From 62ad848bfdc56d6a630f2bdebad88f0635228ca4 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 10 Aug 2023 19:43:49 -0400 Subject: [PATCH 1/2] feat: Add support for snippets, rename `examples/` to `patterns/` --- .github/scripts/plan-examples.py | 2 +- .github/workflows/e2e-parallel-destroy.yml | 16 +- .github/workflows/e2e-parallel-full.yml | 16 +- .pre-commit-config.yaml | 2 +- docs/.pages | 4 +- docs/blueprints/agones-game-controller.md | 7 - docs/blueprints/appmesh-mtls.md | 7 - docs/blueprints/argocd.md | 7 - docs/blueprints/blue-green-upgrade.md | 7 - docs/blueprints/elastic-fabric-adapter.md | 7 - docs/blueprints/external-secrets.md | 7 - docs/blueprints/fargate-serverless.md | 7 - docs/blueprints/fully-private-cluster.md | 7 - .../iam-identity-center-single-sign-on.md | 7 - docs/blueprints/ipv4-prefix-delegation.md | 7 - docs/blueprints/ipv6-eks-cluster.md | 7 - docs/blueprints/istio-multi-cluster.md | 7 - docs/blueprints/istio.md | 7 - docs/blueprints/karpenter.md | 7 - docs/blueprints/multi-tenancy-with-teams.md | 7 - docs/blueprints/okta-single-sign-on.md | 7 - docs/blueprints/private-public-ingress.md | 7 - docs/blueprints/privatelink-access.md | 7 - docs/blueprints/stateful.md | 7 - docs/blueprints/tls-with-aws-pca-issuer.md | 7 - docs/blueprints/vpc-cni-custom-networking.md | 7 - docs/blueprints/wireguard-with-cilium.md | 7 - docs/getting-started.md | 2 +- docs/iam/min-iam-policy.json | 206 ------------------ docs/iam/minimum-iam-policy.md | 16 -- docs/patterns/agones-game-controller.md | 7 + docs/patterns/appmesh-mtls.md | 7 + docs/patterns/argocd.md | 7 + docs/patterns/blue-green-upgrade.md | 7 + docs/patterns/elastic-fabric-adapter.md | 7 + docs/patterns/external-secrets.md | 7 + docs/patterns/fargate-serverless.md | 7 + docs/patterns/fully-private-cluster.md | 7 + docs/patterns/ipv6-eks-cluster.md | 7 + docs/patterns/istio-multi-cluster.md | 7 + docs/patterns/istio.md | 7 + docs/patterns/karpenter.md | 7 + docs/patterns/multi-tenancy-with-teams.md | 7 + docs/patterns/private-public-ingress.md | 7 + docs/patterns/privatelink-access.md | 7 + docs/patterns/sso-iam-identity-center.md | 7 + docs/patterns/sso-okta.md | 7 + docs/patterns/stateful.md | 7 + docs/patterns/tls-with-aws-pca-issuer.md | 7 + docs/patterns/wireguard-with-cilium.md | 7 + docs/snippets/ipv4-prefix-delegation.md | 53 +++++ docs/snippets/vpc-cni-custom-networking.md | 105 +++++++++ examples/ipv4-prefix-delegation/README.md | 110 ---------- examples/ipv4-prefix-delegation/main.tf | 121 ---------- examples/ipv4-prefix-delegation/versions.tf | 25 --- examples/stateful/variables.tf | 0 examples/vpc-cni-custom-networking/README.md | 139 ------------ examples/vpc-cni-custom-networking/main.tf | 169 -------------- examples/vpc-cni-custom-networking/outputs.tf | 4 - .../vpc-cni-custom-networking/variables.tf | 0 .../vpc-cni-custom-networking/versions.tf | 29 --- examples/wireguard-with-cilium/outputs.tf | 4 - .../agones-game-controller/README.md | 2 +- .../agones-game-controller/destroy.sh | 0 .../helm_values/agones-values.yaml | 0 .../agones-game-controller/main.tf | 0 .../agones-game-controller/outputs.tf | 0 .../test/sample-game-server/fleet.yaml | 0 .../test/sample-game-server/gameserver.yaml | 0 .../test/xonotic/fleet.yaml | 0 .../test/xonotic/fleetautoscaler.yaml | 0 .../test/xonotic/gameserver.yaml | 0 .../test/xonotic/gameserverallocator.yaml | 0 .../agones-game-controller/variables.tf | 0 .../agones-game-controller/versions.tf | 0 {examples => patterns}/appmesh-mtls/README.md | 0 {examples => patterns}/appmesh-mtls/main.tf | 0 .../appmesh-mtls/outputs.tf | 0 .../appmesh-mtls/variables.tf | 0 .../appmesh-mtls/versions.tf | 0 {examples => patterns}/argocd/README.md | 0 {examples => patterns}/argocd/main.tf | 0 .../argocd/min-iam-policy.json | 0 {examples => patterns}/argocd/outputs.tf | 0 {examples => patterns}/argocd/variables.tf | 0 {examples => patterns}/argocd/versions.tf | 0 .../blue-green-upgrade/README.md | 2 +- .../blue-green-upgrade/eks-blue/README.md | 0 .../blue-green-upgrade/eks-blue/main.tf | 0 .../blue-green-upgrade/eks-blue/outputs.tf | 0 .../blue-green-upgrade/eks-blue/providers.tf | 0 .../blue-green-upgrade/eks-blue/variables.tf | 0 .../blue-green-upgrade/eks-green/README.md | 0 .../blue-green-upgrade/eks-green/main.tf | 0 .../blue-green-upgrade/eks-green/outputs.tf | 0 .../blue-green-upgrade/eks-green/providers.tf | 0 .../blue-green-upgrade/eks-green/variables.tf | 0 .../blue-green-upgrade/environment/README.md | 0 .../blue-green-upgrade/environment/main.tf | 0 .../blue-green-upgrade/environment/outputs.tf | 0 .../environment/variables.tf | 0 .../environment/versions.tf | 0 .../modules/eks_cluster/README.md | 0 .../modules/eks_cluster/main.tf | 0 .../modules/eks_cluster/outputs.tf | 0 .../modules/eks_cluster/variables.tf | 0 .../modules/eks_cluster/versions.tf | 0 .../static/archi-blue-green.png | Bin .../blue-green-upgrade/static/archi-blue.png | Bin .../blue-green-upgrade/static/archi-green.png | Bin .../static/burnham-records.png | Bin .../static/burnham-records2.png | Bin .../static/burnham-records3.png | Bin .../blue-green-upgrade/static/eks-argo.png | Bin .../static/github-ssh-secret.png | Bin .../blue-green-upgrade/tear-down.sh | 0 .../terraform.tfvars.example | 0 .../elastic-fabric-adapter/README.md | 0 .../elastic-fabric-adapter/main.tf | 0 .../elastic-fabric-adapter/outputs.tf | 0 .../elastic-fabric-adapter/variables.tf | 0 .../elastic-fabric-adapter/versions.tf | 0 .../external-secrets/README.md | 2 +- .../external-secrets/main.tf | 0 .../external-secrets/outputs.tf | 0 .../external-secrets/variables.tf | 0 .../external-secrets/versions.tf | 0 .../fargate-serverless/README.md | 0 .../fargate-serverless/main.tf | 0 .../fargate-serverless/outputs.tf | 0 .../fargate-serverless/variables.tf | 0 .../fargate-serverless/versions.tf | 0 .../fully-private-cluster/README.md | 2 +- .../fully-private-cluster/main.tf | 0 .../fully-private-cluster/outputs.tf | 0 .../fully-private-cluster/variables.tf | 0 .../fully-private-cluster/versions.tf | 0 .../ipv6-eks-cluster/README.md | 0 .../ipv6-eks-cluster/main.tf | 0 .../ipv6-eks-cluster}/outputs.tf | 0 .../ipv6-eks-cluster}/variables.tf | 0 .../ipv6-eks-cluster/versions.tf | 0 .../0.certs-tool/.gitignore | 0 .../0.certs-tool/Makefile.k8s.mk | 0 .../0.certs-tool/Makefile.selfsigned.mk | 0 .../0.certs-tool/README.md | 0 .../0.certs-tool/common.mk | 0 .../0.certs-tool/create-certs.sh | 0 .../istio-multi-cluster/0.vpc/main.tf | 0 .../istio-multi-cluster/0.vpc/outputs.tf | 0 .../istio-multi-cluster/0.vpc}/variables.tf | 0 .../istio-multi-cluster/0.vpc/versions.tf | 0 .../istio-multi-cluster/1.cluster1/README.md | 0 .../istio-multi-cluster/1.cluster1/main.tf | 0 .../istio-multi-cluster/1.cluster1/outputs.tf | 0 .../1.cluster1/variables.tf | 0 .../1.cluster1/versions.tf | 0 .../istio-multi-cluster/2.cluster2/README.md | 0 .../istio-multi-cluster/2.cluster2/main.tf | 0 .../istio-multi-cluster/2.cluster2/outputs.tf | 0 .../2.cluster2/variables.tf | 0 .../2.cluster2/versions.tf | 0 .../istio-remote-secret.tftpl | 0 .../3.istio-multi-primary/main.tf | 0 .../3.istio-multi-primary/outputs.tf | 0 .../3.istio-multi-primary}/variables.tf | 0 .../3.istio-multi-primary/versions.tf | 0 .../4.test-connectivity/istio-helloworld.yaml | 0 .../4.test-connectivity/istio-sleep.yaml | 0 .../4.test-connectivity/test_connectivity.sh | 0 .../istio-multi-cluster/README.md | 0 {examples => patterns}/istio/README.md | 0 {examples => patterns}/istio/main.tf | 0 .../istio}/outputs.tf | 0 .../istio}/variables.tf | 0 {examples => patterns}/istio/versions.tf | 0 {examples => patterns}/karpenter/README.md | 0 {examples => patterns}/karpenter/main.tf | 0 .../istio => patterns/karpenter}/outputs.tf | 0 .../istio => patterns/karpenter}/variables.tf | 0 {examples => patterns}/karpenter/versions.tf | 0 .../multi-tenancy-with-teams/README.md | 0 .../multi-tenancy-with-teams/main.tf | 0 .../multi-tenancy-with-teams/outputs.tf | 0 .../multi-tenancy-with-teams}/variables.tf | 0 .../multi-tenancy-with-teams/versions.tf | 0 .../private-public-ingress/README.md | 0 .../private-public-ingress/main.tf | 0 .../private-public-ingress/outputs.tf | 0 .../private-public-ingress}/variables.tf | 0 .../private-public-ingress/versions.tf | 0 .../privatelink-access/README.md | 0 .../privatelink-access/client.tf | 0 .../privatelink-access/eks.tf | 0 .../privatelink-access/lambdas/create_eni.py | 0 .../privatelink-access/lambdas/delete_eni.py | 0 .../privatelink-access/main.tf | 0 .../privatelink-access/outputs.tf | 0 .../privatelink-access/privatelink.tf | 0 .../privatelink-access}/variables.tf | 0 .../privatelink-access/versions.tf | 0 .../single-sign-on/README.md | 2 +- .../iam-identity-center/README.md | 0 .../iam-identity-center/main.tf | 0 .../iam-identity-center/outputs.tf | 0 .../single-sign-on/iam-identity-center/sso.tf | 0 .../iam-identity-center/teams.tf | 0 .../iam-identity-center/variables.tf | 0 .../iam-identity-center/versions.tf | 0 .../single-sign-on/okta/README.md | 0 .../single-sign-on/okta/main.tf | 0 .../single-sign-on/okta/okta.tf | 0 .../single-sign-on/okta/outputs.tf | 0 .../single-sign-on/okta/variables.tf | 0 .../single-sign-on/okta/versions.tf | 0 {examples => patterns}/stateful/README.md | 0 {examples => patterns}/stateful/main.tf | 0 {examples => patterns}/stateful/outputs.tf | 0 .../stateful}/variables.tf | 0 {examples => patterns}/stateful/versions.tf | 0 .../tls-with-aws-pca-issuer/README.md | 0 .../tls-with-aws-pca-issuer/main.tf | 0 .../tls-with-aws-pca-issuer}/outputs.tf | 0 .../tls-with-aws-pca-issuer/variables.tf | 0 .../tls-with-aws-pca-issuer/versions.tf | 0 .../wireguard-with-cilium/README.md | 0 .../wireguard-with-cilium/main.tf | 0 .../wireguard-with-cilium}/outputs.tf | 0 .../wireguard-with-cilium/variables.tf | 0 .../wireguard-with-cilium/versions.tf | 0 230 files changed, 322 insertions(+), 1005 deletions(-) delete mode 100644 docs/blueprints/agones-game-controller.md delete mode 100644 docs/blueprints/appmesh-mtls.md delete mode 100644 docs/blueprints/argocd.md delete mode 100644 docs/blueprints/blue-green-upgrade.md delete mode 100644 docs/blueprints/elastic-fabric-adapter.md delete mode 100644 docs/blueprints/external-secrets.md delete mode 100644 docs/blueprints/fargate-serverless.md delete mode 100644 docs/blueprints/fully-private-cluster.md delete mode 100644 docs/blueprints/iam-identity-center-single-sign-on.md delete mode 100644 docs/blueprints/ipv4-prefix-delegation.md delete mode 100644 docs/blueprints/ipv6-eks-cluster.md delete mode 100644 docs/blueprints/istio-multi-cluster.md delete mode 100644 docs/blueprints/istio.md delete mode 100644 docs/blueprints/karpenter.md delete mode 100644 docs/blueprints/multi-tenancy-with-teams.md delete mode 100644 docs/blueprints/okta-single-sign-on.md delete mode 100644 docs/blueprints/private-public-ingress.md delete mode 100644 docs/blueprints/privatelink-access.md delete mode 100644 docs/blueprints/stateful.md delete mode 100644 docs/blueprints/tls-with-aws-pca-issuer.md delete mode 100644 docs/blueprints/vpc-cni-custom-networking.md delete mode 100644 docs/blueprints/wireguard-with-cilium.md delete mode 100644 docs/iam/min-iam-policy.json delete mode 100644 docs/iam/minimum-iam-policy.md create mode 100644 docs/patterns/agones-game-controller.md create mode 100644 docs/patterns/appmesh-mtls.md create mode 100644 docs/patterns/argocd.md create mode 100644 docs/patterns/blue-green-upgrade.md create mode 100644 docs/patterns/elastic-fabric-adapter.md create mode 100644 docs/patterns/external-secrets.md create mode 100644 docs/patterns/fargate-serverless.md create mode 100644 docs/patterns/fully-private-cluster.md create mode 100644 docs/patterns/ipv6-eks-cluster.md create mode 100644 docs/patterns/istio-multi-cluster.md create mode 100644 docs/patterns/istio.md create mode 100644 docs/patterns/karpenter.md create mode 100644 docs/patterns/multi-tenancy-with-teams.md create mode 100644 docs/patterns/private-public-ingress.md create mode 100644 docs/patterns/privatelink-access.md create mode 100644 docs/patterns/sso-iam-identity-center.md create mode 100644 docs/patterns/sso-okta.md create mode 100644 docs/patterns/stateful.md create mode 100644 docs/patterns/tls-with-aws-pca-issuer.md create mode 100644 docs/patterns/wireguard-with-cilium.md create mode 100644 docs/snippets/ipv4-prefix-delegation.md create mode 100644 docs/snippets/vpc-cni-custom-networking.md delete mode 100644 examples/ipv4-prefix-delegation/README.md delete mode 100644 examples/ipv4-prefix-delegation/main.tf delete mode 100644 examples/ipv4-prefix-delegation/versions.tf delete mode 100644 examples/stateful/variables.tf delete mode 100644 examples/vpc-cni-custom-networking/README.md delete mode 100644 examples/vpc-cni-custom-networking/main.tf delete mode 100644 examples/vpc-cni-custom-networking/outputs.tf delete mode 100644 examples/vpc-cni-custom-networking/variables.tf delete mode 100644 examples/vpc-cni-custom-networking/versions.tf delete mode 100644 examples/wireguard-with-cilium/outputs.tf rename {examples => patterns}/agones-game-controller/README.md (99%) rename {examples => patterns}/agones-game-controller/destroy.sh (100%) rename {examples => patterns}/agones-game-controller/helm_values/agones-values.yaml (100%) rename {examples => patterns}/agones-game-controller/main.tf (100%) rename {examples => patterns}/agones-game-controller/outputs.tf (100%) rename {examples => patterns}/agones-game-controller/test/sample-game-server/fleet.yaml (100%) rename {examples => patterns}/agones-game-controller/test/sample-game-server/gameserver.yaml (100%) rename {examples => patterns}/agones-game-controller/test/xonotic/fleet.yaml (100%) rename {examples => patterns}/agones-game-controller/test/xonotic/fleetautoscaler.yaml (100%) rename {examples => patterns}/agones-game-controller/test/xonotic/gameserver.yaml (100%) rename {examples => patterns}/agones-game-controller/test/xonotic/gameserverallocator.yaml (100%) rename {examples => patterns}/agones-game-controller/variables.tf (100%) rename {examples => patterns}/agones-game-controller/versions.tf (100%) rename {examples => patterns}/appmesh-mtls/README.md (100%) rename {examples => patterns}/appmesh-mtls/main.tf (100%) rename {examples => patterns}/appmesh-mtls/outputs.tf (100%) rename {examples => patterns}/appmesh-mtls/variables.tf (100%) rename {examples => patterns}/appmesh-mtls/versions.tf (100%) rename {examples => patterns}/argocd/README.md (100%) rename {examples => patterns}/argocd/main.tf (100%) rename {examples => patterns}/argocd/min-iam-policy.json (100%) rename {examples => patterns}/argocd/outputs.tf (100%) rename {examples => patterns}/argocd/variables.tf (100%) rename {examples => patterns}/argocd/versions.tf (100%) rename {examples => patterns}/blue-green-upgrade/README.md (99%) rename {examples => patterns}/blue-green-upgrade/eks-blue/README.md (100%) rename {examples => patterns}/blue-green-upgrade/eks-blue/main.tf (100%) rename {examples => patterns}/blue-green-upgrade/eks-blue/outputs.tf (100%) rename {examples => patterns}/blue-green-upgrade/eks-blue/providers.tf (100%) rename {examples => patterns}/blue-green-upgrade/eks-blue/variables.tf (100%) rename {examples => patterns}/blue-green-upgrade/eks-green/README.md (100%) rename {examples => patterns}/blue-green-upgrade/eks-green/main.tf (100%) rename {examples => patterns}/blue-green-upgrade/eks-green/outputs.tf (100%) rename {examples => patterns}/blue-green-upgrade/eks-green/providers.tf (100%) rename {examples => patterns}/blue-green-upgrade/eks-green/variables.tf (100%) rename {examples => patterns}/blue-green-upgrade/environment/README.md (100%) rename {examples => patterns}/blue-green-upgrade/environment/main.tf (100%) rename {examples => patterns}/blue-green-upgrade/environment/outputs.tf (100%) rename {examples => patterns}/blue-green-upgrade/environment/variables.tf (100%) rename {examples => patterns}/blue-green-upgrade/environment/versions.tf (100%) rename {examples => patterns}/blue-green-upgrade/modules/eks_cluster/README.md (100%) rename {examples => patterns}/blue-green-upgrade/modules/eks_cluster/main.tf (100%) rename {examples => patterns}/blue-green-upgrade/modules/eks_cluster/outputs.tf (100%) rename {examples => patterns}/blue-green-upgrade/modules/eks_cluster/variables.tf (100%) rename {examples => patterns}/blue-green-upgrade/modules/eks_cluster/versions.tf (100%) rename {examples => patterns}/blue-green-upgrade/static/archi-blue-green.png (100%) rename {examples => patterns}/blue-green-upgrade/static/archi-blue.png (100%) rename {examples => patterns}/blue-green-upgrade/static/archi-green.png (100%) rename {examples => patterns}/blue-green-upgrade/static/burnham-records.png (100%) rename {examples => patterns}/blue-green-upgrade/static/burnham-records2.png (100%) rename {examples => patterns}/blue-green-upgrade/static/burnham-records3.png (100%) rename {examples => patterns}/blue-green-upgrade/static/eks-argo.png (100%) rename {examples => patterns}/blue-green-upgrade/static/github-ssh-secret.png (100%) rename {examples => patterns}/blue-green-upgrade/tear-down.sh (100%) rename {examples => patterns}/blue-green-upgrade/terraform.tfvars.example (100%) rename {examples => patterns}/elastic-fabric-adapter/README.md (100%) rename {examples => patterns}/elastic-fabric-adapter/main.tf (100%) rename {examples => patterns}/elastic-fabric-adapter/outputs.tf (100%) rename {examples => patterns}/elastic-fabric-adapter/variables.tf (100%) rename {examples => patterns}/elastic-fabric-adapter/versions.tf (100%) rename {examples => patterns}/external-secrets/README.md (98%) rename {examples => patterns}/external-secrets/main.tf (100%) rename {examples => patterns}/external-secrets/outputs.tf (100%) rename {examples => patterns}/external-secrets/variables.tf (100%) rename {examples => patterns}/external-secrets/versions.tf (100%) rename {examples => patterns}/fargate-serverless/README.md (100%) rename {examples => patterns}/fargate-serverless/main.tf (100%) rename {examples => patterns}/fargate-serverless/outputs.tf (100%) rename {examples => patterns}/fargate-serverless/variables.tf (100%) rename {examples => patterns}/fargate-serverless/versions.tf (100%) rename {examples => patterns}/fully-private-cluster/README.md (98%) rename {examples => patterns}/fully-private-cluster/main.tf (100%) rename {examples => patterns}/fully-private-cluster/outputs.tf (100%) rename {examples => patterns}/fully-private-cluster/variables.tf (100%) rename {examples => patterns}/fully-private-cluster/versions.tf (100%) rename {examples => patterns}/ipv6-eks-cluster/README.md (100%) rename {examples => patterns}/ipv6-eks-cluster/main.tf (100%) rename {examples/ipv4-prefix-delegation => patterns/ipv6-eks-cluster}/outputs.tf (100%) rename {examples/ipv4-prefix-delegation => patterns/ipv6-eks-cluster}/variables.tf (100%) rename {examples => patterns}/ipv6-eks-cluster/versions.tf (100%) rename {examples => patterns}/istio-multi-cluster/0.certs-tool/.gitignore (100%) rename {examples => patterns}/istio-multi-cluster/0.certs-tool/Makefile.k8s.mk (100%) rename {examples => patterns}/istio-multi-cluster/0.certs-tool/Makefile.selfsigned.mk (100%) rename {examples => patterns}/istio-multi-cluster/0.certs-tool/README.md (100%) rename {examples => patterns}/istio-multi-cluster/0.certs-tool/common.mk (100%) rename {examples => patterns}/istio-multi-cluster/0.certs-tool/create-certs.sh (100%) rename {examples => patterns}/istio-multi-cluster/0.vpc/main.tf (100%) rename {examples => patterns}/istio-multi-cluster/0.vpc/outputs.tf (100%) rename {examples/ipv6-eks-cluster => patterns/istio-multi-cluster/0.vpc}/variables.tf (100%) rename {examples => patterns}/istio-multi-cluster/0.vpc/versions.tf (100%) rename {examples => patterns}/istio-multi-cluster/1.cluster1/README.md (100%) rename {examples => patterns}/istio-multi-cluster/1.cluster1/main.tf (100%) rename {examples => patterns}/istio-multi-cluster/1.cluster1/outputs.tf (100%) rename {examples => patterns}/istio-multi-cluster/1.cluster1/variables.tf (100%) rename {examples => patterns}/istio-multi-cluster/1.cluster1/versions.tf (100%) rename {examples => patterns}/istio-multi-cluster/2.cluster2/README.md (100%) rename {examples => patterns}/istio-multi-cluster/2.cluster2/main.tf (100%) rename {examples => patterns}/istio-multi-cluster/2.cluster2/outputs.tf (100%) rename {examples => patterns}/istio-multi-cluster/2.cluster2/variables.tf (100%) rename {examples => patterns}/istio-multi-cluster/2.cluster2/versions.tf (100%) rename {examples => patterns}/istio-multi-cluster/3.istio-multi-primary/istio-remote-secret.tftpl (100%) rename {examples => patterns}/istio-multi-cluster/3.istio-multi-primary/main.tf (100%) rename {examples => patterns}/istio-multi-cluster/3.istio-multi-primary/outputs.tf (100%) rename {examples/istio-multi-cluster/0.vpc => patterns/istio-multi-cluster/3.istio-multi-primary}/variables.tf (100%) rename {examples => patterns}/istio-multi-cluster/3.istio-multi-primary/versions.tf (100%) rename {examples => patterns}/istio-multi-cluster/4.test-connectivity/istio-helloworld.yaml (100%) rename {examples => patterns}/istio-multi-cluster/4.test-connectivity/istio-sleep.yaml (100%) rename {examples => patterns}/istio-multi-cluster/4.test-connectivity/test_connectivity.sh (100%) rename {examples => patterns}/istio-multi-cluster/README.md (100%) rename {examples => patterns}/istio/README.md (100%) rename {examples => patterns}/istio/main.tf (100%) rename {examples/ipv6-eks-cluster => patterns/istio}/outputs.tf (100%) rename {examples/istio-multi-cluster/3.istio-multi-primary => patterns/istio}/variables.tf (100%) rename {examples => patterns}/istio/versions.tf (100%) rename {examples => patterns}/karpenter/README.md (100%) rename {examples => patterns}/karpenter/main.tf (100%) rename {examples/istio => patterns/karpenter}/outputs.tf (100%) rename {examples/istio => patterns/karpenter}/variables.tf (100%) rename {examples => patterns}/karpenter/versions.tf (100%) rename {examples => patterns}/multi-tenancy-with-teams/README.md (100%) rename {examples => patterns}/multi-tenancy-with-teams/main.tf (100%) rename {examples => patterns}/multi-tenancy-with-teams/outputs.tf (100%) rename {examples/karpenter => patterns/multi-tenancy-with-teams}/variables.tf (100%) rename {examples => patterns}/multi-tenancy-with-teams/versions.tf (100%) rename {examples => patterns}/private-public-ingress/README.md (100%) rename {examples => patterns}/private-public-ingress/main.tf (100%) rename {examples => patterns}/private-public-ingress/outputs.tf (100%) rename {examples/multi-tenancy-with-teams => patterns/private-public-ingress}/variables.tf (100%) rename {examples => patterns}/private-public-ingress/versions.tf (100%) rename {examples => patterns}/privatelink-access/README.md (100%) rename {examples => patterns}/privatelink-access/client.tf (100%) rename {examples => patterns}/privatelink-access/eks.tf (100%) rename {examples => patterns}/privatelink-access/lambdas/create_eni.py (100%) rename {examples => patterns}/privatelink-access/lambdas/delete_eni.py (100%) rename {examples => patterns}/privatelink-access/main.tf (100%) rename {examples => patterns}/privatelink-access/outputs.tf (100%) rename {examples => patterns}/privatelink-access/privatelink.tf (100%) rename {examples/private-public-ingress => patterns/privatelink-access}/variables.tf (100%) rename {examples => patterns}/privatelink-access/versions.tf (100%) rename {examples => patterns}/single-sign-on/README.md (98%) rename {examples => patterns}/single-sign-on/iam-identity-center/README.md (100%) rename {examples => patterns}/single-sign-on/iam-identity-center/main.tf (100%) rename {examples => patterns}/single-sign-on/iam-identity-center/outputs.tf (100%) rename {examples => patterns}/single-sign-on/iam-identity-center/sso.tf (100%) rename {examples => patterns}/single-sign-on/iam-identity-center/teams.tf (100%) rename {examples => patterns}/single-sign-on/iam-identity-center/variables.tf (100%) rename {examples => patterns}/single-sign-on/iam-identity-center/versions.tf (100%) rename {examples => patterns}/single-sign-on/okta/README.md (100%) rename {examples => patterns}/single-sign-on/okta/main.tf (100%) rename {examples => patterns}/single-sign-on/okta/okta.tf (100%) rename {examples => patterns}/single-sign-on/okta/outputs.tf (100%) rename {examples => patterns}/single-sign-on/okta/variables.tf (100%) rename {examples => patterns}/single-sign-on/okta/versions.tf (100%) rename {examples => patterns}/stateful/README.md (100%) rename {examples => patterns}/stateful/main.tf (100%) rename {examples => patterns}/stateful/outputs.tf (100%) rename {examples/privatelink-access => patterns/stateful}/variables.tf (100%) rename {examples => patterns}/stateful/versions.tf (100%) rename {examples => patterns}/tls-with-aws-pca-issuer/README.md (100%) rename {examples => patterns}/tls-with-aws-pca-issuer/main.tf (100%) rename {examples/karpenter => patterns/tls-with-aws-pca-issuer}/outputs.tf (100%) rename {examples => patterns}/tls-with-aws-pca-issuer/variables.tf (100%) rename {examples => patterns}/tls-with-aws-pca-issuer/versions.tf (100%) rename {examples => patterns}/wireguard-with-cilium/README.md (100%) rename {examples => patterns}/wireguard-with-cilium/main.tf (100%) rename {examples/tls-with-aws-pca-issuer => patterns/wireguard-with-cilium}/outputs.tf (100%) rename {examples => patterns}/wireguard-with-cilium/variables.tf (100%) rename {examples => patterns}/wireguard-with-cilium/versions.tf (100%) diff --git a/.github/scripts/plan-examples.py b/.github/scripts/plan-examples.py index c854baa187..2be720a15b 100644 --- a/.github/scripts/plan-examples.py +++ b/.github/scripts/plan-examples.py @@ -19,7 +19,7 @@ def get_examples(): projects = { x.replace('/versions.tf', '') - for x in glob.glob('examples/**/versions.tf', recursive=True) + for x in glob.glob('patterns/**/versions.tf', recursive=True) if not re.match(r'^.+/_', x) } diff --git a/.github/workflows/e2e-parallel-destroy.yml b/.github/workflows/e2e-parallel-destroy.yml index 6d487c1219..60b4fcd28f 100644 --- a/.github/workflows/e2e-parallel-destroy.yml +++ b/.github/workflows/e2e-parallel-destroy.yml @@ -26,15 +26,13 @@ jobs: fail-fast: false matrix: include: - - example_path: examples/agones-game-controller - - example_path: examples/fargate-serverless - - example_path: examples/argocd - - example_path: examples/ipv4-prefix-delegation - - example_path: examples/ipv6-eks-cluster - - example_path: examples/karpenter - - example_path: examples/multi-tenancy-with-teams - - example_path: examples/stateful - - example_path: examples/vpc-cni-custom-networking + - example_path: patterns/agones-game-controller + - example_path: patterns/fargate-serverless + - example_path: patterns/argocd + - example_path: patterns/ipv6-eks-cluster + - example_path: patterns/karpenter + - example_path: patterns/multi-tenancy-with-teams + - example_path: patterns/stateful steps: - name: Harden Runner diff --git a/.github/workflows/e2e-parallel-full.yml b/.github/workflows/e2e-parallel-full.yml index 9690914ac5..2f12eec5fb 100644 --- a/.github/workflows/e2e-parallel-full.yml +++ b/.github/workflows/e2e-parallel-full.yml @@ -60,15 +60,13 @@ jobs: fail-fast: false matrix: include: - - example_path: examples/agones-game-controller - - example_path: examples/fargate-serverless - - example_path: examples/argocd - - example_path: examples/ipv4-prefix-delegation - - example_path: examples/ipv6-eks-cluster - - example_path: examples/karpenter - - example_path: examples/multi-tenancy-with-teams - - example_path: examples/stateful - - example_path: examples/vpc-cni-custom-networking + - example_path: patterns/agones-game-controller + - example_path: patterns/fargate-serverless + - example_path: patterns/argocd + - example_path: patterns/ipv6-eks-cluster + - example_path: patterns/karpenter + - example_path: patterns/multi-tenancy-with-teams + - example_path: patterns/stateful steps: - name: Harden Runner uses: step-security/harden-runner@v2 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d70deb53a1..b372180750 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,7 +10,7 @@ repos: - id: detect-aws-credentials args: ['--allow-missing-credentials'] - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.83.0 + rev: v1.83.2 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/docs/.pages b/docs/.pages index 87efb22ef8..128644bae9 100644 --- a/docs/.pages +++ b/docs/.pages @@ -1,7 +1,7 @@ nav: - Overview: index.md - Getting Started: getting-started.md - - Blueprints: blueprints - - IAM: iam + - Patterns: patterns + - Snippets: snippets - v4 to v5 Migration: v4-to-v5 - FAQ: faq.md diff --git a/docs/blueprints/agones-game-controller.md b/docs/blueprints/agones-game-controller.md deleted file mode 100644 index f1df1041e1..0000000000 --- a/docs/blueprints/agones-game-controller.