a messy eks start

2025-06-06 17:01:30 +00:00 · 2020-07-21 18:07:46 +10:00 · 2020-07-21 18:07:46 +10:00 · 0c8a7c68cb
commit 0c8a7c68cb
parent 9f53661cfc
12 changed files with 426 additions and 0 deletions
--- a/kubernetes/cloud/amazon/terraform/main.tf
+++ b/kubernetes/cloud/amazon/terraform/main.tf
@ -0,0 +1,31 @@
 provider "aws" {
  version = ">= 2.28.1"
  region     = var.region
  access_key = var.access_key
  secret_key = var.secret_key
 }
 module "network" {
  source                      = "./modules/network/"
 }
 module "cluster" {
  source                      = "./modules/cluster/"
  vpc_id                      = "${module.network.vpc_id}"
  private_subnets             = "${module.network.private_subnets}"
  public_subnets              = "${module.network.public_subnets}"
  #worker_group_1_security_id  = "${module.network.security_group_worker_1_id}"
  #worker_group_all_security_id= "${module.network.security_group_worker_all_id}"
  #location              = var.location
  #kubernetes_version    = var.kubernetes_version  
 }
 module "k8s" {
  source                = "./modules/k8s/"
  host                  = "${module.cluster.host}"
  token                 = "${module.cluster.token}"
  cluster_ca_certificate= "${module.cluster.cluster_ca_certificate}"
 }
--- a/kubernetes/cloud/amazon/terraform/modules/cluster/cluster.tf
+++ b/kubernetes/cloud/amazon/terraform/modules/cluster/cluster.tf
@ -0,0 +1,57 @@
 provider "local" {
  version = "~> 1.2"
 }
 provider "null" {
  version = "~> 2.1"
 }
 provider "template" {
  version = "~> 2.1"
 }
 module "eks" {
  source          = "terraform-aws-modules/eks/aws"
  version = "~> 12.1.0"
  cluster_name    = "eks-getting-started"
  cluster_version = "1.16"
  subnets         = var.private_subnets
  vpc_id          = var.vpc_id
  node_groups_defaults = {
    ami_type  = "AL2_x86_64"
    disk_size = 50
  }
  node_groups = {
    example = {
      desired_capacity = 1
      max_capacity     = 10
      min_capacity     = 1
      instance_type = "t2.small"
    }
  }
 }
 /*
  worker_additional_security_group_ids = [var.worker_group_all_security_id]
  worker_groups = [
    {
      name                          = "worker-group-1"
      instance_type                 = "t2.small"
      additional_userdata           = "echo foo bar"
      asg_desired_capacity          = 1
      additional_security_group_ids = [var.worker_group_1_security_id]
    },
  ]
 }
 */
 data "aws_eks_cluster" "cluster" {
  name = module.eks.cluster_id
 }
 data "aws_eks_cluster_auth" "cluster" {
  name = module.eks.cluster_id
 }
--- a/kubernetes/cloud/amazon/terraform/modules/cluster/outputs.tf
+++ b/kubernetes/cloud/amazon/terraform/modules/cluster/outputs.tf
@ -0,0 +1,11 @@
 output "host" {
  value = data.aws_eks_cluster.cluster.endpoint
 }
 output "token" {
  value = data.aws_eks_cluster_auth.cluster.token
 }
 output "cluster_ca_certificate" {
  value = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
 }
--- a/kubernetes/cloud/amazon/terraform/modules/cluster/variables.tf
+++ b/kubernetes/cloud/amazon/terraform/modules/cluster/variables.tf
@ -0,0 +1,35 @@
 variable "vpc_id" {
 }
 variable "private_subnets" {
 }
 variable "public_subnets" {
 }
 # variable "worker_group_1_security_id" {
 # }
 # variable "worker_group_all_security_id" {
 # }
 # variable "worker_group_2_security_id" {
 # }
 # variable "serviceprinciple_id" {
 # }
 # variable "serviceprinciple_key" {
 # }
 # variable "location" {
 #   default = "australiaeast"
 # }
 # variable "kubernetes_version" {
 #     default = "1.16.10"
 # }
 # variable "ssh_key" {
 # }
--- a/kubernetes/cloud/amazon/terraform/modules/k8s/k8s.tf
