updates

kubernetes/cloud/amazon/getting-started.md

@@ -134,9 +134,9 @@ eksctl create cluster --name getting-started-eks \
 --managed \
 --node-type t2.small \
 --nodes 1 \
+--node-volume-size 200 \
 --ssh-access \
 --ssh-public-key=~/.ssh/id_rsa.pub \
---node-volume-size 200
 
 ```
 ## Create some sample containers

kubernetes/cloud/amazon/terraform/eks-cluster.tf

@@ -0,0 +1,33 @@
+module "eks" {
+  source       = "terraform-aws-modules/eks/aws"
+  cluster_name = var.cluster_name
+  subnets      = module.vpc.private_subnets
+  cluster_create_timeout = "1h"
+  
+  vpc_id = module.vpc.vpc_id
+  worker_additional_security_group_ids = [aws_security_group.all_worker_mgmt.id]
+  worker_groups = [
+    {
+      name                          = "worker-group-1"
+      instance_type                 = "t2.small"
+      additional_userdata           = "echo foo bar"
+      asg_desired_capacity          = 2
+      additional_security_group_ids = [aws_security_group.worker_group_mgmt_one.id]
+    },
+  ]
+}
+
+data "aws_eks_cluster" "cluster" {
+  name = module.eks.cluster_id
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = module.eks.cluster_id
+}
+
+module "kubernetes" {
+    source = "./modules/kubernetes/"
+    host                   = data.aws_eks_cluster.cluster.endpoint
+    token                  = data.aws_eks_cluster_auth.cluster.token
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
+}

kubernetes/cloud/amazon/terraform/main.tf

@@ -1,31 +0,0 @@
-provider "aws" {
-  version = ">= 2.28.1"
-  region     = var.region
-  access_key = var.access_key
-  secret_key = var.secret_key
-}
-
-module "network" {
-  source                      = "./modules/network/"
-}
-
-
-module "cluster" {
-  source                      = "./modules/cluster/"
-  vpc_id                      = "${module.network.vpc_id}"
-  private_subnets             = "${module.network.private_subnets}"
-  public_subnets              = "${module.network.public_subnets}"
-  #worker_group_1_security_id  = "${module.network.security_group_worker_1_id}"
-  #worker_group_all_security_id= "${module.network.security_group_worker_all_id}"
-
-  #location              = var.location
-  #kubernetes_version    = var.kubernetes_version  
-  
-}
-
-module "k8s" {
-  source                = "./modules/k8s/"
-  host                  = "${module.cluster.host}"
-  token                 = "${module.cluster.token}"
-  cluster_ca_certificate= "${module.cluster.cluster_ca_certificate}"
-}

kubernetes/cloud/amazon/terraform/modules/cluster/cluster.tf

@@ -1,57 +0,0 @@
-provider "local" {
-  version = "~> 1.2"
-}
-
-provider "null" {
-  version = "~> 2.1"
-}
-
-provider "template" {
-  version = "~> 2.1"
-}
-
-module "eks" {
-  source          = "terraform-aws-modules/eks/aws"
-  version = "~> 12.1.0"
-  cluster_name    = "eks-getting-started"
-  cluster_version = "1.16"
-  subnets         = var.private_subnets
-  vpc_id          = var.vpc_id
-
-  node_groups_defaults = {
-    ami_type  = "AL2_x86_64"
-    disk_size = 50
-  }
-  
-  node_groups = {
-    example = {
-      desired_capacity = 1
-      max_capacity     = 10
-      min_capacity     = 1
-      instance_type = "t2.small"
-    }
-  }
-}
-
-
-/*
-  worker_additional_security_group_ids = [var.worker_group_all_security_id]
-  worker_groups = [
-    {
-      name                          = "worker-group-1"
-      instance_type                 = "t2.small"
-      additional_userdata           = "echo foo bar"
-      asg_desired_capacity          = 1
-      additional_security_group_ids = [var.worker_group_1_security_id]
-    },
-  ]
-}
-*/
-
-data "aws_eks_cluster" "cluster" {
-  name = module.eks.cluster_id
-}
-
-data "aws_eks_cluster_auth" "cluster" {
-  name = module.eks.cluster_id
-}

kubernetes/cloud/amazon/terraform/modules/cluster/outputs.tf

@@ -1,11 +0,0 @@
-output "host" {
-  value = data.aws_eks_cluster.cluster.endpoint
-}
-
-output "token" {