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Agones Game Controller ---- - -{% - include-markdown "../../examples/agones-game-controller/README.md" -%} diff --git a/docs/blueprints/appmesh-mtls.md b/docs/blueprints/appmesh-mtls.md deleted file mode 100644 index ee9400a3ad..0000000000 --- a/docs/blueprints/appmesh-mtls.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: AWS AppMesh mTLS ---- - -{% - include-markdown "../../examples/appmesh-mtls/README.md" -%} diff --git a/docs/blueprints/argocd.md b/docs/blueprints/argocd.md deleted file mode 100644 index b91434e55c..0000000000 --- a/docs/blueprints/argocd.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: ArgoCD ---- - -{% - include-markdown "../../examples/argocd/README.md" -%} diff --git a/docs/blueprints/blue-green-upgrade.md b/docs/blueprints/blue-green-upgrade.md deleted file mode 100644 index 9c79037e66..0000000000 --- a/docs/blueprints/blue-green-upgrade.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Blue/Green Migration ---- - -{% - include-markdown "../../examples/blue-green-upgrade/README.md" -%} diff --git a/docs/blueprints/elastic-fabric-adapter.md b/docs/blueprints/elastic-fabric-adapter.md deleted file mode 100644 index 2f2aba96aa..0000000000 --- a/docs/blueprints/elastic-fabric-adapter.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Elastic Fabric Adapter ---- - -{% - include-markdown "../../examples/elastic-fabric-adapter/README.md" -%} diff --git a/docs/blueprints/external-secrets.md b/docs/blueprints/external-secrets.md deleted file mode 100644 index ff7ee31c5b..0000000000 --- a/docs/blueprints/external-secrets.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: External Secrets ---- - -{% - include-markdown "../../examples/external-secrets/README.md" -%} diff --git a/docs/blueprints/fargate-serverless.md b/docs/blueprints/fargate-serverless.md deleted file mode 100644 index fe97d2784f..0000000000 --- a/docs/blueprints/fargate-serverless.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Fargate Serverless ---- - -{% - include-markdown "../../examples/fargate-serverless/README.md" -%} diff --git a/docs/blueprints/fully-private-cluster.md b/docs/blueprints/fully-private-cluster.md deleted file mode 100644 index 8133b74cad..0000000000 --- a/docs/blueprints/fully-private-cluster.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Fully Private Cluster ---- - -{% - include-markdown "../../examples/fully-private-cluster/README.md" -%} diff --git a/docs/blueprints/iam-identity-center-single-sign-on.md b/docs/blueprints/iam-identity-center-single-sign-on.md deleted file mode 100644 index f4f1c6853d..0000000000 --- a/docs/blueprints/iam-identity-center-single-sign-on.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Okta Single Sign-On ---- - -{% - include-markdown "../../examples/single-sign-on/iam-identity-center/README.md" -%} diff --git a/docs/blueprints/ipv4-prefix-delegation.md b/docs/blueprints/ipv4-prefix-delegation.md deleted file mode 100644 index 463d041fca..0000000000 --- a/docs/blueprints/ipv4-prefix-delegation.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: IPv4 Prefix Delegation ---- - -{% - include-markdown "../../examples/ipv4-prefix-delegation/README.md" -%} diff --git a/docs/blueprints/ipv6-eks-cluster.md b/docs/blueprints/ipv6-eks-cluster.md deleted file mode 100644 index 2befa8b970..0000000000 --- a/docs/blueprints/ipv6-eks-cluster.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: IPv6 Networking ---- - -{% - include-markdown "../../examples/ipv6-eks-cluster/README.md" -%} diff --git a/docs/blueprints/istio-multi-cluster.md b/docs/blueprints/istio-multi-cluster.md deleted file mode 100644 index 70d87ac9e5..0000000000 --- a/docs/blueprints/istio-multi-cluster.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Istio - Multi-Cluster ---- - -{% - include-markdown "../../examples/istio-multi-cluster/README.md" -%} diff --git a/docs/blueprints/istio.md b/docs/blueprints/istio.md deleted file mode 100644 index c4473f99eb..0000000000 --- a/docs/blueprints/istio.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Istio ---- - -{% - include-markdown "../../examples/istio/README.md" -%} diff --git a/docs/blueprints/karpenter.md b/docs/blueprints/karpenter.md deleted file mode 100644 index 85288dd56d..0000000000 --- a/docs/blueprints/karpenter.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Karpenter ---- - -{% - include-markdown "../../examples/karpenter/README.md" -%} diff --git a/docs/blueprints/multi-tenancy-with-teams.md b/docs/blueprints/multi-tenancy-with-teams.md deleted file mode 100644 index 329558c272..0000000000 --- a/docs/blueprints/multi-tenancy-with-teams.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Multi-Tenancy w/ Teams ---- - -{% - include-markdown "../../examples/multi-tenancy-with-teams/README.md" -%} diff --git a/docs/blueprints/okta-single-sign-on.md b/docs/blueprints/okta-single-sign-on.md deleted file mode 100644 index 657f485fd8..0000000000 --- a/docs/blueprints/okta-single-sign-on.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Okta Single Sign-On ---- - -{% - include-markdown "../../examples/single-sign-on/okta/README.md" -%} diff --git a/docs/blueprints/private-public-ingress.md b/docs/blueprints/private-public-ingress.md deleted file mode 100644 index 8be73f5149..0000000000 --- a/docs/blueprints/private-public-ingress.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Private and Public Ingress ---- - -{% - include-markdown "../../examples/private-public-ingress/README.md" -%} diff --git a/docs/blueprints/privatelink-access.md b/docs/blueprints/privatelink-access.md deleted file mode 100644 index a58bc3f5c9..0000000000 --- a/docs/blueprints/privatelink-access.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: PrivateLink Access ---- - -{% - include-markdown "../../examples/privatelink-access/README.md" -%} diff --git a/docs/blueprints/stateful.md b/docs/blueprints/stateful.md deleted file mode 100644 index ec7ab17e48..0000000000 --- a/docs/blueprints/stateful.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Stateful ---- - -{% - include-markdown "../../examples/stateful/README.md" -%} diff --git a/docs/blueprints/tls-with-aws-pca-issuer.md b/docs/blueprints/tls-with-aws-pca-issuer.md deleted file mode 100644 index 8335529c4c..0000000000 --- a/docs/blueprints/tls-with-aws-pca-issuer.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: TLS w/ AWS PCA Issuer ---- - -{% - include-markdown "../../examples/tls-with-aws-pca-issuer/README.md" -%} diff --git a/docs/blueprints/vpc-cni-custom-networking.md b/docs/blueprints/vpc-cni-custom-networking.md deleted file mode 100644 index 80b9725a31..0000000000 --- a/docs/blueprints/vpc-cni-custom-networking.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: VPC CNI Custom Networking ---- - -{% - include-markdown "../../examples/vpc-cni-custom-networking/README.md" -%} diff --git a/docs/blueprints/wireguard-with-cilium.md b/docs/blueprints/wireguard-with-cilium.md deleted file mode 100644 index 733fd4f9e2..0000000000 --- a/docs/blueprints/wireguard-with-cilium.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -title: Wireguard /w Cilium ---- - -{% - include-markdown "../../examples/wireguard-with-cilium/README.md" -%} diff --git a/docs/getting-started.md b/docs/getting-started.md index abe0e68db3..5a3153f550 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -12,7 +12,7 @@ First, ensure that you have installed the following tools locally. ## Examples -Select an example from the [`examples/`](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples) directory and follow the instructions in its respective README.md file. The deployment steps for examples generally follow the deploy, validate, and clean-up steps shown below. +Select an example from the [`patterns/`](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/patterns) directory and follow the instructions in its respective README.md file. The deployment steps for examples generally follow the deploy, validate, and clean-up steps shown below. ### Deploy diff --git a/docs/iam/min-iam-policy.json b/docs/iam/min-iam-policy.json deleted file mode 100644 index 6695ba9009..0000000000 --- a/docs/iam/min-iam-policy.json +++ /dev/null @@ -1,206 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "aps:CreateAlertManagerDefinition", - "aps:CreateWorkspace", - "aps:DeleteAlertManagerDefinition", - "aps:DeleteWorkspace", - "aps:DescribeAlertManagerDefinition", - "aps:DescribeWorkspace", - "aps:ListTagsForResource", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:CreateOrUpdateTags", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:DeleteLifecycleHook", - "autoscaling:DeleteTags", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLifecycleHooks", - "autoscaling:DescribeTags", - "autoscaling:PutLifecycleHook", - "autoscaling:SetInstanceProtection", - "autoscaling:UpdateAutoScalingGroup", - "ec2:AllocateAddress", - "ec2:AssociateRouteTable", - "ec2:AttachInternetGateway", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateEgressOnlyInternetGateway", - "ec2:CreateInternetGateway", - "ec2:CreateLaunchTemplate", - "ec2:CreateNatGateway", - "ec2:CreateNetworkAclEntry", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateTags", - "ec2:CreateVpc", - "ec2:DeleteEgressOnlyInternetGateway", - "ec2:DeleteInternetGateway", - "ec2:DeleteLaunchTemplate", - "ec2:DeleteNatGateway", - "ec2:DeleteNetworkAclEntry", - "ec2:DeleteRoute", - "ec2:DeleteRouteTable", - "ec2:DeleteSecurityGroup", - "ec2:DeleteSubnet", - "ec2:DeleteTags", - "ec2:DeleteVpc", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeEgressOnlyInternetGateways", - "ec2:DescribeImages", - "ec2:DescribeInternetGateways", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeVpcClassicLinkDnsSupport", - "ec2:DescribeVpcs", - "ec2:DetachInternetGateway", - "ec2:DisassociateRouteTable", - "ec2:ModifySubnetAttribute", - "ec2:ModifyVpcAttribute", - "ec2:ReleaseAddress", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "eks:CreateAddon", - "eks:CreateCluster", - "eks:CreateFargateProfile", - "eks:CreateNodegroup", - "eks:DeleteAddon", - "eks:DeleteCluster", - "eks:DeleteFargateProfile", - "eks:DeleteNodegroup", - "eks:DescribeAddon", - "eks:DescribeAddonVersions", - "eks:DescribeCluster", - "eks:DescribeFargateProfile", - "eks:DescribeNodegroup", - "eks:TagResource", - "elasticfilesystem:CreateFileSystem", - "elasticfilesystem:CreateMountTarget", - "elasticfilesystem:DeleteFileSystem", - "elasticfilesystem:DeleteMountTarget", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeLifecycleConfiguration", - "elasticfilesystem:DescribeMountTargetSecurityGroups", - "elasticfilesystem:DescribeMountTargets", - "emr-containers:CreateVirtualCluster", - "emr-containers:DeleteVirtualCluster", - "emr-containers:DescribeVirtualCluster", - "events:DeleteRule", - "events:DescribeRule", - "events:ListTagsForResource", - "events:ListTargetsByRule", - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets", - "iam:AddRoleToInstanceProfile", - "iam:AttachRolePolicy", - "iam:CreateInstanceProfile", - "iam:CreateOpenIDConnectProvider", - "iam:CreatePolicy", - "iam:CreateRole", - "iam:CreateServiceLinkedRole", - "iam:DeleteInstanceProfile", - "iam:DeleteOpenIDConnectProvider", - "iam:DeletePolicy", - "iam:DeleteRole", - "iam:DetachRolePolicy", - "iam:GetInstanceProfile", - "iam:GetOpenIDConnectProvider", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRole", - "iam:ListAttachedRolePolicies", - "iam:ListInstanceProfilesForRole", - "iam:ListPolicyVersions", - "iam:ListRolePolicies", - "iam:PassRole", - "iam:RemoveRoleFromInstanceProfile", - "iam:TagOpenIDConnectProvider", - "iam:TagInstanceProfile", - "iam:TagPolicy", - "iam:TagRole", - "iam:UpdateAssumeRolePolicy", - "kms:CreateAlias", - "kms:CreateKey", - "kms:DeleteAlias", - "kms:DescribeKey", - "kms:EnableKeyRotation", - "kms:GetKeyPolicy", - "kms:GetKeyRotationStatus", - "kms:ListAliases", - "kms:ListResourceTags", - "kms:PutKeyPolicy", - "kms:ScheduleKeyDeletion", - "kms:TagResource", - "logs:CreateLogGroup", - "logs:DeleteLogGroup", - "logs:DescribeLogGroups", - "logs:ListTagsLogGroup", - "logs:PutRetentionPolicy", - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:DeleteBucketOwnershipControls", - "s3:DeleteBucketPolicy", - "s3:DeleteObject", - "s3:GetAccelerateConfiguration", - "s3:GetBucketAcl", - "s3:GetBucketCORS", - "s3:GetBucketLogging", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketOwnershipControls", - "s3:GetBucketPolicy", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketRequestPayment", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetObject", - "s3:GetObjectTagging", - "s3:GetObjectVersion", - "s3:GetReplicationConfiguration", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:PutBucketAcl", - "s3:PutBucketOwnershipControls", - "s3:PutBucketPolicy", - "s3:PutBucketPublicAccessBlock", - "s3:PutBucketTagging", - "s3:PutBucketVersioning", - "s3:PutEncryptionConfiguration", - "s3:PutObject", - "secretsmanager:CreateSecret", - "secretsmanager:DeleteSecret", - "secretsmanager:DescribeSecret", - "secretsmanager:GetResourcePolicy", - "secretsmanager:GetSecretValue", - "secretsmanager:PutSecretValue", - "sqs:CreateQueue", - "sqs:DeleteQueue", - "sqs:GetQueueAttributes", - "sqs:ListQueueTags", - "sqs:SetQueueAttributes", - "sqs:TagQueue", - "sts:GetCallerIdentity" - ], - "Resource": "*" - } - ] -} diff --git a/docs/iam/minimum-iam-policy.md b/docs/iam/minimum-iam-policy.md deleted file mode 100644 index d793007531..0000000000 --- a/docs/iam/minimum-iam-policy.md +++ /dev/null @@ -1,16 +0,0 @@ -# Minimum IAM policy - -This document describes the minimum IAM policy required to run [core examples](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/.github/workflows/e2e-parallel-full.yml#L30-L47) that we run in our [E2E workflow](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/.github/workflows/e2e-parallel-full.yml) , mainly focused on the list of IAM actions. - -> **Note**: The policy resource is set as `*` to allow all resources, this is not a recommended practice. - -~~~yaml -{% include "min-iam-policy.json" %} -~~~ - -## How this policy was generated? - -For each example we run in the E2E workflow, we run [iamlive](https://github.com/iann0036/iamlive) in the background in CSM mode to help generate the policy. -After generating the policy for each example, we merge the generated policies into a single policy shown above. - -To learn more about the implementation you can review the [GitHub workflow itself](https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/.github/workflows/e2e-parallel-full.yml) diff --git a/docs/patterns/agones-game-controller.md b/docs/patterns/agones-game-controller.md new file mode 100644 index 0000000000..0a1188327f --- /dev/null +++ b/docs/patterns/agones-game-controller.md @@ -0,0 +1,7 @@ +--- +title: Agones Game Controller +--- + +{% + include-markdown "../../patterns/agones-game-controller/README.md" +%} diff --git a/docs/patterns/appmesh-mtls.md b/docs/patterns/appmesh-mtls.md new file mode 100644 index 0000000000..33197e976b --- /dev/null +++ b/docs/patterns/appmesh-mtls.md @@ -0,0 +1,7 @@ +--- +title: AWS AppMesh mTLS +--- + +{% + include-markdown "../../patterns/appmesh-mtls/README.md" +%} diff --git a/docs/patterns/argocd.md b/docs/patterns/argocd.md new file mode 100644 index 0000000000..d9fd12c2e7 --- /dev/null +++ b/docs/patterns/argocd.md @@ -0,0 +1,7 @@ +--- +title: ArgoCD +--- + +{% + include-markdown "../../patterns/argocd/README.md" +%} diff --git a/docs/patterns/blue-green-upgrade.md b/docs/patterns/blue-green-upgrade.md new file mode 100644 index 0000000000..3eaba3a994 --- /dev/null +++ b/docs/patterns/blue-green-upgrade.md @@ -0,0 +1,7 @@ +--- +title: Blue/Green Upgrade +--- + +{% + include-markdown "../../patterns/blue-green-upgrade/README.md" +%} diff --git a/docs/patterns/elastic-fabric-adapter.md b/docs/patterns/elastic-fabric-adapter.md new file mode 100644 index 0000000000..8ec1744464 --- /dev/null +++ b/docs/patterns/elastic-fabric-adapter.md @@ -0,0 +1,7 @@ +--- +title: Elastic Fabric Adapter +--- + +{% + include-markdown "../../patterns/elastic-fabric-adapter/README.md" +%} diff --git a/docs/patterns/external-secrets.md b/docs/patterns/external-secrets.md new file mode 100644 index 0000000000..ef3d4e2151 --- /dev/null +++ b/docs/patterns/external-secrets.md @@ -0,0 +1,7 @@ +--- +title: External Secrets +--- + +{% + include-markdown "../../patterns/external-secrets/README.md" +%} diff --git a/docs/patterns/fargate-serverless.md b/docs/patterns/fargate-serverless.md new file mode 100644 index 0000000000..cf617635c3 --- /dev/null +++ b/docs/patterns/fargate-serverless.md @@ -0,0 +1,7 @@ +--- +title: Fargate Serverless +--- + +{% + include-markdown "../../patterns/fargate-serverless/README.md" +%} diff --git a/docs/patterns/fully-private-cluster.md b/docs/patterns/fully-private-cluster.md new file mode 100644 index 0000000000..59eadb280b --- /dev/null +++ b/docs/patterns/fully-private-cluster.md @@ -0,0 +1,7 @@ +--- +title: Fully Private Cluster +--- + +{% + include-markdown "../../patterns/fully-private-cluster/README.md" +%} diff --git a/docs/patterns/ipv6-eks-cluster.md b/docs/patterns/ipv6-eks-cluster.md new file mode 100644 index 0000000000..a60e7c38f7 --- /dev/null +++ b/docs/patterns/ipv6-eks-cluster.md @@ -0,0 +1,7 @@ +--- +title: IPv6 Networking +--- + +{% + include-markdown "../../patterns/ipv6-eks-cluster/README.md" +%} diff --git a/docs/patterns/istio-multi-cluster.md b/docs/patterns/istio-multi-cluster.md new file mode 100644 index 0000000000..edf5f16af7 --- /dev/null +++ b/docs/patterns/istio-multi-cluster.md @@ -0,0 +1,7 @@ +--- +title: Istio - Multi-Cluster +--- + +{% + include-markdown "../../patterns/istio-multi-cluster/README.md" +%} diff --git a/docs/patterns/istio.md b/docs/patterns/istio.md new file mode 100644 index 0000000000..9c6170f842 --- /dev/null +++ b/docs/patterns/istio.md @@ -0,0 +1,7 @@ +--- +title: Istio +--- + +{% + include-markdown "../../patterns/istio/README.md" +%} diff --git a/docs/patterns/karpenter.md b/docs/patterns/karpenter.md new file mode 100644 index 0000000000..fe784dece3 --- /dev/null +++ b/docs/patterns/karpenter.md @@ -0,0 +1,7 @@ +--- +title: Karpenter +--- + +{% + include-markdown "../../patterns/karpenter/README.md" +%} diff --git a/docs/patterns/multi-tenancy-with-teams.md b/docs/patterns/multi-tenancy-with-teams.md new file mode 100644 index 0000000000..218c16fb92 --- /dev/null +++ b/docs/patterns/multi-tenancy-with-teams.md @@ -0,0 +1,7 @@ +--- +title: Multi-Tenancy w/ Teams +--- + +{% + include-markdown "../../patterns/multi-tenancy-with-teams/README.md" +%} diff --git a/docs/patterns/private-public-ingress.md b/docs/patterns/private-public-ingress.md new file mode 100644 index 0000000000..f5cc654f1d --- /dev/null +++ b/docs/patterns/private-public-ingress.md @@ -0,0 +1,7 @@ +--- +title: Private and Public Ingress +--- + +{% + include-markdown "../../patterns/private-public-ingress/README.md" +%} diff --git a/docs/patterns/privatelink-access.md b/docs/patterns/privatelink-access.md new file mode 100644 index 0000000000..ee705001c4 --- /dev/null +++ b/docs/patterns/privatelink-access.md @@ -0,0 +1,7 @@ +--- +title: PrivateLink Access +--- + +{% + include-markdown "../../patterns/privatelink-access/README.md" +%} diff --git a/docs/patterns/sso-iam-identity-center.md b/docs/patterns/sso-iam-identity-center.md new file mode 100644 index 0000000000..b3e88faa61 --- /dev/null +++ b/docs/patterns/sso-iam-identity-center.md @@ -0,0 +1,7 @@ +--- +title: SSO - IAM Identity Center +--- + +{% + include-markdown "../../patterns/single-sign-on/iam-identity-center/README.md" +%} diff --git a/docs/patterns/sso-okta.md b/docs/patterns/sso-okta.md new file mode 100644 index 0000000000..af72536475 --- /dev/null +++ b/docs/patterns/sso-okta.md @@ -0,0 +1,7 @@ +--- +title: SSO - Okta +--- + +{% + include-markdown "../../patterns/single-sign-on/okta/README.md" +%} diff --git a/docs/patterns/stateful.md b/docs/patterns/stateful.md new file mode 100644 index 0000000000..48f6cb07f9 --- /dev/null +++ b/docs/patterns/stateful.md @@ -0,0 +1,7 @@ +--- +title: Stateful +--- + +{% + include-markdown "../../patterns/stateful/README.md" +%} diff --git a/docs/patterns/tls-with-aws-pca-issuer.md b/docs/patterns/tls-with-aws-pca-issuer.md new file mode 100644 index 0000000000..2a345ef96f --- /dev/null +++ b/docs/patterns/tls-with-aws-pca-issuer.md @@ -0,0 +1,7 @@ +--- +title: TLS w/ AWS PCA Issuer +--- + +{% + include-markdown "../../patterns/tls-with-aws-pca-issuer/README.md" +%} diff --git a/docs/patterns/wireguard-with-cilium.md b/docs/patterns/wireguard-with-cilium.md new file mode 100644 index 0000000000..e7eb318480 --- /dev/null +++ b/docs/patterns/wireguard-with-cilium.md @@ -0,0 +1,7 @@ +--- +title: Wireguard /w Cilium +--- + +{% + include-markdown "../../patterns/wireguard-with-cilium/README.md" +%} diff --git a/docs/snippets/ipv4-prefix-delegation.md b/docs/snippets/ipv4-prefix-delegation.md new file mode 100644 index 0000000000..e1bc66e391 --- /dev/null +++ b/docs/snippets/ipv4-prefix-delegation.md @@ -0,0 +1,53 @@ +--- +title: IPv4 Prefix Delegation +--- + +The configuration snippet below shows how to enable prefix delegation to increase the number of available IP addresses on the provisioned EC2 nodes. + +- [Documentation](https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html) +- [Blog post](https://aws.amazon.com/blogs/containers/amazon-vpc-cni-increases-pods-per-node-limits/) + +## VPC CNI Configuration + +In this example, the `vpc-cni` addon is configured using `before_compute = true`. This is done to ensure the `vpc-cni` is created and updated *before* any EC2 instances are created so that the desired settings have applied before they will be referenced. With this configuration, you will now see that nodes created will have `--max-pods 110` configured do to the use of prefix delegation being enabled on the `vpc-cni`. + +If you find that your nodes are not being created with the correct number of max pods (i.e. - for `m5.large`, if you are seeing a max pods of 29 instead of 110), most likely the `vpc-cni` was not configured *before* the EC2 instances. + +```json +module "eks" { + source = "terraform-aws-modules/eks/aws" + + # Truncated for brevity + ... + + cluster_addons = { + vpc-cni = { + before_compute = true + most_recent = true # To ensure access to the latest settings provided + configuration_values = jsonencode({ + env = { + ENABLE_PREFIX_DELEGATION = "true" + WARM_PREFIX_TARGET = "1" + } + }) + } + } + + ... +} +``` + +When enabled, inspect one of the `aws-node-*` (AWS VPC CNI) pods to ensure prefix delegation is enabled and warm prefix target is 1: + +```sh +kubectl describe ds -n kube-system aws-node | grep ENABLE_PREFIX_DELEGATION: -A 3 +``` + +Output should look similar to below (truncated for brevity): + +```yaml + ENABLE_PREFIX_DELEGATION: true # <- this should be set to true + WARM_ENI_TARGET: 1 + WARM_PREFIX_TARGET: 1 # <- this should be set to 1 + ... +``` diff --git a/docs/snippets/vpc-cni-custom-networking.md b/docs/snippets/vpc-cni-custom-networking.md new file mode 100644 index 0000000000..5389cb0a96 --- /dev/null +++ b/docs/snippets/vpc-cni-custom-networking.md @@ -0,0 +1,105 @@ +--- +title: VPC CNI Custom Networking +--- + +Custom networking addresses the IP exhaustion issue by assigning the node and Pod IPs from secondary VPC address spaces (CIDR). Custom networking support supports ENIConfig custom resource. The ENIConfig includes an alternate subnet CIDR range (carved from a secondary VPC CIDR), along with the security group(s) that the Pods will belong to. When custom networking is enabled, the VPC CNI creates secondary ENIs in the subnet defined under ENIConfig. The CNI assigns Pods an IP addresses from a CIDR range defined in a ENIConfig CRD. + +Since the primary ENI is not used by custom networking, the maximum number of Pods you can run on a node is lower. The host network Pods continue to use IP address assigned to the primary ENI. Additionally, the primary ENI is used to handle source network translation and route Pods traffic outside the node. + +- [Documentation](https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html) +- [Best Practices Guide](https://aws.github.io/aws-eks-best-practices/reliability/docs/networkmanagement/#cni-custom-networking) + +## VPC CNI Configuration + +In this example, the `vpc-cni` addon is configured using `before_compute = true`. This is done to ensure the `vpc-cni` is created and updated *before* any EC2 instances are created so that the desired settings have applied before they will be referenced. With this configuration, you will now see that nodes created will have `--max-pods 110` configured do to the use of prefix delegation being enabled on the `vpc-cni`. + +If you find that your nodes are not being created with the correct number of max pods (i.e. - for `m5.large`, if you are seeing a max pods of 29 instead of 110), most likely the `vpc-cni` was not configured *before* the EC2 instances. + +## Components + +To enable VPC CNI custom networking, you must configuring the following components: + +1. Create a VPC with additional CIDR block associations. These additional CIDR blocks will be used to create subnets for the VPC CNI custom networking: + + ```json + module "vpc" { + source = "terraform-aws-modules/vpc/aws" + + # Truncated for brevity + ... + + secondary_cidr_blocks = [local.secondary_vpc_cidr] # can add up to 5 total CIDR blocks + + azs = local.azs + private_subnets = concat( + [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)], + [for k, v in local.azs : cidrsubnet(local.secondary_vpc_cidr, 2, k)] + ) + + ... + } + ``` + +2. Specify the VPC CNI custom networking configuration in the `vpc-cni` addon configuration: + + ```json + module "eks" { + source = "terraform-aws-modules/eks/aws" + + # Truncated for brevity + ... + + cluster_addons = { + vpc-cni = { + before_compute = true + most_recent = true # To ensure access to the latest settings provided + configuration_values = jsonencode({ + env = { + AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG = "true" + ENI_CONFIG_LABEL_DEF = "topology.kubernetes.io/zone" + }) + } + } + + ... + } + ``` + +3. Create the `ENIConfig` custom resource for each subnet that you want to deploy pods into: + + ```json + resource "kubectl_manifest" "eni_config" { + for_each = zipmap(local.azs, slice(module.vpc.private_subnets, 3, 6)) + + yaml_body = yamlencode({ + apiVersion = "crd.k8s.amazonaws.com/v1alpha1" + kind = "ENIConfig" + metadata = { + name = each.key + } + spec = { + securityGroups = [ + module.eks.node_security_group_id, + ] + subnet = each.value + } + }) + } + ``` + +Once those settings have been successfully applied, you can verify if custom networking is enabled correctly by