+++ b/kubernetes/cloud/amazon/terraform/modules/k8s/k8s.tf
@ -0,0 +1,85 @@
 provider "kubernetes" {
    load_config_file       = "false"
    host                   =  var.host
    token                  =  var.token
    cluster_ca_certificate =  var.cluster_ca_certificate
 }
 resource "kubernetes_deployment" "example" {
  metadata {
    name = "terraform-example"
    labels = {
      test = "MyExampleApp"
    }
  }
  spec {
    replicas = 3
    selector {
      match_labels = {
        test = "MyExampleApp"
      }
    }
    template {
      metadata {
        labels = {
          test = "MyExampleApp"
        }
      }
      spec {
        container {
          image = "nginx:1.7.8"
          name  = "example"
          resources {
            limits {
              cpu    = "0.5"
              memory = "512Mi"
            }
            requests {
              cpu    = "250m"
              memory = "50Mi"
            }
          }
          liveness_probe {
            http_get {
              path = "/nginx_status"
              port = 80
              http_header {
                name  = "X-Custom-Header"
                value = "Awesome"
              }
            }
            initial_delay_seconds = 3
            period_seconds        = 3
          }
        }
      }
    }
  }
 }
 resource "kubernetes_service" "example" {
  metadata {
    name = "terraform-example"
  }
  spec {
    selector = {
      test = "MyExampleApp"
    }
    port {
      port        = 80
      target_port = 80
    }
    type = "LoadBalancer"
  }
 }
--- a/kubernetes/cloud/amazon/terraform/modules/k8s/variables.tf
+++ b/kubernetes/cloud/amazon/terraform/modules/k8s/variables.tf
@ -0,0 +1,8 @@
 variable "host" {
 }
 variable "token" {
 }
 variable "cluster_ca_certificate" {
 }
--- a/kubernetes/cloud/amazon/terraform/modules/network/network.tf
+++ b/kubernetes/cloud/amazon/terraform/modules/network/network.tf
@ -0,0 +1,34 @@
 ######################################################
 # https://github.com/terraform-aws-modules/terraform-aws-vpc
 ######################################################
 data "aws_availability_zones" "available" {}
 module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "2.6.0"
  name                 = "eks-cluster-vpc"
  cidr                 = "10.0.0.0/16"
  azs                  = data.aws_availability_zones.available.names
  private_subnets      = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  public_subnets       = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
  enable_nat_gateway   = true
  single_nat_gateway   = true
  enable_dns_hostnames = true
  tags = {
    "kubernetes.io/cluster/eks-getting-started" = "shared"
  }
  public_subnet_tags = {
    "kubernetes.io/cluster/eks-getting-started" = "shared"
    "kubernetes.io/role/elb"                      = "1"
  }
  private_subnet_tags = {
    "kubernetes.io/cluster/eks-getting-started" = "shared"
    "kubernetes.io/role/internal-elb"             = "1"
  }
 }
--- a/kubernetes/cloud/amazon/terraform/modules/network/outputs.tf
+++ b/kubernetes/cloud/amazon/terraform/modules/network/outputs.tf
@ -0,0 +1,23 @@
 output "vpc_id" {
  value = module.vpc.vpc_id
 }
 output "private_subnets" {
  value = module.vpc.private_subnets
 }
 output "public_subnets" {
  value = module.vpc.public_subnets
 }
 output "security_group_worker_1_id" {
  value = aws_security_group.node_ssh_group_1.id
 }
 output "security_group_worker_2_id" {
  value = aws_security_group.node_ssh_group_2.id
