mirror of
https://github.com/marcel-dempers/docker-development-youtube-series.git
synced 2025-06-06 17:01:30 +00:00
a messy eks start
This commit is contained in:
marcel-dempers
parent
9f53661cfc
commit
0c8a7c68cb
31
kubernetes/cloud/amazon/terraform/main.tf
Normal file
31
kubernetes/cloud/amazon/terraform/main.tf
Normal file
@ -0,0 +1,31 @@
|
||||
provider "aws" {
|
||||
version = ">= 2.28.1"
|
||||
region = var.region
|
||||
access_key = var.access_key
|
||||
secret_key = var.secret_key
|
||||
}
|
||||
|
||||
module "network" {
|
||||
source = "./modules/network/"
|
||||
}
|
||||
|
||||
|
||||
module "cluster" {
|
||||
source = "./modules/cluster/"
|
||||
vpc_id = "${module.network.vpc_id}"
|
||||
private_subnets = "${module.network.private_subnets}"
|
||||
public_subnets = "${module.network.public_subnets}"
|
||||
#worker_group_1_security_id = "${module.network.security_group_worker_1_id}"
|
||||
#worker_group_all_security_id= "${module.network.security_group_worker_all_id}"
|
||||
|
||||
#location = var.location
|
||||
#kubernetes_version = var.kubernetes_version
|
||||
|
||||
}
|
||||
|
||||
module "k8s" {
|
||||
source = "./modules/k8s/"
|
||||
host = "${module.cluster.host}"
|
||||
token = "${module.cluster.token}"
|
||||
cluster_ca_certificate= "${module.cluster.cluster_ca_certificate}"
|
||||
}
|
||||
57
kubernetes/cloud/amazon/terraform/modules/cluster/cluster.tf
Normal file
57
kubernetes/cloud/amazon/terraform/modules/cluster/cluster.tf
Normal file
@ -0,0 +1,57 @@
|
||||
provider "local" {
|
||||
version = "~> 1.2"
|
||||
}
|
||||
|
||||
provider "null" {
|
||||
version = "~> 2.1"
|
||||
}
|
||||
|
||||
provider "template" {
|
||||
version = "~> 2.1"
|
||||
}
|
||||
|
||||
module "eks" {
|
||||
source = "terraform-aws-modules/eks/aws"
|
||||
version = "~> 12.1.0"
|
||||
cluster_name = "eks-getting-started"
|
||||
cluster_version = "1.16"
|
||||
subnets = var.private_subnets
|
||||
vpc_id = var.vpc_id
|
||||
|
||||
node_groups_defaults = {
|
||||
ami_type = "AL2_x86_64"
|
||||
disk_size = 50
|
||||
}
|
||||
|
||||
node_groups = {
|
||||
example = {
|
||||
desired_capacity = 1
|
||||
max_capacity = 10
|
||||
min_capacity = 1
|
||||
instance_type = "t2.small"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
worker_additional_security_group_ids = [var.worker_group_all_security_id]
|
||||
worker_groups = [
|
||||
{
|
||||
name = "worker-group-1"
|
||||
instance_type = "t2.small"
|
||||
additional_userdata = "echo foo bar"
|
||||
asg_desired_capacity = 1
|
||||
additional_security_group_ids = [var.worker_group_1_security_id]
|
||||
},
|
||||
]
|
||||
}
|
||||
*/
|
||||
|
||||
data "aws_eks_cluster" "cluster" {
|
||||
name = module.eks.cluster_id
|
||||
}
|
||||
|
||||
data "aws_eks_cluster_auth" "cluster" {
|
||||
name = module.eks.cluster_id
|
||||
}
|
||||
11
kubernetes/cloud/amazon/terraform/modules/cluster/outputs.tf
Normal file
11
kubernetes/cloud/amazon/terraform/modules/cluster/outputs.tf
Normal file
@ -0,0 +1,11 @@
|
||||
output "host" {
|
||||
value = data.aws_eks_cluster.cluster.endpoint
|
||||
}
|
||||
|
||||
output "token" {
|
||||
value = data.aws_eks_cluster_auth.cluster.token
|
||||
}
|
||||
|
||||
output "cluster_ca_certificate" {
|
||||
value = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
|
||||
}
|
||||
@ -0,0 +1,35 @@
|
||||
variable "vpc_id" {
|
||||
}
|
||||
|
||||
variable "private_subnets" {
|
||||
}
|
||||
|
||||
variable "public_subnets" {
|
||||
}
|
||||
|
||||
# variable "worker_group_1_security_id" {
|
||||
# }
|
||||
|
||||
# variable "worker_group_all_security_id" {
|
||||
# }
|
||||
|
||||
# variable "worker_group_2_security_id" {
|
||||
|
||||
# }
|
||||
|
||||
# variable "serviceprinciple_id" {
|
||||
# }
|
||||
|
||||
# variable "serviceprinciple_key" {
|
||||
# }
|
||||
|
||||
# variable "location" {
|
||||
# default = "australiaeast"
|
||||
# }
|
||||
|
||||
# variable "kubernetes_version" {
|
||||
# default = "1.16.10"
|
||||
# }
|
||||
|
||||
# variable "ssh_key" {
|
||||
# }
|
||||