inspecting one of the `aws-node-*` (AWS VPC CNI) pods: + +```sh +kubectl describe pod aws-node-ttg4h -n kube-system + +# Output should look similar below (truncated for brevity) + Environment: + ADDITIONAL_ENI_TAGS: {} + AWS_VPC_CNI_NODE_PORT_SUPPORT: true + AWS_VPC_ENI_MTU: 9001 + AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER: false + AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG: true # <- this should be set to true + AWS_VPC_K8S_CNI_EXTERNALSNAT: false + AWS_VPC_K8S_CNI_LOGLEVEL: DEBUG + ... +``` diff --git a/examples/ipv4-prefix-delegation/README.md b/examples/ipv4-prefix-delegation/README.md deleted file mode 100644 index f847da9a46..0000000000 --- a/examples/ipv4-prefix-delegation/README.md +++ /dev/null @@ -1,110 +0,0 @@ -# Amazon EKS Cluster w/ Prefix Delegation - -This example shows how to provision an EKS cluster with prefix delegation enabled for increasing the number of available IP addresses for the EC2 nodes utilized. - -- [Documentation](https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html) -- [Blog post](https://aws.amazon.com/blogs/containers/amazon-vpc-cni-increases-pods-per-node-limits/) - -## VPC CNI Configuration - -In this example, the `vpc-cni` addon is configured using `before_compute = true`. This is done to ensure the `vpc-cni` is created and updated *before* any EC2 instances are created so that the desired settings have applied before they will be referenced. With this configuration, you will now see that nodes created will have `--max-pods 110` configured do to the use of prefix delegation being enabled on the `vpc-cni`. - -If you find that your nodes are not being created with the correct number of max pods (i.e. - for `m5.large`, if you are seeing a max pods of 29 instead of 110), most likely the `vpc-cni` was not configured *before* the EC2 instances. - -## Prerequisites: - -Ensure that you have the following tools installed locally: - -1. [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) -2. [kubectl](https://Kubernetes.io/docs/tasks/tools/) -3. [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli) - -## Deploy - -To provision this example: - -```sh -terraform init -terraform apply -``` - -Enter `yes` at command prompt to apply - - -## Validate - -The following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the deployment. - -1. Run `update-kubeconfig` command: - -```sh -aws eks --region update-kubeconfig --name -``` - -2. List the nodes running currently - -```sh -kubectl get nodes - -# Output should look like below -NAME STATUS ROLES AGE VERSION -ip-10-0-30-125.us-west-2.compute.internal Ready 2m19s v1.22.9-eks-810597c -``` - -3. Inspect the nodes settings and check for the max allocatable pods - should be 110 in this scenario with m5.xlarge: - -```sh -kubectl describe node - -# Output should look like below (truncated for brevity) - Capacity: - attachable-volumes-aws-ebs: 25 - cpu: 4 - ephemeral-storage: 104845292Ki - hugepages-1Gi: 0 - hugepages-2Mi: 0 - memory: 15919124Ki - pods: 110 # <- this should be 110 and not 58 - Allocatable: - attachable-volumes-aws-ebs: 25 - cpu: 3920m - ephemeral-storage: 95551679124 - hugepages-1Gi: 0 - hugepages-2Mi: 0 - memory: 14902292Ki - pods: 110 # <- this should be 110 and not 58 -``` - -4. List out the pods running currently: - -```sh -kubectl get pods -A - -# Output should look like below -NAMESPACE NAME READY STATUS RESTARTS AGE -kube-system aws-node-77rwz 1/1 Running 0 6m5s -kube-system coredns-657694c6f4-fdz4f 1/1 Running 0 5m12s -kube-system coredns-657694c6f4-kvm92 1/1 Running 0 5m12s -kube-system kube-proxy-plwlc 1/1 Running 0 6m5s -``` - -5. Inspect one of the `aws-node-*` (AWS VPC CNI) pods to ensure prefix delegation is enabled and warm prefix target is 1: - -```sh -kubectl describe ds -n kube-system aws-node | grep ENABLE_PREFIX_DELEGATION: -A 3 - -# Output should look like below (truncated for brevity) - ENABLE_PREFIX_DELEGATION: true # <- this should be set to true - VPC_ID: vpc-0399887df9d0add85 - WARM_ENI_TARGET: 1 # <- this should be set to 1 - WARM_PREFIX_TARGET: 1 - ... -``` - -## Destroy - -To teardown and remove the resources created in this example: - -```sh -terraform destroy -auto-approve -``` diff --git a/examples/ipv4-prefix-delegation/main.tf b/examples/ipv4-prefix-delegation/main.tf deleted file mode 100644 index 3789038877..0000000000 --- a/examples/ipv4-prefix-delegation/main.tf +++ /dev/null @@ -1,121 +0,0 @@ -provider "aws" { - region = local.region -} - -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - -provider "helm" { - kubernetes { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } - } -} - -data "aws_availability_zones" "available" {} - -locals { - name = basename(path.cwd) - region = "us-west-2" - - vpc_cidr = "10.0.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Blueprint = local.name - GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints" - } -} - -################################################################################ -# Cluster -################################################################################ - -module "eks" { - source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" - - cluster_name = local.name - cluster_version = "1.27" - cluster_endpoint_public_access = true - - # EKS Addons - cluster_addons = { - coredns = {} - kube-proxy = {} - vpc-cni = { - # Specify the VPC CNI addon should be deployed before compute to ensure - # the addon is configured before data plane compute resources are created - # See README for further details - before_compute = true - most_recent = true # To ensure access to the latest settings provided - configuration_values = jsonencode({ - env = { - # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html - ENABLE_PREFIX_DELEGATION = "true" - WARM_PREFIX_TARGET = "1" - } - }) - } - } - - vpc_id = module.vpc.vpc_id - subnet_ids = module.vpc.private_subnets - - eks_managed_node_groups = { - initial = { - instance_types = ["m5.large"] - - min_size = 1 - max_size = 1 - desired_size = 1 - } - } - - tags = local.tags -} - -################################################################################ -# Supporting Resources -################################################################################ - -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" - - name = local.name - cidr = local.vpc_cidr - - azs = local.azs - private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - - enable_nat_gateway = true - single_nat_gateway = true - - public_subnet_tags = { - "kubernetes.io/role/elb" = 1 - } - - private_subnet_tags = { - "kubernetes.io/role/internal-elb" = 1 - } - - tags = local.tags -} diff --git a/examples/ipv4-prefix-delegation/versions.tf b/examples/ipv4-prefix-delegation/versions.tf deleted file mode 100644 index 0f31391225..0000000000 --- a/examples/ipv4-prefix-delegation/versions.tf +++ /dev/null @@ -1,25 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.47" - } - helm = { - source = "hashicorp/helm" - version = ">= 2.9" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" - } - } - - # ## Used for end-to-end testing on project; update to suit your needs - # backend "s3" { - # bucket = "terraform-ssp-github-actions-state" - # region = "us-west-2" - # key = "e2e/ipv4-prefix-delegation/terraform.tfstate" - # } -} diff --git a/examples/stateful/variables.tf b/examples/stateful/variables.tf deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/examples/vpc-cni-custom-networking/README.md b/examples/vpc-cni-custom-networking/README.md deleted file mode 100644 index 59df944dc8..0000000000 --- a/examples/vpc-cni-custom-networking/README.md +++ /dev/null @@ -1,139 +0,0 @@ -# VPC-CNI Custom Networking - -This example shows how to provision an EKS cluster with: - -- AWS VPC-CNI custom networking to assign IPs to pods from subnets outside of those used by the nodes -- AWS VPC-CNI prefix delegation to allow higher pod densities - this is useful since the custom networking removes one ENI from use for pod IP assignment which lowers the number of pods that can be assigned to the node. Enabling prefix delegation allows for prefixes to be assigned to the ENIs to ensure the node resources can be fully utilized through higher pod densities. See the user data section below for managing the max pods assigned to the node. -- Dedicated /28 subnets for the EKS cluster control plane. Making changes to the subnets used by the control plane is a destructive operation - it is recommended to use dedicated subnets for the control plane that are separate from the data plane to allow for future growth through the addition of subnets without disruption to the cluster. - -To disable prefix delegation from this example remove the environment environment variables `ENABLE_PREFIX_DELEGATION=true` and `WARM_PREFIX_TARGET=1` assignment from the `vpc-cni` addon - -## VPC CNI Configuration - -In this example, the `vpc-cni` addon is configured using `before_compute = true`. This is done to ensure the `vpc-cni` is created and updated *before* any EC2 instances are created so that the desired settings have applied before they will be referenced. With this configuration, you will now see that nodes created will have `--max-pods 110` configured do to the use of prefix delegation being enabled on the `vpc-cni`. - -If you find that your nodes are not being created with the correct number of max pods (i.e. - for `m5.large`, if you are seeing a max pods of 29 instead of 110), most likely the `vpc-cni` was not configured *before* the EC2 instances. - - -## Reference Documentation: - -- [Documentation](https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html) -- [Best Practices Guide](https://aws.github.io/aws-eks-best-practices/reliability/docs/networkmanagement/#cni-custom-networking) - -## Prerequisites: - -Ensure that you have the following tools installed locally: - -1. [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) -2. [kubectl](https://Kubernetes.io/docs/tasks/tools/) -3. [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli) - -## Deploy - -To provision this example: - -```sh -terraform init -terraform apply -``` - -Enter `yes` at command prompt to apply - -## Validate - -The following command will update the `kubeconfig` on your local machine and allow you to interact with your EKS Cluster using `kubectl` to validate the deployment. - -1. Run `update-kubeconfig` command: - -```sh -aws eks --region update-kubeconfig --name -``` - -2. List the nodes running currently - -```sh -kubectl get nodes - -# Output should look similar to below -NAME STATUS ROLES AGE VERSION -ip-10-0-34-74.us-west-2.compute.internal Ready 86s v1.22.9-eks-810597c -``` - -3. Inspect the nodes settings and check for the max allocatable pods - should be 110 in this scenario with m5.xlarge: - -```sh -kubectl describe node ip-10-0-34-74.us-west-2.compute.internal - -# Output should look similar to below (truncated for brevity) - Capacity: - attachable-volumes-aws-ebs: 25 - cpu: 4 - ephemeral-storage: 104845292Ki - hugepages-1Gi: 0 - hugepages-2Mi: 0 - memory: 15919124Ki - pods: 110 # <- this should be 110 and not 58 - Allocatable: - attachable-volumes-aws-ebs: 25 - cpu: 3920m - ephemeral-storage: 95551679124 - hugepages-1Gi: 0 - hugepages-2Mi: 0 - memory: 14902292Ki - pods: 110 # <- this should be 110 and not 58 -``` - -4. List out the pods running currently: - -```sh -kubectl get pods -A -o wide - -# Output should look similar to below -NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES -kube-system aws-node-ttg4h 1/1 Running 0 52s 10.0.34.74 ip-10-0-34-74.us-west-2.compute.internal -kube-system coredns-657694c6f4-8s5k6 1/1 Running 0 2m 10.99.135.1 ip-10-0-34-74.us-west-2.compute.internal -kube-system coredns-657694c6f4-ntzcp 1/1 Running 0 2m 10.99.135.0 ip-10-0-34-74.us-west-2.compute.internal -kube-system kube-proxy-wnzjd 1/1 Running 0 53s 10.0.34.74 ip-10-0-34-74.us-west-2.compute.internal -``` - -5. Inspect one of the `aws-node-*` (AWS VPC CNI) pods to ensure prefix delegation is enabled and warm prefix target is 1: - -```sh -kubectl describe pod aws-node-ttg4h -n kube-system - -# Output should look similar below (truncated for brevity) - Environment: - ADDITIONAL_ENI_TAGS: {} - AWS_VPC_CNI_NODE_PORT_SUPPORT: true - AWS_VPC_ENI_MTU: 9001 - AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER: false - AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG: true # <- this should be set to true - AWS_VPC_K8S_CNI_EXTERNALSNAT: false - AWS_VPC_K8S_CNI_LOGLEVEL: DEBUG - AWS_VPC_K8S_CNI_LOG_FILE: /host/var/log/aws-routed-eni/ipamd.log - AWS_VPC_K8S_CNI_RANDOMIZESNAT: prng - AWS_VPC_K8S_CNI_VETHPREFIX: eni - AWS_VPC_K8S_PLUGIN_LOG_FILE: /var/log/aws-routed-eni/plugin.log - AWS_VPC_K8S_PLUGIN_LOG_LEVEL: DEBUG - DISABLE_INTROSPECTION: false - DISABLE_METRICS: false - DISABLE_NETWORK_RESOURCE_PROVISIONING: false - ENABLE_IPv4: true - ENABLE_IPv6: false - ENABLE_POD_ENI: false - ENABLE_PREFIX_DELEGATION: true # <- this should be set to true - MY_NODE_NAME: (v1:spec.nodeName) - WARM_ENI_TARGET: 1 # <- this should be set to 1 - WARM_PREFIX_TARGET: 1 - ... -``` - -## Destroy - -To teardown and remove the resources created in this example: - -```sh -terraform destroy -target=kubectl_manifest.eni_config -target=module.eks_blueprints_kubernetes_addons -auto-approve -terraform destroy -target=module.eks -auto-approve -terraform destroy -auto-approve -``` diff --git a/examples/vpc-cni-custom-networking/main.tf b/examples/vpc-cni-custom-networking/main.tf deleted file mode 100644 index d508261314..0000000000 --- a/examples/vpc-cni-custom-networking/main.tf +++ /dev/null @@ -1,169 +0,0 @@ -provider "aws" { - region = local.region -} - -provider "kubernetes" { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - -provider "helm" { - kubernetes { - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } - } -} - -provider "kubectl" { - apply_retry_count = 5 - host = module.eks.cluster_endpoint - cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data) - load_config_file = false - - exec { - api_version = "client.authentication.k8s.io/v1beta1" - command = "aws" - # This requires the awscli to be installed locally where Terraform is executed - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] - } -} - -data "aws_availability_zones" "available" {} - -locals { - name = basename(path.cwd) - region = "us-west-2" - - vpc_cidr = "10.0.0.0/16" - secondary_vpc_cidr = "10.99.0.0/16" - azs = slice(data.aws_availability_zones.available.names, 0, 3) - - tags = { - Blueprint = local.name - GithubRepo = "github.com/aws-ia/terraform-aws-eks-blueprints" - } -} - -################################################################################ -# Cluster -################################################################################ - -module "eks" { - source = "terraform-aws-modules/eks/aws" - version = "~> 19.16" - - cluster_name = local.name - cluster_version = "1.27" - cluster_endpoint_public_access = true - - cluster_addons = { - coredns = {} - kube-proxy = {} - vpc-cni = { - # Specify the VPC CNI addon should be deployed before compute to ensure - # the addon is configured before data plane compute resources are created - # See README for further details - before_compute = true - most_recent = true # To ensure access to the latest settings provided - configuration_values = jsonencode({ - env = { - # Reference https://aws.github.io/aws-eks-best-practices/reliability/docs/networkmanagement/#cni-custom-networking - AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG = "true" - ENI_CONFIG_LABEL_DEF = "topology.kubernetes.io/zone" - - # Reference docs https://docs.aws.amazon.com/eks/latest/userguide/cni-increase-ip-addresses.html - ENABLE_PREFIX_DELEGATION = "true" - WARM_PREFIX_TARGET = "1" - } - }) - } - } - - vpc_id = module.vpc.vpc_id - # We only want to assign the 10.0.