_cidr_block`: CIDR block for the VPC. -`private_subnet_cidr_blocks`: CIDR blocks for private subnets. -`public_subnet_cidr_blocks`: CIDR blocks for public subnets. -`availability_zones`: The various availability zones in which to create subnets. -`ipv4_additional_cidr`: Additional IPv4 CIDR blocks for association with the VPC. +- `vpc_cidr_block`: CIDR block for the VPC. +- `private_subnet_cidr_blocks`: CIDR blocks for private subnets. +- `public_subnet_cidr_blocks`: CIDR blocks for public subnets. +- `availability_zones`: The various availability zones in which to create subnets. +- `ipv4_additional_cidr`: Additional IPv4 CIDR blocks for association with the VPC. Please adjust these variables to match your specific requirements. From 44f6b273dcfa4425b9f68a0274741ecd89083212 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Fri, 20 Oct 2023 12:14:04 +0530 Subject: [PATCH 19/23] Add an ignore_changes for scaling_config desired_size. --- terraform/aws/modules/eks/eks-node-group.tf | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/terraform/aws/modules/eks/eks-node-group.tf b/terraform/aws/modules/eks/eks-node-group.tf index 4d270fd..fc6f75f 100644 --- a/terraform/aws/modules/eks/eks-node-group.tf +++ b/terraform/aws/modules/eks/eks-node-group.tf @@ -36,8 +36,8 @@ resource "aws_eks_node_group" "nodes_general" { node_group_name = var.node_group_name node_role_arn = aws_iam_role.nodes_general.arn subnet_ids = concat( - module.vpc.private_subnet_ids, - module.vpc.public_subnet_ids + var.private_subnet_ids, + var.public_subnet_ids ) scaling_config { @@ -46,6 +46,12 @@ resource "aws_eks_node_group" "nodes_general" { min_size = var.node_group_min_size } + lifecycle { + ignore_changes = [ + scaling_config[0].desired_size, + ] +} + ami_type = var.node_group_ami_type capacity_type = var.node_group_capacity_type disk_size = var.node_group_disk_size @@ -55,7 +61,7 @@ resource "aws_eks_node_group" "nodes_general" { version = var.node_group_version depends_on = [ - aws_eks_cluster.demo, + aws_eks_cluster.default, aws_iam_role_policy_attachment.amazon_eks_worker_node_policy_general, aws_iam_role_policy_attachment.amazon_eks_cni_policy_general, aws_iam_role_policy_attachment.amazon_ec2_container_registry_read_only_policy From 8cc5b1f4b80cdfca163281d392fca0270c434ea0 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Fri, 20 Oct 2023 12:15:25 +0530 Subject: [PATCH 20/23] Added Security Group to EKS Cluster Configuration --- terraform/aws/modules/eks/eks.tf | 53 ++++++++++++++++++++++++++------ 1 file changed, 44 insertions(+), 9 deletions(-) diff --git a/terraform/aws/modules/eks/eks.tf b/terraform/aws/modules/eks/eks.tf index 5df4b8f..276247d 100644 --- a/terraform/aws/modules/eks/eks.tf +++ b/terraform/aws/modules/eks/eks.tf @@ -1,5 +1,39 @@ -resource "aws_iam_role" "demo" { - name = "eks-cluster-demo" +resource "aws_security_group" "eks_cluster_sg" { + name = var.security_group_name + description = "EKS Cluster Security Group" + vpc_id = var.vpc_id + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = var.allowed_mgmt_cidr +} + +ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = var.allowed_http_cidr +} + +ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] +} + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_iam_role" "default" { + name = "eks-cluster-role" assume_role_policy = < Date: Fri, 20 Oct 2023 12:15:51 +0530 Subject: [PATCH 21/23] Updated README.me --- terraform/aws/modules/eks/README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/terraform/aws/modules/eks/README.md b/terraform/aws/modules/eks/README.md index 515fe10..2b68f41 100644 --- a/terraform/aws/modules/eks/README.md +++ b/terraform/aws/modules/eks/README.md @@ -12,14 +12,15 @@ The project is organized into the following directories and files: - `eks.tf`: Configures the EKS cluster, including IAM roles and policies. - `variables.tf`: Declares input variables used throughout the module. - `outputs.tf`: Defines the output values of the module. - - `vpc.tf`: Configures the VPC by calling the external VPC module and specifying input variables such as the CIDR blocks, subnets, availability zones, and NAT gateway settings. - + - **/DevOps-Automations/terraform/aws/examples/eks**: This directory contains example configurations that use the EKS module defined in the `modules/eks` directory. - `provider.tf`: Configures the Terraform provider for AWS and specifies the default AWS region. - - `main.tf`: Calls the EKS module and passes input variables to create an EKS cluster and its associated infrastructure. + - `main.tf`: Calls both the EKS and VPC module and passes input variables to create an EKS cluster and its associated infrastructure within the VPC. - `app.yaml`:YAML file for deploying a sample NGINX web application in the EKS cluster. +- **/DevOps-Automations/terraform/aws/modules/vpc**: This directory contains the Terraform module for configuring the VPC. + ## Prerequisites From c259be7412cc1dc35d9a4fbebd8167523adaa2d0 Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Fri, 20 Oct 2023 12:19:23 +0530 Subject: [PATCH 22/23] Updated Load Balancer to Internal with CIDR Block --- terraform/aws/examples/eks/app.