Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement EKS as separate description #180

Merged
merged 9 commits into from
Dec 11, 2024
Merged

Implement EKS as separate description #180

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
37294b2
Implement EKS description; Comment out temporarily unused parts
vradicevicds Nov 27, 2024
9a3cedf
Remove security groups from eks
vradicevicds Dec 9, 2024
198e0fc
Address review comments part1
vradicevicds Dec 9, 2024
f735d2d
Address review comments
vradicevicds Dec 9, 2024
4db6d12
Align versions and lock file
vradicevicds Dec 9, 2024
67e5494
Address review comments
vradicevicds Dec 9, 2024
97bacff
Remove cloudwatch creation
vradicevicds Dec 9, 2024
4175c70
Add descriptions
vradicevicds Dec 9, 2024
a0783f0
Address review comments
vradicevicds Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
262 changes: 84 additions & 178 deletions .terraform.lock.hcl
View file
Open in desktop

Large diffs are not rendered by default.

40 changes: 40 additions & 0 deletions RESOURCES
View file
Open in desktop
vradicevicds marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
module.eks.module.aws_eks.aws_eks_cluster.this[0]
module.eks.module.aws_eks.aws_iam_role.this[0]
module.eks.module.aws_eks.aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"]
module.eks.module.aws_eks.aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"]
module.eks.module.kms[0].aws_kms_key.this
module.eks.module.kms[0].aws_kms_alias.this
??module.eks.kubernetes_config_map.aws_auth[0]
??module.eks.module.aws_eks.aws_iam_openid_connect_provider.oidc_provider[0]

module.eks.module.aws_eks.aws_security_group.cluster[0]
module.eks.module.aws_eks.aws_security_group_rule.cluster["egress_nodes_443"]
module.eks.module.aws_eks.aws_security_group_rule.cluster["egress_nodes_kubelet"]
module.eks.module.aws_eks.aws_security_group_rule.cluster["ingress_nodes_443"]
module.eks.module.aws_eks.aws_security_group.node[0]
module.eks.module.aws_eks.aws_security_group_rule.node["egress_cluster_443"]
module.eks.module.aws_eks.aws_security_group_rule.node["egress_https"]
module.eks.module.aws_eks.aws_security_group_rule.node["egress_ntp_tcp"]
module.eks.module.aws_eks.aws_security_group_rule.node["egress_ntp_udp"]
module.eks.module.aws_eks.aws_security_group_rule.node["egress_self_coredns_tcp"]
module.eks.module.aws_eks.aws_security_group_rule.node["egress_self_coredns_udp"]
module.eks.module.aws_eks.aws_security_group_rule.node["ingress_cluster_443"]
module.eks.module.aws_eks.aws_security_group_rule.node["ingress_cluster_kubelet"]
module.eks.module.aws_eks.aws_security_group_rule.node["ingress_self_coredns_tcp"]
module.eks.module.aws_eks.aws_security_group_rule.node["ingress_self_coredns_udp"]

module.eks.module.aws_eks.aws_ec2_tag.cluster_primary_security_group["created"]
module.eks.module.aws_eks.aws_ec2_tag.cluster_primary_security_group["created_by"]
// module.eks.module.aws_eks.module.kms.data.aws_caller_identity.current
// module.eks.module.aws_eks.module.kms.data.aws_partition.current
// module.eks.data.aws_caller_identity.current
// module.eks.data.aws_eks_cluster.cluster[0]
// module.eks.data.aws_iam_policy_document.eks_key
// module.eks.data.aws_iam_session_context.current
// module.eks.data.aws_partition.current
// module.eks.data.aws_region.current
// module.eks.data.http.eks_cluster_readiness[0]
// module.eks.module.aws_eks.data.aws_caller_identity.current
// module.eks.module.aws_eks.data.aws_iam_policy_document.assume_role_policy[0]
// module.eks.module.aws_eks.data.aws_partition.current
// module.eks.module.aws_eks.data.tls_certificate.this[0]
36 changes: 18 additions & 18 deletions k8s-eks-addons.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
module "k8s_eks_addons" {
source = "./modules/k8s_eks_addons"
# module "k8s_eks_addons" {
# source = "./modules/k8s_eks_addons"

ingress_nginx_config = merge(var.ingress_nginx_config, { subnets_ids = local.public_subnets })
cluster_autoscaler_config = var.cluster_autoscaler_config
coredns_config = var.coredns_config
s3_csi_config = var.s3_csi_config
aws_load_balancer_controller_config = var.aws_load_balancer_controller_config
# ingress_nginx_config = merge(var.ingress_nginx_config, { subnets_ids = local.public_subnets })
# cluster_autoscaler_config = var.cluster_autoscaler_config
# coredns_config = var.coredns_config
# s3_csi_config = var.s3_csi_config
# aws_load_balancer_controller_config = var.aws_load_balancer_controller_config