-  value = data.aws_eks_cluster_auth.cluster.token
-}
-
-output "cluster_ca_certificate" {
-  value = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
-}

kubernetes/cloud/amazon/terraform/modules/cluster/variables.tf

@@ -1,35 +0,0 @@
-variable "vpc_id" {
-}
-
-variable "private_subnets" {
-}
-
-variable "public_subnets" {
-}
-
-# variable "worker_group_1_security_id" {
-# }
-
-# variable "worker_group_all_security_id" {
-# }
-
-# variable "worker_group_2_security_id" {
-  
-# }
-
-# variable "serviceprinciple_id" {
-# }
-
-# variable "serviceprinciple_key" {
-# }
-
-# variable "location" {
-#   default = "australiaeast"
-# }
-
-# variable "kubernetes_version" {
-#     default = "1.16.10"
-# }
-
-# variable "ssh_key" {
-# }

kubernetes/cloud/amazon/terraform/modules/kubernetes/kubernetes.tf

@@ -1,12 +1,14 @@
+# # Kubernetes provider
+# # https://learn.hashicorp.com/terraform/kubernetes/provision-eks-cluster#optional-configure-terraform-kubernetes-provider
+# # To learn how to schedule deployments and services using the provider, go here: ttps://learn.hashicorp.com/terraform/kubernetes/deploy-nginx-kubernetes.
 
 provider "kubernetes" {
-    load_config_file       = "false"
-    host                   =  var.host
-    token                  =  var.token
-    cluster_ca_certificate =  var.cluster_ca_certificate
+  load_config_file       = "false"
+  host                   = var.host
+  token                  = var.token
+  cluster_ca_certificate = var.cluster_ca_certificate
 }
 
-
 resource "kubernetes_deployment" "example" {
   metadata {
     name = "terraform-example"
@@ -46,21 +48,6 @@ resource "kubernetes_deployment" "example" {
               memory = "50Mi"
             }
           }
-
-          liveness_probe {
-            http_get {
-              path = "/nginx_status"
-              port = 80
-
-              http_header {
-                name  = "X-Custom-Header"
-                value = "Awesome"
-              }
-            }
-
-            initial_delay_seconds = 3
-            period_seconds        = 3
-          }
         }
       }
     }

kubernetes/cloud/amazon/terraform/modules/kubernetes/variables.tf

@@ -1,3 +1,4 @@
+
 variable "host" {
 }
 
@@ -5,4 +6,4 @@ variable "token" {
 }
 
 variable "cluster_ca_certificate" {
-}
+}

kubernetes/cloud/amazon/terraform/modules/network/outputs.tf

@@ -1,23 +0,0 @@
-output "vpc_id" {
-  value = module.vpc.vpc_id
-}
-
-output "private_subnets" {
-  value = module.vpc.private_subnets
-}
-
-output "public_subnets" {
-  value = module.vpc.public_subnets
-}
-
-output "security_group_worker_1_id" {
-  value = aws_security_group.node_ssh_group_1.id
-}
-
-output "security_group_worker_2_id" {
-  value = aws_security_group.node_ssh_group_2.id
-}
-
-output "security_group_worker_all_id" {
-  value = aws_security_group.node_ssh_all.id
-}

kubernetes/cloud/amazon/terraform/outputs.tf

@@ -0,0 +1,24 @@
+output "cluster_endpoint" {
+  description = "Endpoint for EKS control plane."
+  value       = module.eks.cluster_endpoint
+}
+
+output "cluster_security_group_id" {
+  description = "Security group ids attached to the cluster control plane."
+  value       = module.eks.cluster_security_group_id
+}
+
+output "kubectl_config" {
+  description = "kubectl config as generated by the module."
+  value       = module.eks.kubeconfig
+}
+
+output "config_map_aws_auth" {
+  description = "A kubernetes configuration to authenticate to this EKS cluster."
+  value       = module.eks.config_map_aws_auth
+}
+
+output "region" {
+  description = "AWS region"
+  value       = var.region
+}

kubernetes/cloud/amazon/terraform/readme.md

@@ -14,7 +14,7 @@ We'll need the Amazon CLI to gather information so we can build our Terraform fi
 docker run -it --rm -v ${PWD}:/work -w /work --entrypoint /bin/sh amazon/aws-cli:2.0.17
 
 # some handy tools :)
-yum install jq gzip nano tar git unzip wget
+yum install -y jq gzip nano tar git unzip wget
 
