Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Update modules, providers, EKS version, and reorganize examples #53

Closed
wants to merge 1 commit into from
Closed

chore: Update modules, providers, EKS version, and reorganize examples #53

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
0 examples/complete/README.md → patterns/terraform/README.md
View file
Open in desktop
File renamed without changes.
0 ...ples/complete/images/ACK_microservice.png → ...rns/terraform/images/ACK_microservice.png
View file
Open in desktop
File renamed without changes
78 changes: 45 additions & 33 deletions examples/complete/main.tf → patterns/terraform/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,14 @@ provider "aws" {
region = local.region
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't rename the director to patterns. We want to keep it consistent with other terraform AWS modules. Patterns should go in EKS Blueprints repo.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, are you saying that we should create multiple different ACK deployment options in the EKS Blueprints repository and keep the "complete" "example" here as an end-to-end test?

}

# This provider is required for ECR to autheticate with public repos. Please note ECR authetication requires us-east-1 as region hence its hardcoded below.
# If your region is same as us-east-1 then you can just use one aws provider
# Required for public ECR where ACK artifacts are hosted
provider "aws" {
alias = "ecr"
region = "us-east-1"
alias = "virginia"
candonov marked this conversation as resolved.
Show resolved Hide resolved
}

data "aws_ecrpublic_authorization_token" "token" {
provider = aws.ecr
provider = aws.virginia
}

provider "kubernetes" {
Expand Down Expand Up @@ -43,7 +42,7 @@ data "aws_availability_zones" "available" {}
data "aws_caller_identity" "current" {}

locals {
name = basename(path.cwd)
name = "${basename(path.cwd)}-ack-blueprints"
candonov marked this conversation as resolved.
Show resolved Hide resolved
region = var.aws_region

vpc_cidr = "10.0.0.0/16"
Expand All @@ -59,30 +58,51 @@ locals {
# EKS Cluster
################################################################################

#tfsec:ignore:aws-eks-enable-control-plane-logging
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "~> 19.13"
version = "~> 20.20"

cluster_name = local.name
cluster_version = "1.27"
cluster_endpoint_public_access = true
cluster_name = local.name
cluster_version = "1.30"

cluster_endpoint_private_access = true
cluster_endpoint_public_access = true
kms_key_enable_default_policy = true

# Give the Terraform identity admin access to the cluster
# which will allow resources to be deployed into the cluster
enable_cluster_creator_admin_permissions = true

# EKS Addons
cluster_addons = {
coredns = {
most_recent = true
}
kube-proxy = {
most_recent = true
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
}
}
eks-pod-identity-agent = {
most_recent = true
}

vpc-cni = {
before_compute = true # Ensure the addon is configured before compute resources are created
most_recent = true
}
}

vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets

manage_aws_auth_configmap = true

eks_managed_node_groups = {
initial = {
instance_types = ["m5.xlarge"]
max_size = 3
min_size = 3
desired_size = 3
instance_types = ["m5.large"]

min_size = 1
max_size = 5
desired_size = 3
}
}

tags = local.tags

depends_on = [module.vpc]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed as there is an implicit dependency when you provide vpc id and subnets.

}

################################################################################
Expand All @@ -91,37 +111,29 @@ module "eks" {

module "eks_blueprints_addons" {
source = "aws-ia/eks-blueprints-addons/aws"
version = "~> 1.0.0"
version = "~> 1.16"

cluster_name = module.eks.cluster_name
cluster_endpoint = module.eks.cluster_endpoint
cluster_version = module.eks.cluster_version
oidc_provider_arn = module.eks.oidc_provider_arn

eks_addons = {
coredns = {
timeouts = {
create = "25m"
delete = "10m"
}
}
vpc-cni = {}
kube-proxy = {}
}

# Add-ons
enable_aws_load_balancer_controller = true
enable_metrics_server = true

tags = local.tags

depends_on = [module.eks]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not needed due to implicit dependency via cluster_name, endpoint, etc.

}

################################################################################
# ACK Addons
################################################################################

module "eks_ack_addons" {
source = "../../"
source = "aws-ia/eks-ack-addons/aws"
version = "2.2.0"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is done relatively for a reason so you can test the latest changes. Please leave it as is.


# Cluster Info
cluster_name = module.eks.cluster_name
Expand All @@ -143,6 +155,8 @@ module "eks_ack_addons" {
enable_eventbridge = true

tags = local.tags

depends_on = [module.eks_blueprints_addons]
}

################################################################################
Expand All @@ -151,7 +165,7 @@ module "eks_ack_addons" {

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 5.0"
version = "~> 5.9"

name = local.name
cidr = local.vpc_cidr
Expand Down Expand Up @@ -232,7 +246,7 @@ resource "kubernetes_service_account_v1" "ack_demo" {

module "irsa" {
source = "aws-ia/eks-blueprints-addon/aws"
version = "~> 1.1.0"
version = "~> 1.1.1"

# Disable helm release
create_release = false
Expand All @@ -257,9 +271,7 @@ module "irsa" {
tags = local.tags
}


resource "aws_security_group" "vpc_link_sg" {
# checkov:skip=CKV2_AWS_5
name = "${local.name}-vpc-link"
description = "Security group for API Gateway v2 VPC link"
vpc_id = module.vpc.vpc_id
Expand Down
2 changes: 1 addition & 1 deletion examples/complete/outputs.tf → patterns/terraform/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
output "configure_kubectl" {
description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
value = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}"
value = "aws eks update-kubeconfig --name ${module.eks.cluster_name} --alias ${local.name} --region ${local.region}"
}

output "api_gatewayv2_vpc_link_id" {
Expand Down
0 .../complete/sample-app/apigwv2-httpapi.yaml → ...terraform/sample-app/apigwv2-httpapi.yaml
View file
Open in desktop
File renamed without changes.
0 examples/complete/sample-app/app.yaml → patterns/terraform/sample-app/app.yaml
View file
Open in desktop
File renamed without changes.
0 ...s/complete/sample-app/dynamodb-table.yaml → .../terraform/sample-app/dynamodb-table.yaml
View file
Open in desktop
File renamed without changes.
0 ...ples/complete/sample-app/elasticache.yaml → ...rns/terraform/sample-app/elasticache.yaml
View file
Open in desktop
File renamed without changes.
0 examples/complete/variables.tf → patterns/terraform/variables.tf
View file
Open in desktop
File renamed without changes.
16 changes: 9 additions & 7 deletions examples/complete/versions.tf → patterns/terraform/versions.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,20 @@
terraform {
required_version = ">= 1.0.0"
required_version = ">= 1.3"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.1"
}
helm = {
source = "hashicorp/helm"
version = ">= 2.8"
version = ">= 5.34"
}

kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.20"
version = ">= 2.30"
}

helm = {
source = "hashicorp/helm"
version = ">= 2.13"
}
}
}
Loading