addon_context = {
aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
aws_partition_id = data.aws_partition.current.partition
aws_region_name = data.aws_region.current.name
eks_cluster_id = module.eks.eks_cluster_id
eks_cluster_version = module.eks.eks_cluster_version
eks_oidc_issuer_url = replace(module.eks.eks_oidc_issuer_url, "https://", "")
tags = var.tags
}
# addon_context = {
# aws_caller_identity_account_id = data.aws_caller_identity.current.account_id
# aws_partition_id = data.aws_partition.current.partition
# aws_region_name = data.aws_region.current.name
# eks_cluster_id = module.eks.eks_cluster_id
# eks_cluster_version = module.eks.eks_cluster_version
# eks_oidc_issuer_url = replace(module.eks.eks_oidc_issuer_url, "https://", "")
# tags = var.tags
# }

depends_on = [module.eks.eks_cluster_arn, module.vpc]
}
# depends_on = [module.eks.eks_cluster_arn, module.vpc]
# }
229 changes: 122 additions & 107 deletions k8s.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,110 +1,125 @@
module "eks" {
source = "git::https://github.com/aws-ia/terraform-aws-eks-blueprints.git?ref=v4.32.1"
cluster_version = var.kubernetesVersion
cluster_name = var.infrastructurename
vpc_id = local.vpc_id
private_subnet_ids = local.private_subnets
create_eks = true
map_accounts = var.map_accounts
map_users = var.map_users
map_roles = var.map_roles
tags = var.tags
cloudwatch_log_group_kms_key_id = aws_kms_key.kms_key_cloudwatch_log_group.arn
cloudwatch_log_group_retention_in_days = var.cloudwatch_retention
managed_node_groups = merge(local.default_managed_node_pools, var.gpuNodePool ? local.gpu_node_pool : {}, var.ivsGpuNodePool ? local.ivsgpu_node_pool : {})
source = "./modules/eks"
cluster_version = var.kubernetesVersion
cluster_name = var.infrastructurename
vpc_id = local.vpc_id
subnet_ids = local.private_subnets
map_accounts = var.map_accounts
map_users = var.map_users
map_roles = var.map_roles
tags = var.tags
}

data "aws_eks_node_group" "default" {
cluster_name = local.infrastructurename
node_group_name = replace(module.eks.managed_node_groups[0]["default"]["managed_nodegroup_id"][0], "${local.infrastructurename}:", "")

}

data "aws_eks_node_group" "execnodes" {
cluster_name = local.infrastructurename
node_group_name = replace(module.eks.managed_node_groups[0]["execnodes"]["managed_nodegroup_id"][0], "${local.infrastructurename}:", "")

}

data "aws_eks_node_group" "gpuexecnodes" {
count = var.gpuNodePool ? 1 : 0
cluster_name = local.infrastructurename
node_group_name = replace(module.eks.managed_node_groups[0]["gpuexecnodes"]["managed_nodegroup_id"][0], "${local.infrastructurename}:", "")
}

data "aws_eks_node_group" "gpuivsnodes" {
count = var.ivsGpuNodePool ? 1 : 0
cluster_name = local.infrastructurename
node_group_name = replace(module.eks.managed_node_groups[0]["gpuivsnodes"]["managed_nodegroup_id"][0], "${local.infrastructurename}:", "")
}

resource "aws_autoscaling_group_tag" "default_node-template_resources_ephemeral-storage" {
autoscaling_group_name = data.aws_eks_node_group.default.resources[0].autoscaling_groups[0].name

tag {
key = "k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage"
value = "${var.linuxNodeDiskSize}G"

propagate_at_launch = true
}
}

resource "aws_autoscaling_group_tag" "execnodes" {
autoscaling_group_name = data.aws_eks_node_group.execnodes.resources[0].autoscaling_groups[0].name

tag {
key = "k8s.io/cluster-autoscaler/node-template/label/purpose"
value = "execution"

propagate_at_launch = true
}
}

# see https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#auto-discovery-setup
# https://github.com/kubernetes/autoscaler/issues/1869#issuecomment-518530724
resource "aws_autoscaling_group_tag" "execnodes_node-template_resources_ephemeral-storage" {
autoscaling_group_name = data.aws_eks_node_group.execnodes.resources[0].autoscaling_groups[0].name

tag {
key = "k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage"
value = "${var.linuxExecutionNodeDiskSize}G"

propagate_at_launch = true
}
}

resource "aws_autoscaling_group_tag" "gpuexecnodes" {
count = var.gpuNodePool ? 1 : 0
autoscaling_group_name = data.aws_eks_node_group.gpuexecnodes[0].resources[0].autoscaling_groups[0].name

tag {
key = "k8s.io/cluster-autoscaler/node-template/label/purpose"
value = "gpu"

propagate_at_launch = true
}
}

resource "aws_autoscaling_group_tag" "gpuexecnodes_node-template_resources_ephemeral-storage" {
count = var.gpuNodePool ? 1 : 0
autoscaling_group_name = data.aws_eks_node_group.gpuexecnodes[0].resources[0].autoscaling_groups[0].name

