farcasclaudiu/terraform-course
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/terraform-course.git synced 2026-06-22 07:01:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Terraform 0.12 (#20)

Browse Source 
* Terraform 0.12
This commit is contained in:
Edward Viaene
2019-10-06 13:46:10 +02:00
committed by GitHub
parent 9e31795a58
commit 5d9eeb6c4c
201 changed files with 2528 additions and 2006 deletions
Download Patch File Download Diff File Expand all files Collapse all files
eks-demo/eks-cluster.tf
+14 -6
View File
@@ -1,15 +1,23 @@
resource "aws_eks_cluster" "demo" {
name = "${var.cluster-name}"
role_arn = "${aws_iam_role.demo-cluster.arn}"
name = var.cluster-name
role_arn = aws_iam_role.demo-cluster.arn
vpc_config {
security_group_ids = ["${aws_security_group.demo-cluster.id}"]
subnet_ids = ["${module.vpc.public_subnets}"]
security_group_ids = [aws_security_group.demo-cluster.id]
# TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
# force an interpolation expression to be interpreted as a list by wrapping it
# in an extra set of list brackets. That form was supported for compatibilty in
# v0.11, but is no longer supported in Terraform v0.12.
#
# If the expression in the following list itself returns a list, remove the
# brackets to avoid interpretation as a list of lists. If the expression
# returns a single list item then leave it as-is and remove this TODO comment.
subnet_ids = module.vpc.public_subnets
}
depends_on = [
"aws_iam_role_policy_attachment.demo-cluster-AmazonEKSClusterPolicy",
"aws_iam_role_policy_attachment.demo-cluster-AmazonEKSServicePolicy",
aws_iam_role_policy_attachment.demo-cluster-AmazonEKSClusterPolicy,
aws_iam_role_policy_attachment.demo-cluster-AmazonEKSServicePolicy,
]
}
eks-demo/eks-workers.tf
+27 -17
View File
@@ -17,18 +17,19 @@ locals {
demo-node-userdata = <<USERDATA
#!/bin/bash
set -o xtrace
/etc/eks/bootstrap.sh --apiserver-endpoint '${aws_eks_cluster.demo.endpoint}' --b64-cluster-ca '${aws_eks_cluster.demo.certificate_authority.0.data}' '${var.cluster-name}'
/etc/eks/bootstrap.sh --apiserver-endpoint '${aws_eks_cluster.demo.endpoint}' --b64-cluster-ca '${aws_eks_cluster.demo.certificate_authority[0].data}' '${var.cluster-name}'
USERDATA
}
resource "aws_launch_configuration" "demo" {
associate_public_ip_address = true
iam_instance_profile = "${aws_iam_instance_profile.demo-node.name}"
image_id = "${data.aws_ami.eks-worker.id}"
instance_type = "t2.large"
name_prefix = "terraform-eks-demo"
security_groups = ["${aws_security_group.demo-node.id}"]
user_data_base64 = "${base64encode(local.demo-node-userdata)}"
iam_instance_profile = aws_iam_instance_profile.demo-node.name
image_id = data.aws_ami.eks-worker.id
instance_type = "t2.large"
name_prefix = "terraform-eks-demo"
security_groups = [aws_security_group.demo-node.id]
user_data_base64 = base64encode(local.demo-node-userdata)
lifecycle {
create_before_destroy = true
@@ -36,22 +37,31 @@ resource "aws_launch_configuration" "demo" {
}
resource "aws_autoscaling_group" "demo" {
desired_capacity = 2
launch_configuration = "${aws_launch_configuration.demo.id}"
max_size = 2
min_size = 1
name = "terraform-eks-demo"
vpc_zone_identifier = ["${module.vpc.public_subnets}"]
desired_capacity = 2
launch_configuration = aws_launch_configuration.demo.id
max_size = 2
min_size = 1
name = "terraform-eks-demo"
# TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
# force an interpolation expression to be interpreted as a list by wrapping it
# in an extra set of list brackets. That form was supported for compatibilty in
# v0.11, but is no longer supported in Terraform v0.12.
#
# If the expression in the following list itself returns a list, remove the
# brackets to avoid interpretation as a list of lists. If the expression
# returns a single list item then leave it as-is and remove this TODO comment.
vpc_zone_identifier = module.vpc.public_subnets
tag {
key = "Name"
value = "terraform-eks-demo"
key = "Name"
value = "terraform-eks-demo"
propagate_at_launch = true
}
tag {
key = "kubernetes.io/cluster/${var.cluster-name}"
value = "owned"
key = "kubernetes.io/cluster/${var.cluster-name}"
value = "owned"
propagate_at_launch = true
}
}
eks-demo/external-ip.tf
+1
View File
@@ -5,3 +5,4 @@ data "http" "workstation-external-ip" {
locals {
workstation-external-cidr = "${chomp(data.http.workstation-external-ip.body)}/32"
}
eks-demo/iam-workers.tf
+6 -4
View File
@@ -15,24 +15,26 @@ resource "aws_iam_role" "demo-node" {
]
}
POLICY
}
resource "aws_iam_role_policy_attachment" "demo-node-AmazonEKSWorkerNodePolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
role = "${aws_iam_role.demo-node.name}"
role = aws_iam_role.demo-node.name
}
resource "aws_iam_role_policy_attachment" "demo-node-AmazonEKS_CNI_Policy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
role = "${aws_iam_role.demo-node.name}"
role = aws_iam_role.demo-node.name
}
resource "aws_iam_role_policy_attachment" "demo-node-AmazonEC2ContainerRegistryReadOnly" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
role = "${aws_iam_role.demo-node.name}"
role = aws_iam_role.demo-node.name
}
resource "aws_iam_instance_profile" "demo-node" {
name = "terraform-eks-demo"
role = "${aws_iam_role.demo-node.name}"
role = aws_iam_role.demo-node.name
}
eks-demo/iam.tf
+6 -3
View File
@@ -15,22 +15,23 @@ resource "aws_iam_role" "demo-cluster" {
]
}
POLICY
}
resource "aws_iam_role_policy_attachment" "demo-cluster-AmazonEKSClusterPolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
role = "${aws_iam_role.demo-cluster.name}"
role = aws_iam_role.demo-cluster.name
}
resource "aws_iam_role_policy_attachment" "demo-cluster-AmazonEKSServicePolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
role = "${aws_iam_role.demo-cluster.name}"
role = aws_iam_role.demo-cluster.name
}
# If no loadbalancer was ever created in this region, then this following role is necessary
resource "aws_iam_role_policy" "demo-cluster-service-linked-role" {
name = "service-linked-role"
role = "${aws_iam_role.demo-cluster.name}"
role = aws_iam_role.demo-cluster.name
policy = <<EOF
{
@@ -51,4 +52,6 @@ resource "aws_iam_role_policy" "demo-cluster-service-linked-role" {
]
}
EOF
}
eks-demo/outputs.tf
+6 -3
View File
@@ -7,7 +7,7 @@ apiVersion: v1
clusters:
- cluster:
server: ${aws_eks_cluster.demo.endpoint}
certificate-authority-data: ${aws_eks_cluster.demo.certificate_authority.0.data}
certificate-authority-data: ${aws_eks_cluster.demo.certificate_authority[0].data}
name: kubernetes
contexts:
- context:
@@ -28,10 +28,11 @@ users:
- "-i"
- "${var.cluster-name}"
KUBECONFIG
}
output "kubeconfig" {
value = "${local.kubeconfig}"
value = local.kubeconfig
}
# Join configuration
@@ -53,8 +54,10 @@ data:
- system:bootstrappers
- system:nodes
CONFIGMAPAWSAUTH
}
output "config-map-aws-auth" {
value = "${local.config-map-aws-auth}"
value = local.config-map-aws-auth
}
eks-demo/providers.tf
+7 -4
View File
@@ -1,10 +1,13 @@
provider "aws" {
region = "us-east-1"
region = "us-east-1"
}
data "aws_region" "current" {
}
data "aws_region" "current" {}
data "aws_availability_zones" "available" {
}
data "aws_availability_zones" "available" {}
provider "http" {
}
provider "http" {}
eks-demo/securitygroups-workers.tf
+9 -11
View File
@@ -2,7 +2,7 @@
resource "aws_security_group" "demo-node" {
name = "terraform-eks-demo-node"
description = "Security group for all nodes in the cluster"
