From 7406d1e89e9151f25989d8678a0354c03ef8f1ea Mon Sep 17 00:00:00 2001 From: "BARRY Thierno Ibrahima (Canal Plus Prestataire)" Date: Mon, 2 Nov 2020 21:51:40 +0100 Subject: [PATCH] add example --- examples/fargate/main.tf | 112 ++++++++++++++++++++++++++++++++++ examples/fargate/outputs.tf | 29 +++++++++ examples/fargate/variables.tf | 52 ++++++++++++++++ modules/fargate/README.md | 1 + modules/fargate/fargate.tf | 6 +- modules/fargate/locals.tf | 5 ++ 6 files changed, 202 insertions(+), 3 deletions(-) create mode 100644 examples/fargate/main.tf create mode 100644 examples/fargate/outputs.tf create mode 100644 examples/fargate/variables.tf diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf new file mode 100644 index 0000000000..f3f1aa0273 --- /dev/null +++ b/examples/fargate/main.tf @@ -0,0 +1,112 @@ +terraform { + required_version = ">= 0.12.6" +} + +provider "aws" { + version = ">= 2.28.1" + region = var.region +} + +provider "random" { + version = "~> 2.1" +} + +provider "local" { + version = "~> 1.2" +} + +provider "null" { + version = "~> 2.1" +} + +provider "template" { + version = "~> 2.1" +} + +data "aws_eks_cluster" "cluster" { + name = module.eks.cluster_id +} + +data "aws_eks_cluster_auth" "cluster" { + name = module.eks.cluster_id +} + +provider "kubernetes" { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.cluster.token + load_config_file = false + version = "~> 1.11" +} + +data "aws_availability_zones" "available" { +} + +locals { + cluster_name = "test-eks-${random_string.suffix.result}" +} + +resource "random_string" "suffix" { + length = 8 + special = false +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "2.47.0" + + name = "test-vpc" + cidr = "172.16.0.0/16" + azs = data.aws_availability_zones.available.names + private_subnets = ["172.16.1.0/24", "172.16.2.0/24", "172.16.3.0/24"] + public_subnets = ["172.16.4.0/24", "172.16.5.0/24", "172.16.6.0/24"] + enable_nat_gateway = true + single_nat_gateway = true + enable_dns_hostnames = true + + public_subnet_tags = { + "kubernetes.io/cluster/${local.cluster_name}" = "shared" + "kubernetes.io/role/elb" = "1" + } + + private_subnet_tags = { + "kubernetes.io/cluster/${local.cluster_name}" = "shared" + "kubernetes.io/role/internal-elb" = "1" + } +} + +module "eks" { + source = "../.." + cluster_name = local.cluster_name + cluster_version = "1.17" + subnets = module.vpc.private_subnets + + tags = { + Environment = "test" + GithubRepo = "terraform-aws-eks" + GithubOrg = "terraform-aws-modules" + } + + vpc_id = module.vpc.vpc_id + + fargate_profiles = { + example = { + namespace = "default" + + # Kubernetes labels for selection + # labels = { + # Environment = "test" + # GithubRepo = "terraform-aws-eks" + # GithubOrg = "terraform-aws-modules" + # } + + tags = { + Owner = "test" + } + } + } + + map_roles = var.map_roles + map_users = var.map_users + map_accounts = var.map_accounts +} diff --git a/examples/fargate/outputs.tf b/examples/fargate/outputs.tf new file mode 100644 index 0000000000..59aa57a2c9 --- /dev/null +++ b/examples/fargate/outputs.tf @@ -0,0 +1,29 @@ +output "cluster_endpoint" { + description = "Endpoint for EKS control plane." + value = module.eks.cluster_endpoint +} + +output "cluster_security_group_id" { + description = "Security group ids attached to the cluster control plane." + value = module.eks.cluster_security_group_id +} + +output "kubectl_config" { + description = "kubectl config as generated by the module." + value = module.eks.kubeconfig +} + +output "config_map_aws_auth" { + description = "A kubernetes configuration to authenticate to this EKS cluster." + value = module.eks.config_map_aws_auth +} + +output "region" { + description = "AWS