tag {
key = "k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage"
value = "${var.gpuNodeDiskSize}G"

propagate_at_launch = true
}
}

resource "aws_autoscaling_group_tag" "gpuivsnodes" {
count = var.ivsGpuNodePool ? 1 : 0
autoscaling_group_name = data.aws_eks_node_group.gpuivsnodes[0].resources[0].autoscaling_groups[0].name

tag {
key = "k8s.io/cluster-autoscaler/node-template/label/purpose"
value = "gpu"

propagate_at_launch = true
}
}
# module "eks-addons" {
# source = "git::https://github.com/aws-ia/terraform-aws-eks-blueprints.git//modules/kubernetes-addons?ref=v4.32.1"
# eks_cluster_id = module.eks.eks_cluster_id
# enable_aws_load_balancer_controller = false
# enable_aws_for_fluentbit = var.enable_aws_for_fluentbit
# tags = var.tags

# aws_for_fluentbit_helm_config = {
# values = [templatefile("${path.module}/templates/fluentbit_values.yaml", {
# aws_region = data.aws_region.current.name,
# log_group_name = local.log_group_name,
# service_account_name = "aws-for-fluent-bit-sa"
# })]
# dependency_update = true
# }

# #depends_on = [module.eks.managed_node_groups]
# }
vradicevicds marked this conversation as resolved.
Show resolved Hide resolved

# data "aws_eks_node_group" "default" {
# cluster_name = local.infrastructurename
# node_group_name = replace(module.eks.managed_node_groups[0]["default"]["managed_nodegroup_id"][0], "${local.infrastructurename}:", "")

# }

# data "aws_eks_node_group" "execnodes" {
# cluster_name = local.infrastructurename
# node_group_name = replace(module.eks.managed_node_groups[0]["execnodes"]["managed_nodegroup_id"][0], "${local.infrastructurename}:", "")

# }

# data "aws_eks_node_group" "gpuexecnodes" {
# count = var.gpuNodePool ? 1 : 0
# cluster_name = local.infrastructurename
# node_group_name = replace(module.eks.managed_node_groups[0]["gpuexecnodes"]["managed_nodegroup_id"][0], "${local.infrastructurename}:", "")
# }

# data "aws_eks_node_group" "gpuivsnodes" {
# count = var.ivsGpuNodePool ? 1 : 0
# cluster_name = local.infrastructurename
# node_group_name = replace(module.eks.managed_node_groups[0]["gpuivsnodes"]["managed_nodegroup_id"][0], "${local.infrastructurename}:", "")
# }

# resource "aws_autoscaling_group_tag" "default_node-template_resources_ephemeral-storage" {
# autoscaling_group_name = data.aws_eks_node_group.default.resources[0].autoscaling_groups[0].name

# tag {
# key = "k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage"
# value = "${var.linuxNodeDiskSize}G"

# propagate_at_launch = true
# }
# }

# resource "aws_autoscaling_group_tag" "execnodes" {
# autoscaling_group_name = data.aws_eks_node_group.execnodes.resources[0].autoscaling_groups[0].name

# tag {
# key = "k8s.io/cluster-autoscaler/node-template/label/purpose"
# value = "execution"

# propagate_at_launch = true
# }
# }

# # see https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md#auto-discovery-setup
# # https://github.com/kubernetes/autoscaler/issues/1869#issuecomment-518530724
# resource "aws_autoscaling_group_tag" "execnodes_node-template_resources_ephemeral-storage" {
# autoscaling_group_name = data.aws_eks_node_group.execnodes.resources[0].autoscaling_groups[0].name

# tag {
# key = "k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage"
# value = "${var.linuxExecutionNodeDiskSize}G"

# propagate_at_launch = true
# }
# }

# resource "aws_autoscaling_group_tag" "gpuexecnodes" {
# count = var.gpuNodePool ? 1 : 0
# autoscaling_group_name = data.aws_eks_node_group.gpuexecnodes[0].resources[0].autoscaling_groups[0].name

# tag {
# key = "k8s.io/cluster-autoscaler/node-template/label/purpose"
# value = "gpu"

# propagate_at_launch = true
# }
# }

# resource "aws_autoscaling_group_tag" "gpuexecnodes_node-template_resources_ephemeral-storage" {
# count = var.gpuNodePool ? 1 : 0
# autoscaling_group_name = data.aws_eks_node_group.gpuexecnodes[0].resources[0].autoscaling_groups[0].name

# tag {
# key = "k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage"
# value = "${var.gpuNodeDiskSize}G"

# propagate_at_launch = true
# }
# }

# resource "aws_autoscaling_group_tag" "gpuivsnodes" {
# count = var.ivsGpuNodePool ? 1 : 0
# autoscaling_group_name = data.aws_eks_node_group.gpuivsnodes[0].resources[0].autoscaling_groups[0].name

# tag {
# key = "k8s.io/cluster-autoscaler/node-template/label/purpose"
# value = "gpu"

# propagate_at_launch = true
# }
# }
Loading
Loading