vpc_id = "${module.vpc.vpc_id}"
vpc_id = module.vpc.vpc_id
egress {
from_port = 0
@@ -11,20 +11,18 @@ resource "aws_security_group" "demo-node" {
cidr_blocks = ["0.0.0.0/0"]
}
tags = "${
map(
"Name", "terraform-eks-demo-node",
"kubernetes.io/cluster/${var.cluster-name}", "owned",
)
}"
tags = {
"Name" = "terraform-eks-demo-node"
"kubernetes.io/cluster/${var.cluster-name}" = "owned"
}
}
resource "aws_security_group_rule" "demo-node-ingress-self" {
description = "Allow node to communicate with each other"
from_port = 0
protocol = "-1"
security_group_id = "${aws_security_group.demo-node.id}"
source_security_group_id = "${aws_security_group.demo-node.id}"
security_group_id = aws_security_group.demo-node.id
source_security_group_id = aws_security_group.demo-node.id
to_port = 65535
type = "ingress"
}
@@ -33,8 +31,8 @@ resource "aws_security_group_rule" "demo-node-ingress-cluster" {
description = "Allow worker Kubelets and pods to receive communication from the cluster control plane"
from_port = 1025
protocol = "tcp"
security_group_id = "${aws_security_group.demo-node.id}"
source_security_group_id = "${aws_security_group.demo-cluster.id}"
security_group_id = aws_security_group.demo-node.id
source_security_group_id = aws_security_group.demo-cluster.id
to_port = 65535
type = "ingress"
}
eks-demo/securitygroups.tf
+14 -6
View File
@@ -1,7 +1,7 @@
resource "aws_security_group" "demo-cluster" {
name = "terraform-eks-demo-cluster"
description = "Cluster communication with worker nodes"
vpc_id = "${module.vpc.vpc_id}"
vpc_id = module.vpc.vpc_id
egress {
from_port = 0
@@ -10,7 +10,7 @@ resource "aws_security_group" "demo-cluster" {
cidr_blocks = ["0.0.0.0/0"]
}
tags {
tags = {
Name = "terraform-eks-demo"
}
}
@@ -19,18 +19,26 @@ resource "aws_security_group_rule" "demo-cluster-ingress-node-https" {
description = "Allow pods to communicate with the cluster API Server"
from_port = 443
protocol = "tcp"
security_group_id = "${aws_security_group.demo-cluster.id}"
source_security_group_id = "${aws_security_group.demo-node.id}"
security_group_id = aws_security_group.demo-cluster.id
source_security_group_id = aws_security_group.demo-node.id
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "demo-cluster-ingress-workstation-https" {
cidr_blocks = ["${local.workstation-external-cidr}"]
# TF-UPGRADE-TODO: In Terraform v0.10 and earlier, it was sometimes necessary to
# force an interpolation expression to be interpreted as a list by wrapping it
# in an extra set of list brackets. That form was supported for compatibilty in
# v0.11, but is no longer supported in Terraform v0.12.
#
# If the expression in the following list itself returns a list, remove the
# brackets to avoid interpretation as a list of lists. If the expression
# returns a single list item then leave it as-is and remove this TODO comment.
cidr_blocks = [local.workstation-external-cidr]
description = "Allow workstation to communicate with the cluster API Server"
from_port = 443
protocol = "tcp"
security_group_id = "${aws_security_group.demo-cluster.id}"
security_group_id = aws_security_group.demo-cluster.id
to_port = 443
type = "ingress"
}
eks-demo/vars.tf
+2 -1
View File
@@ -1,4 +1,5 @@
variable "cluster-name" {
default = "terraform-eks-demo"
type = "string"
type = string
}
eks-demo/versions.tf
+4
View File
@@ -0,0 +1,4 @@
terraform {
required_version = ">= 0.12"
}
eks-demo/vpc.tf
+7 -9
View File
@@ -1,22 +1,20 @@
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> v1.0"
source = "terraform-aws-modules/vpc/aws"
version = "2.6.0"
name = "vpc-module-demo"
cidr = "10.0.0.0/16"
azs = ["${slice(data.aws_availability_zones.available.names, 0, 3)}"]
azs = slice(data.aws_availability_zones.available.names, 0, 3)
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = false
enable_vpn_gateway = false
tags = "${
map(
"Name", "terraform-eks-demo-node",
"kubernetes.io/cluster/${var.cluster-name}", "shared",
)
}"
tags = {
"Name" = "terraform-eks-demo-node"
"kubernetes.io/cluster/${var.cluster-name}" = "shared"
}
}