 ```
 
@@ -34,10 +34,8 @@ aws configure
 # Get Terraform
 
 curl -o /tmp/terraform.zip -LO https://releases.hashicorp.com/terraform/0.12.28/terraform_0.12.28_linux_amd64.zip
-
 unzip /tmp/terraform.zip
 chmod +x terraform && mv terraform /usr/local/bin/
-
 cd kubernetes/cloud/amazon/terraform/
 
 ```
@@ -66,7 +64,7 @@ terraform apply -var access_key=$access_key -var secret_key=$secret_key
 
 ```
 # grab our EKS config
-aws eks update-kubeconfig --name eks-getting-started --region ap-southeast-2
+aws eks update-kubeconfig --name getting-started-eks --region ap-southeast-2
 
 # Get kubectl
 

kubernetes/cloud/amazon/terraform/security-groups.tf

@@ -1,6 +1,35 @@
+resource "aws_security_group" "worker_group_mgmt_one" {
+  name_prefix = "worker_group_mgmt_one"
+  vpc_id      = module.vpc.vpc_id
 
-resource "aws_security_group" "node_ssh_all" {
-  name_prefix = "nodes_ssh"
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "10.0.0.0/8",
+    ]
+  }
+}
+
+resource "aws_security_group" "worker_group_mgmt_two" {
+  name_prefix = "worker_group_mgmt_two"
+  vpc_id      = module.vpc.vpc_id
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "192.168.0.0/16",
+    ]
+  }
+}
+
+resource "aws_security_group" "all_worker_mgmt" {
+  name_prefix = "all_worker_management"
   vpc_id      = module.vpc.vpc_id
 
   ingress {
@@ -15,33 +44,3 @@ resource "aws_security_group" "node_ssh_all" {
     ]
   }
 }
-
-resource "aws_security_group" "node_ssh_group_1" {
-  name_prefix = "nodes_ssh"
-  vpc_id      = module.vpc.vpc_id
-
-  ingress {
-    from_port = 22
-    to_port   = 22
-    protocol  = "tcp"
-
-    cidr_blocks = [
-      "10.0.0.0/8",
-    ]
-  }
-}
-
-resource "aws_security_group" "node_ssh_group_2" {
-  name_prefix = "nodes_ssh"
-  vpc_id      = module.vpc.vpc_id
-
-  ingress {
-    from_port = 22
-    to_port   = 22
-    protocol  = "tcp"
-
-    cidr_blocks = [
-      "192.168.0.0/16",
-    ]
-  }
-}

kubernetes/cloud/amazon/terraform/variables.tf

@@ -1,9 +1,8 @@
-variable "access_key" {
-}
-
-variable "secret_key" {
-}
-
 variable "region" {
-  default = "ap-southeast-2"
+  default     = "ap-southeast-2"
+  description = "AWS region"
+}
+
+variable "cluster_name" {
+  default = "getting-started-eks"
 }

kubernetes/cloud/amazon/terraform/versions.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 0.12"
+}
+
+provider "random" {
+  version = "~> 2.1"
+}
+
+provider "local" {
+  version = "~> 1.2"
+}
+
+provider "null" {
+  version = "~> 2.1"
+}
+
+provider "template" {
+  version = "~> 2.1"
+}

kubernetes/cloud/amazon/terraform/vpc.tf

@@ -1,14 +1,15 @@
+provider "aws" {
+  version = ">= 2.28.1"
+  region  = "ap-southeast-2"
+}
 
-######################################################
-# https://github.com/terraform-aws-modules/terraform-aws-vpc
-######################################################
 data "aws_availability_zones" "available" {}
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
   version = "2.6.0"
 
-  name                 = "eks-cluster-vpc"
+  name                 = "training-vpc"
   cidr                 = "10.0.0.0/16"
   azs                  = data.aws_availability_zones.available.names
   private_subnets      = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
@@ -18,17 +19,16 @@ module "vpc" {
   enable_dns_hostnames = true
 
   tags = {
-    "kubernetes.io/cluster/eks-getting-started" = "shared"
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
   }
 
   public_subnet_tags = {
-    "kubernetes.io/cluster/eks-getting-started" = "shared"
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
     "kubernetes.io/role/elb"                      = "1"
   }
 
   private_subnet_tags = {
-    "kubernetes.io/cluster/eks-getting-started" = "shared"
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
     "kubernetes.io/role/internal-elb"             = "1"
   }
-
-}
+}