* range subnets to the data plane - subnet_ids = slice(module.vpc.private_subnets, 0, 3) - control_plane_subnet_ids = module.vpc.intra_subnets - - eks_managed_node_groups = { - initial = { - instance_types = ["m5.large"] - - min_size = 1 - max_size = 3 - desired_size = 2 - } - } - - tags = local.tags -} - -################################################################################ -# VPC-CNI Custom Networking ENIConfig -################################################################################ - -resource "kubectl_manifest" "eni_config" { - for_each = zipmap(local.azs, slice(module.vpc.private_subnets, 3, 6)) - - yaml_body = yamlencode({ - apiVersion = "crd.k8s.amazonaws.com/v1alpha1" - kind = "ENIConfig" - metadata = { - name = each.key - } - spec = { - securityGroups = [ - module.eks.node_security_group_id, - ] - subnet = each.value - } - }) -} - -################################################################################ -# Supporting Resources -################################################################################ - -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 5.0" - - name = local.name - cidr = local.vpc_cidr - - secondary_cidr_blocks = [local.secondary_vpc_cidr] # can add up to 5 total CIDR blocks - - azs = local.azs - private_subnets = concat( - [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)], - [for k, v in local.azs : cidrsubnet(local.secondary_vpc_cidr, 2, k)] - ) - public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] - intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 52)] - - enable_nat_gateway = true - single_nat_gateway = true - - public_subnet_tags = { - "kubernetes.io/role/elb" = 1 - } - - private_subnet_tags = { - "kubernetes.io/role/internal-elb" = 1 - } - - tags = local.tags -} diff --git a/examples/vpc-cni-custom-networking/outputs.tf b/examples/vpc-cni-custom-networking/outputs.tf deleted file mode 100644 index c624023e90..0000000000 --- a/examples/vpc-cni-custom-networking/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "configure_kubectl" { - description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" - value = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}" -} diff --git a/examples/vpc-cni-custom-networking/variables.tf b/examples/vpc-cni-custom-networking/variables.tf deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/examples/vpc-cni-custom-networking/versions.tf b/examples/vpc-cni-custom-networking/versions.tf deleted file mode 100644 index 9e1f772fa9..0000000000 --- a/examples/vpc-cni-custom-networking/versions.tf +++ /dev/null @@ -1,29 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.47" - } - helm = { - source = "hashicorp/helm" - version = ">= 2.9" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" - } - kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.14" - } - } - - # ## Used for end-to-end testing on project; update to suit your needs - # backend "s3" { - # bucket = "terraform-ssp-github-actions-state" - # region = "us-west-2" - # key = "e2e/vpc-cni-custom-networking/terraform.tfstate" - # } -} diff --git a/examples/wireguard-with-cilium/outputs.tf b/examples/wireguard-with-cilium/outputs.tf deleted file mode 100644 index c624023e90..0000000000 --- a/examples/wireguard-with-cilium/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "configure_kubectl" { - description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig" - value = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}" -} diff --git a/examples/agones-game-controller/README.md b/patterns/agones-game-controller/README.md similarity index 99% rename from examples/agones-game-controller/README.md rename to patterns/agones-game-controller/README.md index b544e6425e..09eeff8711 100644 --- a/examples/agones-game-controller/README.md +++ b/patterns/agones-game-controller/README.md @@ -40,7 +40,7 @@ git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.git Initialize a working directory with configuration files ```sh -cd examples/game-tech/agones-game-controller +cd patterns/game-tech/agones-game-controller terraform init ``` diff --git a/examples/agones-game-controller/destroy.sh b/patterns/agones-game-controller/destroy.sh similarity index 100% rename from examples/agones-game-controller/destroy.sh rename to patterns/agones-game-controller/destroy.sh diff --git a/examples/agones-game-controller/helm_values/agones-values.yaml b/patterns/agones-game-controller/helm_values/agones-values.yaml similarity index 100% rename from examples/agones-game-controller/helm_values/agones-values.yaml rename to patterns/agones-game-controller/helm_values/agones-values.yaml diff --git a/examples/agones-game-controller/main.tf b/patterns/agones-game-controller/main.tf similarity index 100% rename from examples/agones-game-controller/main.tf rename to patterns/agones-game-controller/main.tf diff --git a/examples/agones-game-controller/outputs.tf b/patterns/agones-game-controller/outputs.tf similarity index 100% rename from examples/agones-game-controller/outputs.tf rename to patterns/agones-game-controller/outputs.tf diff --git a/examples/agones-game-controller/test/sample-game-server/fleet.yaml b/patterns/agones-game-controller/test/sample-game-server/fleet.yaml similarity index 100% rename from examples/agones-game-controller/test/sample-game-server/fleet.yaml rename to patterns/agones-game-controller/test/sample-game-server/fleet.yaml diff --git a/examples/agones-game-controller/test/sample-game-server/gameserver.yaml b/patterns/agones-game-controller/test/sample-game-server/gameserver.yaml similarity index 100% rename from examples/agones-game-controller/test/sample-game-server/gameserver.yaml rename to patterns/agones-game-controller/test/sample-game-server/gameserver.yaml diff --git a/examples/agones-game-controller/test/xonotic/fleet.yaml b/patterns/agones-game-controller/test/xonotic/fleet.yaml similarity index 100% rename from examples/agones-game-controller/test/xonotic/fleet.yaml rename to patterns/agones-game-controller/test/xonotic/fleet.yaml diff --git a/examples/agones-game-controller/test/xonotic/fleetautoscaler.yaml b/patterns/agones-game-controller/test/xonotic/fleetautoscaler.yaml similarity index 100% rename from examples/agones-game-controller/test/xonotic/fleetautoscaler.yaml rename to patterns/agones-game-controller/test/xonotic/fleetautoscaler.yaml diff --git a/examples/agones-game-controller/test/xonotic/gameserver.yaml b/patterns/agones-game-controller/test/xonotic/gameserver.yaml similarity index 100% rename from examples/agones-game-controller/test/xonotic/gameserver.yaml rename to patterns/agones-game-controller/test/xonotic/gameserver.yaml diff --git a/examples/agones-game-controller/test/xonotic/gameserverallocator.yaml b/patterns/agones-game-controller/test/xonotic/gameserverallocator.yaml similarity index 100% rename from examples/agones-game-controller/test/xonotic/gameserverallocator.yaml rename to patterns/agones-game-controller/test/xonotic/gameserverallocator.yaml diff --git a/examples/agones-game-controller/variables.tf b/patterns/agones-game-controller/variables.tf similarity index 100% rename from examples/agones-game-controller/variables.tf rename to patterns/agones-game-controller/variables.tf diff --git a/examples/agones-game-controller/versions.tf b/patterns/agones-game-controller/versions.tf similarity index 100% rename from examples/agones-game-controller/versions.tf rename to patterns/agones-game-controller/versions.tf diff --git a/examples/appmesh-mtls/README.md b/patterns/appmesh-mtls/README.md similarity index 100% rename from examples/appmesh-mtls/README.md rename to patterns/appmesh-mtls/README.md diff --git a/examples/appmesh-mtls/main.tf b/patterns/appmesh-mtls/main.tf similarity index 100% rename from examples/appmesh-mtls/main.tf rename to patterns/appmesh-mtls/main.tf diff --git a/examples/appmesh-mtls/outputs.tf b/patterns/appmesh-mtls/outputs.tf similarity index 100% rename from examples/appmesh-mtls/outputs.tf rename to patterns/appmesh-mtls/outputs.tf diff --git a/examples/appmesh-mtls/variables.tf b/patterns/appmesh-mtls/variables.tf similarity index 100% rename from examples/appmesh-mtls/variables.tf rename to patterns/appmesh-mtls/variables.tf diff --git a/examples/appmesh-mtls/versions.tf b/patterns/appmesh-mtls/versions.tf similarity index 100% rename from examples/appmesh-mtls/versions.tf rename to patterns/appmesh-mtls/versions.tf diff --git a/examples/argocd/README.md b/patterns/argocd/README.md similarity index 100% rename from examples/argocd/README.md rename to patterns/argocd/README.md diff --git a/examples/argocd/main.tf b/patterns/argocd/main.tf similarity index 100% rename from examples/argocd/main.tf rename to patterns/argocd/main.tf diff --git a/examples/argocd/min-iam-policy.json b/patterns/argocd/min-iam-policy.json similarity index 100% rename from examples/argocd/min-iam-policy.json rename to patterns/argocd/min-iam-policy.json diff --git a/examples/argocd/outputs.tf b/patterns/argocd/outputs.tf similarity index 100% rename from examples/argocd/outputs.tf rename to patterns/argocd/outputs.tf diff --git a/examples/argocd/variables.tf b/patterns/argocd/variables.tf similarity index 100% rename from examples/argocd/variables.tf rename to patterns/argocd/variables.tf diff --git a/examples/argocd/versions.tf b/patterns/argocd/versions.tf similarity index 100% rename from examples/argocd/versions.tf rename to patterns/argocd/versions.tf diff --git a/examples/blue-green-upgrade/README.md b/patterns/blue-green-upgrade/README.md similarity index 99% rename from examples/blue-green-upgrade/README.md rename to patterns/blue-green-upgrade/README.md index 73d2f775da..b7b51eb261 100644 --- a/examples/blue-green-upgrade/README.md +++ b/patterns/blue-green-upgrade/README.md @@ -79,7 +79,7 @@ Our objective here is to show you how Application teams and Platform teams can c ```bash git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.git -cd examples/blue-green-upgrade/ +cd patterns/blue-green-upgrade/ ``` 2. Copy the `terraform.tfvars.example` to `terraform.tfvars` on each `environment`, `eks-blue` and `eks-green` folders, and change region, hosted_zone_name, eks_admin_role_name according to your needs. diff --git a/examples/blue-green-upgrade/eks-blue/README.md b/patterns/blue-green-upgrade/eks-blue/README.md similarity index 100% rename from examples/blue-green-upgrade/eks-blue/README.md rename to patterns/blue-green-upgrade/eks-blue/README.md diff --git a/examples/blue-green-upgrade/eks-blue/main.tf b/patterns/blue-green-upgrade/eks-blue/main.tf similarity index 100% rename from examples/blue-green-upgrade/eks-blue/main.tf rename to patterns/blue-green-upgrade/eks-blue/main.tf diff --git a/examples/blue-green-upgrade/eks-blue/outputs.tf b/patterns/blue-green-upgrade/eks-blue/outputs.tf similarity index 100% rename from examples/blue-green-upgrade/eks-blue/outputs.tf rename to patterns/blue-green-upgrade/eks-blue/outputs.tf diff --git a/examples/blue-green-upgrade/eks-blue/providers.tf b/patterns/blue-green-upgrade/eks-blue/providers.tf similarity index 100% rename from examples/blue-green-upgrade/eks-blue/providers.tf rename to patterns/blue-green-upgrade/eks-blue/providers.tf diff --git a/examples/blue-green-upgrade/eks-blue/variables.tf b/patterns/blue-green-upgrade/eks-blue/variables.tf similarity index 100% rename from examples/blue-green-upgrade/eks-blue/variables.tf rename to patterns/blue-green-upgrade/eks-blue/variables.tf diff --git a/examples/blue-green-upgrade/eks-green/README.md b/patterns/blue-green-upgrade/eks-green/README.md similarity index 100% rename from examples/blue-green-upgrade/eks-green/README.md rename to patterns/blue-green-upgrade/eks-green/README.md diff --git a/examples/blue-green-upgrade/eks-green/main.tf b/patterns/blue-green-upgrade/eks-green/main.tf similarity index 100% rename from examples/blue-green-upgrade/eks-green/main.tf rename to patterns/blue-green-upgrade/eks-green/main.tf diff --git a/examples/blue-green-upgrade/eks-green/outputs.tf b/patterns/blue-green-upgrade/eks-green/outputs.tf