region." + value = var.region +} + +output "fargate_profile_arns" { + description = "Outputs from node groups" + value = module.eks.fargate_profile_arns +} diff --git a/examples/fargate/variables.tf b/examples/fargate/variables.tf new file mode 100644 index 0000000000..7085aeabd4 --- /dev/null +++ b/examples/fargate/variables.tf @@ -0,0 +1,52 @@ +variable "region" { + default = "us-west-2" +} + +variable "map_accounts" { + description = "Additional AWS account numbers to add to the aws-auth configmap." + type = list(string) + + default = [ + "777777777777", + "888888888888", + ] +} + +variable "map_roles" { + description = "Additional IAM roles to add to the aws-auth configmap." + type = list(object({ + rolearn = string + username = string + groups = list(string) + })) + + default = [ + { + rolearn = "arn:aws:iam::66666666666:role/role1" + username = "role1" + groups = ["system:masters"] + }, + ] +} + +variable "map_users" { + description = "Additional IAM users to add to the aws-auth configmap." + type = list(object({ + userarn = string + username = string + groups = list(string) + })) + + default = [ + { + userarn = "arn:aws:iam::66666666666:user/user1" + username = "user1" + groups = ["system:masters"] + }, + { + userarn = "arn:aws:iam::66666666666:user/user2" + username = "user2" + groups = ["system:masters"] + }, + ] +} diff --git a/modules/fargate/README.md b/modules/fargate/README.md index 1f329665b6..75d93c1b68 100644 --- a/modules/fargate/README.md +++ b/modules/fargate/README.md @@ -13,6 +13,7 @@ Helper submodule to create and manage resources related to `aws_eks_fargate_prof | name | Fargate profile name | `string` | Auto generated in the following format `[cluster_name]-fargate-[fargate_profile_map_key]`| no | | namespace | Kubernetes namespace for selection | `string` | n/a | yes | | labels | Key-value map of Kubernetes labels for selection | `map(string)` | `{}` | no | +| tags | Key-value map of resource tags. Will be merged with root module tags. | `map(string)` | `var.tags` | no | ## Requirements diff --git a/modules/fargate/fargate.tf b/modules/fargate/fargate.tf index e9b935aeb5..f3592ba27f 100644 --- a/modules/fargate/fargate.tf +++ b/modules/fargate/fargate.tf @@ -13,16 +13,16 @@ resource "aws_iam_role_policy_attachment" "eks_fargate_pod" { } resource "aws_eks_fargate_profile" "this" { - for_each = local.create_eks ? var.fargate_profiles : {} + for_each = local.create_eks ? local.fargate_profiles_expanded : {} cluster_name = var.cluster_name fargate_profile_name = lookup(each.value, "name", format("%s-fargate-%s", var.cluster_name, replace(each.key, "_", "-"))) pod_execution_role_arn = local.pod_execution_role_arn subnet_ids = var.subnets - tags = var.tags + tags = each.value.tags selector { namespace = each.value.namespace - labels = each.value.labels + labels = lookup(each.value, "labels", null) } depends_on = [var.eks_depends_on] diff --git a/modules/fargate/locals.tf b/modules/fargate/locals.tf index a8227f4bdb..dbd72f0107 100644 --- a/modules/fargate/locals.tf +++ b/modules/fargate/locals.tf @@ -2,4 +2,9 @@ locals { create_eks = var.create_eks && length(var.fargate_profiles) > 0 pod_execution_role_arn = var.create_fargate_pod_execution_role ? element(concat(aws_iam_role.eks_fargate_pod.*.arn, list("")), 0) : element(concat(data.aws_iam_role.custom_fargate_iam_role.*.arn, list("")), 0) pod_execution_role_name = var.create_fargate_pod_execution_role ? element(concat(aws_iam_role.eks_fargate_pod.*.name, list("")), 0) : element(concat(data.aws_iam_role.custom_fargate_iam_role.*.name, list("")), 0) + + fargate_profiles_expanded = { for k, v in var.fargate_profiles : k => merge( + { tags = var.tags }, + v, + ) if var.create_eks } }