85
kubernetes/cloud/amazon/terraform/modules/k8s/k8s.tf
Normal file
85
kubernetes/cloud/amazon/terraform/modules/k8s/k8s.tf
Normal file
@ -0,0 +1,85 @@
|
||||
|
||||
provider "kubernetes" {
|
||||
load_config_file = "false"
|
||||
host = var.host
|
||||
token = var.token
|
||||
cluster_ca_certificate = var.cluster_ca_certificate
|
||||
}
|
||||
|
||||
|
||||
resource "kubernetes_deployment" "example" {
|
||||
metadata {
|
||||
name = "terraform-example"
|
||||
labels = {
|
||||
test = "MyExampleApp"
|
||||
}
|
||||
}
|
||||
|
||||
spec {
|
||||
replicas = 3
|
||||
|
||||
selector {
|
||||
match_labels = {
|
||||
test = "MyExampleApp"
|
||||
}
|
||||
}
|
||||
|
||||
template {
|
||||
metadata {
|
||||
labels = {
|
||||
test = "MyExampleApp"
|
||||
}
|
||||
}
|
||||
|
||||
spec {
|
||||
container {
|
||||
image = "nginx:1.7.8"
|
||||
name = "example"
|
||||
|
||||
resources {
|
||||
limits {
|
||||
cpu = "0.5"
|
||||
memory = "512Mi"
|
||||
}
|
||||
requests {
|
||||
cpu = "250m"
|
||||
memory = "50Mi"
|
||||
}
|
||||
}
|
||||
|
||||
liveness_probe {
|
||||
http_get {
|
||||
path = "/nginx_status"
|
||||
port = 80
|
||||
|
||||
http_header {
|
||||
name = "X-Custom-Header"
|
||||
value = "Awesome"
|
||||
}
|
||||
}
|
||||
|
||||
initial_delay_seconds = 3
|
||||
period_seconds = 3
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_service" "example" {
|
||||
metadata {
|
||||
name = "terraform-example"
|
||||
}
|
||||
spec {
|
||||
selector = {
|
||||
test = "MyExampleApp"
|
||||
}
|
||||
port {
|
||||
port = 80
|
||||
target_port = 80
|
||||
}
|
||||
|
||||
type = "LoadBalancer"
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,8 @@
|
||||
variable "host" {
|
||||
}
|
||||
|
||||
variable "token" {
|
||||
}
|
||||
|
||||
variable "cluster_ca_certificate" {
|
||||
}
|
||||
34
kubernetes/cloud/amazon/terraform/modules/network/network.tf
Normal file
34
kubernetes/cloud/amazon/terraform/modules/network/network.tf
Normal file
@ -0,0 +1,34 @@
|
||||
|
||||
######################################################
|
||||
# https://github.com/terraform-aws-modules/terraform-aws-vpc
|
||||
######################################################
|
||||
data "aws_availability_zones" "available" {}
|
||||
|
||||
module "vpc" {
|
||||
source = "terraform-aws-modules/vpc/aws"
|
||||
version = "2.6.0"
|
||||
|
||||
name = "eks-cluster-vpc"
|
||||
cidr = "10.0.0.0/16"
|
||||
azs = data.aws_availability_zones.available.names
|
||||
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
|
||||
public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
|
||||
enable_nat_gateway = true
|
||||
single_nat_gateway = true
|
||||
enable_dns_hostnames = true
|
||||
|
||||
tags = {
|
||||
"kubernetes.io/cluster/eks-getting-started" = "shared"
|
||||
}
|
||||
|
||||
public_subnet_tags = {
|
||||
"kubernetes.io/cluster/eks-getting-started" = "shared"
|
||||
"kubernetes.io/role/elb" = "1"
|
||||
}
|
||||
|
||||
private_subnet_tags = {
|
||||
"kubernetes.io/cluster/eks-getting-started" = "shared"
|
||||
"kubernetes.io/role/internal-elb" = "1"
|
||||
}
|
||||
|
||||
}
|
||||
23
kubernetes/cloud/amazon/terraform/modules/network/outputs.tf
Normal file
23
kubernetes/cloud/amazon/terraform/modules/network/outputs.tf
Normal file
@ -0,0 +1,23 @@
|
||||
output "vpc_id" {
|
||||
value = module.vpc.vpc_id
|
||||
}
|
||||
|
||||
output "private_subnets" {
|
||||
value = module.vpc.private_subnets
|
||||
}
|
||||
|
||||
output "public_subnets" {
|
||||
value = module.vpc.public_subnets
|
||||
}
|
||||
|
||||
output "security_group_worker_1_id" {
|
||||
value = aws_security_group.node_ssh_group_1.id
|
||||
}
|
||||
|
||||
output "security_group_worker_2_id" {
|
||||
value = aws_security_group.node_ssh_group_2.id
|
||||
}
|
||||
|
||||
output "security_group_worker_all_id" {
|
||||
value = aws_security_group.node_ssh_all.id
|
||||
}
|
||||
@ -0,0 +1,47 @@
|
||||
|
||||
resource "aws_security_group" "node_ssh_all" {
|
||||
name_prefix = "nodes_ssh"
|
||||
vpc_id = module.vpc.vpc_id