similarity index 100% rename from examples/blue-green-upgrade/eks-green/outputs.tf rename to patterns/blue-green-upgrade/eks-green/outputs.tf diff --git a/examples/blue-green-upgrade/eks-green/providers.tf b/patterns/blue-green-upgrade/eks-green/providers.tf similarity index 100% rename from examples/blue-green-upgrade/eks-green/providers.tf rename to patterns/blue-green-upgrade/eks-green/providers.tf diff --git a/examples/blue-green-upgrade/eks-green/variables.tf b/patterns/blue-green-upgrade/eks-green/variables.tf similarity index 100% rename from examples/blue-green-upgrade/eks-green/variables.tf rename to patterns/blue-green-upgrade/eks-green/variables.tf diff --git a/examples/blue-green-upgrade/environment/README.md b/patterns/blue-green-upgrade/environment/README.md similarity index 100% rename from examples/blue-green-upgrade/environment/README.md rename to patterns/blue-green-upgrade/environment/README.md diff --git a/examples/blue-green-upgrade/environment/main.tf b/patterns/blue-green-upgrade/environment/main.tf similarity index 100% rename from examples/blue-green-upgrade/environment/main.tf rename to patterns/blue-green-upgrade/environment/main.tf diff --git a/examples/blue-green-upgrade/environment/outputs.tf b/patterns/blue-green-upgrade/environment/outputs.tf similarity index 100% rename from examples/blue-green-upgrade/environment/outputs.tf rename to patterns/blue-green-upgrade/environment/outputs.tf diff --git a/examples/blue-green-upgrade/environment/variables.tf b/patterns/blue-green-upgrade/environment/variables.tf similarity index 100% rename from examples/blue-green-upgrade/environment/variables.tf rename to patterns/blue-green-upgrade/environment/variables.tf diff --git a/examples/blue-green-upgrade/environment/versions.tf b/patterns/blue-green-upgrade/environment/versions.tf similarity index 100% rename from examples/blue-green-upgrade/environment/versions.tf rename to patterns/blue-green-upgrade/environment/versions.tf diff --git a/examples/blue-green-upgrade/modules/eks_cluster/README.md b/patterns/blue-green-upgrade/modules/eks_cluster/README.md similarity index 100% rename from examples/blue-green-upgrade/modules/eks_cluster/README.md rename to patterns/blue-green-upgrade/modules/eks_cluster/README.md diff --git a/examples/blue-green-upgrade/modules/eks_cluster/main.tf b/patterns/blue-green-upgrade/modules/eks_cluster/main.tf similarity index 100% rename from examples/blue-green-upgrade/modules/eks_cluster/main.tf rename to patterns/blue-green-upgrade/modules/eks_cluster/main.tf diff --git a/examples/blue-green-upgrade/modules/eks_cluster/outputs.tf b/patterns/blue-green-upgrade/modules/eks_cluster/outputs.tf similarity index 100% rename from examples/blue-green-upgrade/modules/eks_cluster/outputs.tf rename to patterns/blue-green-upgrade/modules/eks_cluster/outputs.tf diff --git a/examples/blue-green-upgrade/modules/eks_cluster/variables.tf b/patterns/blue-green-upgrade/modules/eks_cluster/variables.tf similarity index 100% rename from examples/blue-green-upgrade/modules/eks_cluster/variables.tf rename to patterns/blue-green-upgrade/modules/eks_cluster/variables.tf diff --git a/examples/blue-green-upgrade/modules/eks_cluster/versions.tf b/patterns/blue-green-upgrade/modules/eks_cluster/versions.tf similarity index 100% rename from examples/blue-green-upgrade/modules/eks_cluster/versions.tf rename to patterns/blue-green-upgrade/modules/eks_cluster/versions.tf diff --git a/examples/blue-green-upgrade/static/archi-blue-green.png b/patterns/blue-green-upgrade/static/archi-blue-green.png similarity index 100% rename from examples/blue-green-upgrade/static/archi-blue-green.png rename to patterns/blue-green-upgrade/static/archi-blue-green.png diff --git a/examples/blue-green-upgrade/static/archi-blue.png b/patterns/blue-green-upgrade/static/archi-blue.png similarity index 100% rename from examples/blue-green-upgrade/static/archi-blue.png rename to patterns/blue-green-upgrade/static/archi-blue.png diff --git a/examples/blue-green-upgrade/static/archi-green.png b/patterns/blue-green-upgrade/static/archi-green.png similarity index 100% rename from examples/blue-green-upgrade/static/archi-green.png rename to patterns/blue-green-upgrade/static/archi-green.png diff --git a/examples/blue-green-upgrade/static/burnham-records.png b/patterns/blue-green-upgrade/static/burnham-records.png similarity index 100% rename from examples/blue-green-upgrade/static/burnham-records.png rename to patterns/blue-green-upgrade/static/burnham-records.png diff --git a/examples/blue-green-upgrade/static/burnham-records2.png b/patterns/blue-green-upgrade/static/burnham-records2.png similarity index 100% rename from examples/blue-green-upgrade/static/burnham-records2.png rename to patterns/blue-green-upgrade/static/burnham-records2.png diff --git a/examples/blue-green-upgrade/static/burnham-records3.png b/patterns/blue-green-upgrade/static/burnham-records3.png similarity index 100% rename from examples/blue-green-upgrade/static/burnham-records3.png rename to patterns/blue-green-upgrade/static/burnham-records3.png diff --git a/examples/blue-green-upgrade/static/eks-argo.png b/patterns/blue-green-upgrade/static/eks-argo.png similarity index 100% rename from examples/blue-green-upgrade/static/eks-argo.png rename to patterns/blue-green-upgrade/static/eks-argo.png diff --git a/examples/blue-green-upgrade/static/github-ssh-secret.png b/patterns/blue-green-upgrade/static/github-ssh-secret.png similarity index 100% rename from examples/blue-green-upgrade/static/github-ssh-secret.png rename to patterns/blue-green-upgrade/static/github-ssh-secret.png diff --git a/examples/blue-green-upgrade/tear-down.sh b/patterns/blue-green-upgrade/tear-down.sh similarity index 100% rename from examples/blue-green-upgrade/tear-down.sh rename to patterns/blue-green-upgrade/tear-down.sh diff --git a/examples/blue-green-upgrade/terraform.tfvars.example b/patterns/blue-green-upgrade/terraform.tfvars.example similarity index 100% rename from examples/blue-green-upgrade/terraform.tfvars.example rename to patterns/blue-green-upgrade/terraform.tfvars.example diff --git a/examples/elastic-fabric-adapter/README.md b/patterns/elastic-fabric-adapter/README.md similarity index 100% rename from examples/elastic-fabric-adapter/README.md rename to patterns/elastic-fabric-adapter/README.md diff --git a/examples/elastic-fabric-adapter/main.tf b/patterns/elastic-fabric-adapter/main.tf similarity index 100% rename from examples/elastic-fabric-adapter/main.tf rename to patterns/elastic-fabric-adapter/main.tf diff --git a/examples/elastic-fabric-adapter/outputs.tf b/patterns/elastic-fabric-adapter/outputs.tf similarity index 100% rename from examples/elastic-fabric-adapter/outputs.tf rename to patterns/elastic-fabric-adapter/outputs.tf diff --git a/examples/elastic-fabric-adapter/variables.tf b/patterns/elastic-fabric-adapter/variables.tf similarity index 100% rename from examples/elastic-fabric-adapter/variables.tf rename to patterns/elastic-fabric-adapter/variables.tf diff --git a/examples/elastic-fabric-adapter/versions.tf b/patterns/elastic-fabric-adapter/versions.tf similarity index 100% rename from examples/elastic-fabric-adapter/versions.tf rename to patterns/elastic-fabric-adapter/versions.tf diff --git a/examples/external-secrets/README.md b/patterns/external-secrets/README.md similarity index 98% rename from examples/external-secrets/README.md rename to patterns/external-secrets/README.md index 28fae1fb2d..3a5be3ce7f 100644 --- a/examples/external-secrets/README.md +++ b/patterns/external-secrets/README.md @@ -25,7 +25,7 @@ git clone https://github.com/aws-ia/terraform-aws-eks-blueprints.git Initialize a working directory with configuration files ```sh -cd examples/external-secrets/ +cd patterns/external-secrets/ terraform init ``` diff --git a/examples/external-secrets/main.tf b/patterns/external-secrets/main.tf similarity index 100% rename from examples/external-secrets/main.tf rename to patterns/external-secrets/main.tf diff --git a/examples/external-secrets/outputs.tf b/patterns/external-secrets/outputs.tf similarity index 100% rename from examples/external-secrets/outputs.tf rename to patterns/external-secrets/outputs.tf diff --git a/examples/external-secrets/variables.tf b/patterns/external-secrets/variables.tf similarity index 100% rename from examples/external-secrets/variables.tf rename to patterns/external-secrets/variables.tf diff --git a/examples/external-secrets/versions.tf b/patterns/external-secrets/versions.tf similarity index 100% rename from examples/external-secrets/versions.tf rename to patterns/external-secrets/versions.tf diff --git a/examples/fargate-serverless/README.md b/patterns/fargate-serverless/README.md similarity index 100% rename from examples/fargate-serverless/README.md rename to patterns/fargate-serverless/README.md diff --git a/examples/fargate-serverless/main.tf b/patterns/fargate-serverless/main.tf similarity index 100% rename from examples/fargate-serverless/main.tf rename to patterns/fargate-serverless/main.tf diff --git a/examples/fargate-serverless/outputs.tf b/patterns/fargate-serverless/outputs.tf similarity index 100% rename from examples/fargate-serverless/outputs.tf rename to patterns/fargate-serverless/outputs.tf diff --git a/examples/fargate-serverless/variables.tf b/patterns/fargate-serverless/variables.tf similarity index 100% rename from examples/fargate-serverless/variables.tf rename to patterns/fargate-serverless/variables.tf diff --git a/examples/fargate-serverless/versions.tf b/patterns/fargate-serverless/versions.tf similarity index 100% rename from examples/fargate-serverless/versions.tf rename to patterns/fargate-serverless/versions.tf diff --git a/examples/fully-private-cluster/README.md b/patterns/fully-private-cluster/README.md similarity index 98% rename from examples/fully-private-cluster/README.md rename to patterns/fully-private-cluster/README.md index f6dce6b25d..2c7046c6fe 100644 --- a/examples/fully-private-cluster/README.md +++ b/patterns/fully-private-cluster/README.md @@ -29,7 +29,7 @@ Ensure that you have the following tools installed locally: Since this is a Fully Private Amazon EKS Cluster, make sure that you'll have access to the Amazon VPC where the cluster will be deployed, otherwise you won't be able to access it. -See the [`privatelink-access`](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples/privatelink-access) pattern for using AWS PrivateLink to access the private cluster from another VPC. +See the [`privatelink-access`](https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/patterns/privatelink-access) pattern for using AWS PrivateLink to access the private cluster from another VPC. To provision this example: diff --git a/examples/fully-private-cluster/main.tf b/patterns/fully-private-cluster/main.tf similarity index 100% rename from examples/fully-private-cluster/main.tf rename to patterns/fully-private-cluster/main.tf diff --git a/examples/fully-private-cluster/outputs.tf b/patterns/fully-private-cluster/outputs.tf similarity index 100% rename from examples/fully-private-cluster/outputs.tf rename to patterns/fully-private-cluster/outputs.tf diff --git a/examples/fully-private-cluster/variables.tf b/patterns/fully-private-cluster/variables.tf similarity index 100% rename from examples/fully-private-cluster/variables.tf rename to patterns/fully-private-cluster/variables.tf diff --git a/examples/fully-private-cluster/versions.tf b/patterns/fully-private-cluster/versions.tf similarity index 100% rename from examples/fully-private-cluster/versions.tf rename to patterns/fully-private-cluster/versions.tf diff --git a/examples/ipv6-eks-cluster/README.md b/patterns/ipv6-eks-cluster/README.md similarity index 100% rename from examples/ipv6-eks-cluster/README.md rename to patterns/ipv6-eks-cluster/README.md diff --git a/examples/ipv6-eks-cluster/main.tf b/patterns/ipv6-eks-cluster/main.tf similarity index 100% rename from examples/ipv6-eks-cluster/main.tf rename to patterns/ipv6-eks-cluster/main.tf diff --git a/examples/ipv4-prefix-delegation/outputs.tf b/patterns/ipv6-eks-cluster/outputs.tf similarity index 100% rename from examples/ipv4-prefix-delegation/outputs.tf rename to patterns/ipv6-eks-cluster/outputs.tf diff --git a/examples/ipv4-prefix-delegation/variables.tf b/patterns/ipv6-eks-cluster/variables.tf similarity index 100% rename from examples/ipv4-prefix-delegation/variables.tf rename to patterns/ipv6-eks-cluster/variables.tf diff --git a/examples/ipv6-eks-cluster/versions.tf b/patterns/ipv6-eks-cluster/versions.tf similarity index 100% rename from examples/ipv6-eks-cluster/versions.tf rename to patterns/ipv6-eks-cluster/versions.tf diff --git a/examples/istio-multi-cluster/0.certs-tool/.gitignore b/patterns/istio-multi-cluster/0.certs-tool/.gitignore similarity index 100% rename from examples/istio-multi-cluster/0.certs-tool/.gitignore rename to patterns/istio-multi-cluster/0.certs-tool/.gitignore diff --git a/examples/istio-multi-cluster/0.certs-tool/Makefile.k8s.mk b/patterns/istio-multi-cluster/0.certs-tool/Makefile.k8s.mk similarity index 100% rename from examples/istio-multi-cluster/0.certs-tool/Makefile.k8s.mk rename to patterns/istio-multi-cluster/0.certs-tool/Makefile.k8s.mk diff --git a/examples/istio-multi-cluster/0.certs-tool/Makefile.selfsigned.mk b/patterns/istio-multi-cluster/0.certs-tool/Makefile.selfsigned.mk similarity index 100% rename from examples/istio-multi-cluster/0.certs-tool/Makefile.selfsigned.mk rename to patterns/istio-multi-cluster/0.certs-tool/Makefile.selfsigned.mk diff --git a/examples/istio-multi-cluster/0.certs-tool/README.md b/patterns/istio-multi-cluster/0.certs-tool/README.md similarity index 100% rename from examples/istio-multi-cluster/0.certs-tool/README.md rename to patterns/istio-multi-cluster/0.certs-tool/README.md diff --git a/examples/istio-multi-cluster/0.certs-tool/common.mk b/patterns/istio-multi-cluster/0.certs-tool/common.mk