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/aws/examples/eks/app.yaml b/terraform/aws/examples/eks/app.yaml index 79abb0a..8fb4396 100644 --- a/terraform/aws/examples/eks/app.yaml +++ b/terraform/aws/examples/eks/app.yaml @@ -28,7 +28,7 @@ metadata: annotations: service.beta.kubernetes.io/aws-load-balancer-type: nlb service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 + service.beta.kubernetes.io/aws-load-balancer-internal: 10.0.0.0/16 spec: selector: app: nginx From 7907e4bffa9f2885cbe243ac616f6b4bc551013c Mon Sep 17 00:00:00 2001 From: Rithin-QB Date: Fri, 20 Oct 2023 12:20:49 +0530 Subject: [PATCH 23/23] Modified main.tf to call module VPC as well --- terraform/aws/examples/eks/main.tf | 25 +++++++++++++++++++------ terraform/aws/modules/eks/outputs.tf | 2 +- terraform/aws/modules/eks/variables.tf | 24 ++++++++++++++++++++++++ terraform/aws/modules/eks/vpc.tf | 10 ---------- 4 files changed, 44 insertions(+), 17 deletions(-) delete mode 100644 terraform/aws/modules/eks/vpc.tf diff --git a/terraform/aws/examples/eks/main.tf b/terraform/aws/examples/eks/main.tf index 63a3314..8f54a80 100644 --- a/terraform/aws/examples/eks/main.tf +++ b/terraform/aws/examples/eks/main.tf @@ -1,13 +1,26 @@ +module "vpc" { + source = "../../modules/vpc" + name_prefix = "qburst" + ipv4_primary_cidr_block = "10.0.0.0/16" + public_subnets_cidr = ["10.0.64.0/19", "10.0.96.0/19"] + private_subnets_cidr = ["10.0.0.0/19", "10.0.32.0/19"] + availability_zones = ["us-east-1a", "us-east-1b"] + ipv4_additional_cidr_block_associations = [] +} + module "eks" { - source = "../../modules/eks" + source = "../../modules/eks" - vpc_cidr_block = "10.0.0.0/16" + vpc_cidr_block = "10.0.0.0/16" private_subnet_cidr_blocks = ["10.0.0.0/19", "10.0.32.0/19"] public_subnet_cidr_blocks = ["10.0.64.0/19", "10.0.96.0/19"] - availability_zones = ["us-east-1a", "us-east-1b"] + availability_zones = ["us-east-1a", "us-east-1b"] + vpc_id = module.vpc.vpc_id + private_subnet_ids = module.vpc.private_subnet_ids + public_subnet_ids = module.vpc.public_subnet_ids + + eks_cluster_name = "my-eks-cluster" + eks_cluster_version = "1.24" - eks_cluster_name = "my-eks-cluster" - eks_cluster_version = "1.24" - } diff --git a/terraform/aws/modules/eks/outputs.tf b/terraform/aws/modules/eks/outputs.tf index 9c561bb..a8856e2 100644 --- a/terraform/aws/modules/eks/outputs.tf +++ b/terraform/aws/modules/eks/outputs.tf @@ -1,5 +1,5 @@ output "eks_cluster_id" { - value = aws_eks_cluster.demo.id + value = aws_eks_cluster.default.id description = "The ID of the EKS cluster" } diff --git a/terraform/aws/modules/eks/variables.tf b/terraform/aws/modules/eks/variables.tf index a304eb5..4627eae 100644 --- a/terraform/aws/modules/eks/variables.tf +++ b/terraform/aws/modules/eks/variables.tf @@ -91,4 +91,28 @@ variable "availability_zones" { variable "ipv4_additional_cidr" { type = list(string) default = [] +} +variable "security_group_name" { + description = "Name for the EKS cluster security group" + type = string + default = "eks-cluster-sg" +} +variable "allowed_mgmt_cidr" { + description = "CIDR block for management access (e.g., your IP)" + type = list(string) + default = [] +} + +variable "allowed_http_cidr" { + description = "CIDR block(s) for HTTP access (e.g., public access)" + type = list(string) + default = [] +} +variable "vpc_id" { +} +variable "public_subnet_ids" { + +} +variable "private_subnet_ids" { + } \ No newline at end of file diff --git a/terraform/aws/modules/eks/vpc.tf b/terraform/aws/modules/eks/vpc.tf deleted file mode 100644 index 5e59851..0000000 --- a/terraform/aws/modules/eks/vpc.tf +++ /dev/null @@ -1,10 +0,0 @@ -module "vpc" { - source = "../../modules/vpc" - name_prefix = "qburst" - ipv4_primary_cidr_block = var.vpc_cidr_block - public_subnets_cidr = var.public_subnet_cidr_blocks - private_subnets_cidr = var.private_subnet_cidr_blocks - availability_zones = var.availability_zones - ipv4_additional_cidr_block_associations = var.ipv4_additional_cidr - nat_gw_enabled = true -}