 }
 output "security_group_worker_all_id" {
  value = aws_security_group.node_ssh_all.id
 }
--- a/kubernetes/cloud/amazon/terraform/modules/network/security.tf
+++ b/kubernetes/cloud/amazon/terraform/modules/network/security.tf
@ -0,0 +1,47 @@
 resource "aws_security_group" "node_ssh_all" {
  name_prefix = "nodes_ssh"
  vpc_id      = module.vpc.vpc_id
  ingress {
    from_port = 22
    to_port   = 22
    protocol  = "tcp"
    cidr_blocks = [
      "10.0.0.0/8",
      "172.16.0.0/12",
      "192.168.0.0/16",
    ]
  }
 }
 resource "aws_security_group" "node_ssh_group_1" {
  name_prefix = "nodes_ssh"
  vpc_id      = module.vpc.vpc_id
  ingress {
    from_port = 22
    to_port   = 22
    protocol  = "tcp"
    cidr_blocks = [
      "10.0.0.0/8",
    ]
  }
 }
 resource "aws_security_group" "node_ssh_group_2" {
  name_prefix = "nodes_ssh"
  vpc_id      = module.vpc.vpc_id
  ingress {
    from_port = 22
    to_port   = 22
    protocol  = "tcp"
    cidr_blocks = [
      "192.168.0.0/16",
    ]
  }
 }
--- a/kubernetes/cloud/amazon/terraform/readme.md
+++ b/kubernetes/cloud/amazon/terraform/readme.md
@ -0,0 +1,85 @@
 # Getting Started with Amazon EKS using Terraform
 More resources:
 Terraform provider for AWS [here](https://www.terraform.io/docs/providers/aws/index.html) <br/>
 ## Amazon CLI
 You can get the Amazon CLI on [Docker-Hub](https://hub.docker.com/r/amazon/aws-cli) <br/>
 We'll need the Amazon CLI to gather information so we can build our Terraform file.
 ```
 # Run Amazon CLI
 docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh amazon/aws-cli:2.0.17
 # some handy tools :)
 yum install jq gzip nano tar git unzip wget
 ```
 ## Login to Amazon
 ```
 # Access your "My Security Credentials" section in your profile. 
 # Create an access key
 aws configure
 ```
 # Terraform CLI 
 ```
 # Get Terraform
 curl -o /tmp/terraform.zip -LO https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
 unzip /tmp/terraform.zip
 chmod +x terraform && mv terraform /usr/local/bin/
 cd kubernetes/cloud/amazon/terraform/
 ```
 # Generate SSH key
 ```
 ssh-keygen -t rsa -b 4096 -N "VeryStrongSecret123!" -C "your_email@example.com" -q -f  ~/.ssh/id_rsa
 SSH_KEY=$(cat ~/.ssh/id_rsa.pub)
 ```
 ## Terraform Amazon Kubernetes Provider 
 Documentation on all the Kubernetes fields for terraform [here](https://www.terraform.io/docs/providers/aws/r/eks_cluster.html)
 ```
 terraform init
 terraform plan -var access_key=$access_key -var secret_key=$secret_key
 terraform apply -var access_key=$access_key -var secret_key=$secret_key
 ```
 # Lets see what we deployed
 ```
 # grab our EKS config
 aws eks update-kubeconfig --name eks-getting-started --region ap-southeast-2
 # Get kubectl
 curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
 chmod +x ./kubectl
 mv ./kubectl /usr/local/bin/kubectl
 kubectl get svc
 ```
 # Clean up 
 ```
 terraform destroy -var access_key=$access_key -var secret_key=$secret_key
 ```
--- a/kubernetes/cloud/amazon/terraform/variables.tf
+++ b/kubernetes/cloud/amazon/terraform/variables.tf
@ -0,0 +1,9 @@
 variable "access_key" {
 }
 variable "secret_key" {
 }
 variable "region" {
  default = "ap-southeast-2"
 }
--- a/kubernetes/cloud/azure/terraform/readme.md
+++ b/kubernetes/cloud/azure/terraform/readme.md
@ -58,6 +58,7 @@ az role assignment create --assignee $SERVICE_PRINCIPAL \
 For extra reference you can also take a look at the Microsoft Docs: [here](https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/aks/kubernetes-service-principal.md) </br>
 # Terraform CLI
 ```
 # Get Terraform