|
||||
|
||||
ingress {
|
||||
from_port = 22
|
||||
to_port = 22
|
||||
protocol = "tcp"
|
||||
|
||||
cidr_blocks = [
|
||||
"10.0.0.0/8",
|
||||
"172.16.0.0/12",
|
||||
"192.168.0.0/16",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_security_group" "node_ssh_group_1" {
|
||||
name_prefix = "nodes_ssh"
|
||||
vpc_id = module.vpc.vpc_id
|
||||
|
||||
ingress {
|
||||
from_port = 22
|
||||
to_port = 22
|
||||
protocol = "tcp"
|
||||
|
||||
cidr_blocks = [
|
||||
"10.0.0.0/8",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_security_group" "node_ssh_group_2" {
|
||||
name_prefix = "nodes_ssh"
|
||||
vpc_id = module.vpc.vpc_id
|
||||
|
||||
ingress {
|
||||
from_port = 22
|
||||
to_port = 22
|
||||
protocol = "tcp"
|
||||
|
||||
cidr_blocks = [
|
||||
"192.168.0.0/16",
|
||||
]
|
||||
}
|
||||
}
|
||||
85
kubernetes/cloud/amazon/terraform/readme.md
Normal file
85
kubernetes/cloud/amazon/terraform/readme.md
Normal file
@ -0,0 +1,85 @@
|
||||
# Getting Started with Amazon EKS using Terraform
|
||||
|
||||
More resources:
|
||||
|
||||
Terraform provider for AWS [here](https://www.terraform.io/docs/providers/aws/index.html) <br/>
|
||||
|
||||
## Amazon CLI
|
||||
|
||||
You can get the Amazon CLI on [Docker-Hub](https://hub.docker.com/r/amazon/aws-cli) <br/>
|
||||
We'll need the Amazon CLI to gather information so we can build our Terraform file.
|
||||
|
||||
```
|
||||
# Run Amazon CLI
|
||||
docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh amazon/aws-cli:2.0.17
|
||||
|
||||
# some handy tools :)
|
||||
yum install jq gzip nano tar git unzip wget
|
||||
|
||||
```
|
||||
|
||||
## Login to Amazon
|
||||
|
||||
```
|
||||
# Access your "My Security Credentials" section in your profile.
|
||||
# Create an access key
|
||||
|
||||
aws configure
|
||||
|
||||
```
|
||||
|
||||
# Terraform CLI
|
||||
|
||||
```
|
||||
# Get Terraform
|
||||
|
||||
curl -o /tmp/terraform.zip -LO https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
|
||||
|
||||
unzip /tmp/terraform.zip
|
||||
chmod +x terraform && mv terraform /usr/local/bin/
|
||||
|
||||
cd kubernetes/cloud/amazon/terraform/
|
||||
|
||||
```
|
||||
|
||||
# Generate SSH key
|
||||
|
||||
```
|
||||
ssh-keygen -t rsa -b 4096 -N "VeryStrongSecret123!" -C "your_email@example.com" -q -f ~/.ssh/id_rsa
|
||||
SSH_KEY=$(cat ~/.ssh/id_rsa.pub)
|
||||
```
|
||||
|
||||
## Terraform Amazon Kubernetes Provider
|
||||
|
||||
Documentation on all the Kubernetes fields for terraform [here](https://www.terraform.io/docs/providers/aws/r/eks_cluster.html)
|
||||
|
||||
```
|
||||
terraform init
|
||||
|
||||
terraform plan -var access_key=$access_key -var secret_key=$secret_key
|
||||
|
||||
terraform apply -var access_key=$access_key -var secret_key=$secret_key
|
||||
|
||||
```
|
||||
|
||||
# Lets see what we deployed
|
||||
|
||||
```
|
||||
# grab our EKS config
|
||||
aws eks update-kubeconfig --name eks-getting-started --region ap-southeast-2
|
||||
|
||||
# Get kubectl
|
||||
|
||||
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
|
||||
chmod +x ./kubectl
|
||||
mv ./kubectl /usr/local/bin/kubectl
|
||||
|
||||
kubectl get svc
|
||||
|
||||
```
|
||||
|
||||
# Clean up
|
||||
|
||||
```
|
||||
terraform destroy -var access_key=$access_key -var secret_key=$secret_key
|
||||
```
|
||||
9
kubernetes/cloud/amazon/terraform/variables.tf
Normal file
9
kubernetes/cloud/amazon/terraform/variables.tf
Normal file
@ -0,0 +1,9 @@
|
||||
variable "access_key" {
|
||||
}
|
||||
|
||||
variable "secret_key" {
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
default = "ap-southeast-2"
|
||||
}
|
||||
@ -58,6 +58,7 @@ az role assignment create --assignee $SERVICE_PRINCIPAL \
|
||||
For extra reference you can also take a look at the Microsoft Docs: [here](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/kubernetes-service-principal.md) </br>
|
||||
|
||||
|
||||
# Terraform CLI
|
||||
```
|
||||
# Get Terraform
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user