similarity index 100% rename from examples/istio-multi-cluster/0.certs-tool/common.mk rename to patterns/istio-multi-cluster/0.certs-tool/common.mk diff --git a/examples/istio-multi-cluster/0.certs-tool/create-certs.sh b/patterns/istio-multi-cluster/0.certs-tool/create-certs.sh similarity index 100% rename from examples/istio-multi-cluster/0.certs-tool/create-certs.sh rename to patterns/istio-multi-cluster/0.certs-tool/create-certs.sh diff --git a/examples/istio-multi-cluster/0.vpc/main.tf b/patterns/istio-multi-cluster/0.vpc/main.tf similarity index 100% rename from examples/istio-multi-cluster/0.vpc/main.tf rename to patterns/istio-multi-cluster/0.vpc/main.tf diff --git a/examples/istio-multi-cluster/0.vpc/outputs.tf b/patterns/istio-multi-cluster/0.vpc/outputs.tf similarity index 100% rename from examples/istio-multi-cluster/0.vpc/outputs.tf rename to patterns/istio-multi-cluster/0.vpc/outputs.tf diff --git a/examples/ipv6-eks-cluster/variables.tf b/patterns/istio-multi-cluster/0.vpc/variables.tf similarity index 100% rename from examples/ipv6-eks-cluster/variables.tf rename to patterns/istio-multi-cluster/0.vpc/variables.tf diff --git a/examples/istio-multi-cluster/0.vpc/versions.tf b/patterns/istio-multi-cluster/0.vpc/versions.tf similarity index 100% rename from examples/istio-multi-cluster/0.vpc/versions.tf rename to patterns/istio-multi-cluster/0.vpc/versions.tf diff --git a/examples/istio-multi-cluster/1.cluster1/README.md b/patterns/istio-multi-cluster/1.cluster1/README.md similarity index 100% rename from examples/istio-multi-cluster/1.cluster1/README.md rename to patterns/istio-multi-cluster/1.cluster1/README.md diff --git a/examples/istio-multi-cluster/1.cluster1/main.tf b/patterns/istio-multi-cluster/1.cluster1/main.tf similarity index 100% rename from examples/istio-multi-cluster/1.cluster1/main.tf rename to patterns/istio-multi-cluster/1.cluster1/main.tf diff --git a/examples/istio-multi-cluster/1.cluster1/outputs.tf b/patterns/istio-multi-cluster/1.cluster1/outputs.tf similarity index 100% rename from examples/istio-multi-cluster/1.cluster1/outputs.tf rename to patterns/istio-multi-cluster/1.cluster1/outputs.tf diff --git a/examples/istio-multi-cluster/1.cluster1/variables.tf b/patterns/istio-multi-cluster/1.cluster1/variables.tf similarity index 100% rename from examples/istio-multi-cluster/1.cluster1/variables.tf rename to patterns/istio-multi-cluster/1.cluster1/variables.tf diff --git a/examples/istio-multi-cluster/1.cluster1/versions.tf b/patterns/istio-multi-cluster/1.cluster1/versions.tf similarity index 100% rename from examples/istio-multi-cluster/1.cluster1/versions.tf rename to patterns/istio-multi-cluster/1.cluster1/versions.tf diff --git a/examples/istio-multi-cluster/2.cluster2/README.md b/patterns/istio-multi-cluster/2.cluster2/README.md similarity index 100% rename from examples/istio-multi-cluster/2.cluster2/README.md rename to patterns/istio-multi-cluster/2.cluster2/README.md diff --git a/examples/istio-multi-cluster/2.cluster2/main.tf b/patterns/istio-multi-cluster/2.cluster2/main.tf similarity index 100% rename from examples/istio-multi-cluster/2.cluster2/main.tf rename to patterns/istio-multi-cluster/2.cluster2/main.tf diff --git a/examples/istio-multi-cluster/2.cluster2/outputs.tf b/patterns/istio-multi-cluster/2.cluster2/outputs.tf similarity index 100% rename from examples/istio-multi-cluster/2.cluster2/outputs.tf rename to patterns/istio-multi-cluster/2.cluster2/outputs.tf diff --git a/examples/istio-multi-cluster/2.cluster2/variables.tf b/patterns/istio-multi-cluster/2.cluster2/variables.tf similarity index 100% rename from examples/istio-multi-cluster/2.cluster2/variables.tf rename to patterns/istio-multi-cluster/2.cluster2/variables.tf diff --git a/examples/istio-multi-cluster/2.cluster2/versions.tf b/patterns/istio-multi-cluster/2.cluster2/versions.tf similarity index 100% rename from examples/istio-multi-cluster/2.cluster2/versions.tf rename to patterns/istio-multi-cluster/2.cluster2/versions.tf diff --git a/examples/istio-multi-cluster/3.istio-multi-primary/istio-remote-secret.tftpl b/patterns/istio-multi-cluster/3.istio-multi-primary/istio-remote-secret.tftpl similarity index 100% rename from examples/istio-multi-cluster/3.istio-multi-primary/istio-remote-secret.tftpl rename to patterns/istio-multi-cluster/3.istio-multi-primary/istio-remote-secret.tftpl diff --git a/examples/istio-multi-cluster/3.istio-multi-primary/main.tf b/patterns/istio-multi-cluster/3.istio-multi-primary/main.tf similarity index 100% rename from examples/istio-multi-cluster/3.istio-multi-primary/main.tf rename to patterns/istio-multi-cluster/3.istio-multi-primary/main.tf diff --git a/examples/istio-multi-cluster/3.istio-multi-primary/outputs.tf b/patterns/istio-multi-cluster/3.istio-multi-primary/outputs.tf similarity index 100% rename from examples/istio-multi-cluster/3.istio-multi-primary/outputs.tf rename to patterns/istio-multi-cluster/3.istio-multi-primary/outputs.tf diff --git a/examples/istio-multi-cluster/0.vpc/variables.tf b/patterns/istio-multi-cluster/3.istio-multi-primary/variables.tf similarity index 100% rename from examples/istio-multi-cluster/0.vpc/variables.tf rename to patterns/istio-multi-cluster/3.istio-multi-primary/variables.tf diff --git a/examples/istio-multi-cluster/3.istio-multi-primary/versions.tf b/patterns/istio-multi-cluster/3.istio-multi-primary/versions.tf similarity index 100% rename from examples/istio-multi-cluster/3.istio-multi-primary/versions.tf rename to patterns/istio-multi-cluster/3.istio-multi-primary/versions.tf diff --git a/examples/istio-multi-cluster/4.test-connectivity/istio-helloworld.yaml b/patterns/istio-multi-cluster/4.test-connectivity/istio-helloworld.yaml similarity index 100% rename from examples/istio-multi-cluster/4.test-connectivity/istio-helloworld.yaml rename to patterns/istio-multi-cluster/4.test-connectivity/istio-helloworld.yaml diff --git a/examples/istio-multi-cluster/4.test-connectivity/istio-sleep.yaml b/patterns/istio-multi-cluster/4.test-connectivity/istio-sleep.yaml similarity index 100% rename from examples/istio-multi-cluster/4.test-connectivity/istio-sleep.yaml rename to patterns/istio-multi-cluster/4.test-connectivity/istio-sleep.yaml diff --git a/examples/istio-multi-cluster/4.test-connectivity/test_connectivity.sh b/patterns/istio-multi-cluster/4.test-connectivity/test_connectivity.sh similarity index 100% rename from examples/istio-multi-cluster/4.test-connectivity/test_connectivity.sh rename to patterns/istio-multi-cluster/4.test-connectivity/test_connectivity.sh diff --git a/examples/istio-multi-cluster/README.md b/patterns/istio-multi-cluster/README.md similarity index 100% rename from examples/istio-multi-cluster/README.md rename to patterns/istio-multi-cluster/README.md diff --git a/examples/istio/README.md b/patterns/istio/README.md similarity index 100% rename from examples/istio/README.md rename to patterns/istio/README.md diff --git a/examples/istio/main.tf b/patterns/istio/main.tf similarity index 100% rename from examples/istio/main.tf rename to patterns/istio/main.tf diff --git a/examples/ipv6-eks-cluster/outputs.tf b/patterns/istio/outputs.tf similarity index 100% rename from examples/ipv6-eks-cluster/outputs.tf rename to patterns/istio/outputs.tf diff --git a/examples/istio-multi-cluster/3.istio-multi-primary/variables.tf b/patterns/istio/variables.tf similarity index 100% rename from examples/istio-multi-cluster/3.istio-multi-primary/variables.tf rename to patterns/istio/variables.tf diff --git a/examples/istio/versions.tf b/patterns/istio/versions.tf similarity index 100% rename from examples/istio/versions.tf rename to patterns/istio/versions.tf diff --git a/examples/karpenter/README.md b/patterns/karpenter/README.md similarity index 100% rename from examples/karpenter/README.md rename to patterns/karpenter/README.md diff --git a/examples/karpenter/main.tf b/patterns/karpenter/main.tf similarity index 100% rename from examples/karpenter/main.tf rename to patterns/karpenter/main.tf diff --git a/examples/istio/outputs.tf b/patterns/karpenter/outputs.tf similarity index 100% rename from examples/istio/outputs.tf rename to patterns/karpenter/outputs.tf diff --git a/examples/istio/variables.tf b/patterns/karpenter/variables.tf similarity index 100% rename from examples/istio/variables.tf rename to patterns/karpenter/variables.tf diff --git a/examples/karpenter/versions.tf b/patterns/karpenter/versions.tf similarity index 100% rename from examples/karpenter/versions.tf rename to patterns/karpenter/versions.tf diff --git a/examples/multi-tenancy-with-teams/README.md b/patterns/multi-tenancy-with-teams/README.md similarity index 100% rename from examples/multi-tenancy-with-teams/README.md rename to patterns/multi-tenancy-with-teams/README.md diff --git a/examples/multi-tenancy-with-teams/main.tf b/patterns/multi-tenancy-with-teams/main.tf similarity index 100% rename from examples/multi-tenancy-with-teams/main.tf rename to patterns/multi-tenancy-with-teams/main.tf diff --git a/examples/multi-tenancy-with-teams/outputs.tf b/patterns/multi-tenancy-with-teams/outputs.tf similarity index 100% rename from examples/multi-tenancy-with-teams/outputs.tf rename to patterns/multi-tenancy-with-teams/outputs.tf diff --git a/examples/karpenter/variables.tf b/patterns/multi-tenancy-with-teams/variables.tf similarity index 100% rename from examples/karpenter/variables.tf rename to patterns/multi-tenancy-with-teams/variables.tf diff --git a/examples/multi-tenancy-with-teams/versions.tf b/patterns/multi-tenancy-with-teams/versions.tf similarity index 100% rename from examples/multi-tenancy-with-teams/versions.tf rename to patterns/multi-tenancy-with-teams/versions.tf diff --git a/examples/private-public-ingress/README.md b/patterns/private-public-ingress/README.md similarity index 100% rename from examples/private-public-ingress/README.md rename to patterns/private-public-ingress/README.md diff --git a/examples/private-public-ingress/main.tf b/patterns/private-public-ingress/main.tf similarity index 100% rename from examples/private-public-ingress/main.tf rename to patterns/private-public-ingress/main.tf diff --git a/examples/private-public-ingress/outputs.tf b/patterns/private-public-ingress/outputs.tf similarity index 100% rename from examples/private-public-ingress/outputs.tf rename to patterns/private-public-ingress/outputs.tf diff --git a/examples/multi-tenancy-with-teams/variables.tf b/patterns/private-public-ingress/variables.tf similarity index 100% rename from examples/multi-tenancy-with-teams/variables.tf rename to patterns/private-public-ingress/variables.tf diff --git a/examples/private-public-ingress/versions.tf b/patterns/private-public-ingress/versions.tf similarity index 100% rename from examples/private-public-ingress/versions.tf rename to patterns/private-public-ingress/versions.tf diff --git a/examples/privatelink-access/README.md b/patterns/privatelink-access/README.md similarity index 100% rename from examples/privatelink-access/README.md rename to patterns/privatelink-access/README.md diff --git a/examples/privatelink-access/client.tf b/patterns/privatelink-access/client.tf similarity index 100% rename from examples/privatelink-access/client.tf rename to patterns/privatelink-access/client.tf diff --git a/examples/privatelink-access/eks.tf b/patterns/privatelink-access/eks.tf similarity index 100% rename from examples/privatelink-access/eks.tf rename to patterns/privatelink-access/eks.tf diff --git a/examples/privatelink-access/lambdas/create_eni.py b/patterns/privatelink-access/lambdas/create_eni.py similarity index 100% rename from examples/privatelink-access/lambdas/create_eni.py rename to patterns/privatelink-access/lambdas/create_eni.py diff --git a/examples/privatelink-access/lambdas/delete_eni.py b/patterns/privatelink-access/lambdas/delete_eni.py similarity index 100% rename from examples/privatelink-access/lambdas/delete_eni.py rename to patterns/privatelink-access/lambdas/delete_eni.py diff --git a/examples/privatelink-access/main.tf b/patterns/privatelink-access/main.tf similarity index 100% rename from examples/privatelink-access/main.tf rename to patterns/privatelink-access/main.tf diff --git a/examples/privatelink-access/outputs.tf b/patterns/privatelink-access/outputs.tf similarity index 100% rename from examples/privatelink-access/outputs.tf rename to patterns/privatelink-access/outputs.tf diff --git a/examples/privatelink-access/privatelink.tf b/patterns/privatelink-access/privatelink.tf similarity index 100% rename from examples/privatelink-access/privatelink.tf rename to patterns/privatelink-access/privatelink.tf diff --git a/examples/private-public-ingress/variables.tf b/patterns/privatelink-access/variables.tf similarity index 100% rename from examples/private-public-ingress/variables.tf rename to patterns/privatelink-access/variables.tf diff --git a/examples/privatelink-access/versions.tf b/patterns/privatelink-access/versions.tf similarity index 100% rename from examples/privatelink-access/versions.tf rename to patterns/privatelink-access/versions.tf diff --git a/examples/single-sign-on/README.md b/patterns/single-sign-on/README.md similarity index 98% rename from examples/single-sign-on/README.md rename to patterns/single-sign-on/README.md index 946fba92ef..1a8ff1c295 100644 --- a/examples/single-sign-on/README.md +++ b/patterns/single-sign-on/README.md @@ -5,7 +5,7 @@ These examples demonstrates how to deploy an Amazon EKS cluster that is deployed - [IAM Identity Center (successor to AWS Single Sign-On)](https://aws.amazon.com/iam/identity-center/) - [Okta](https://www.okta.com/) -## Prerequisites: +## Prerequisites Ensure that you have the following tools installed locally: diff --git a/examples/single-sign-on/iam-identity-center/README.md b/patterns/single-sign-on/iam-identity-center/README.md similarity index 100% rename from examples/single-sign-on/iam-identity-center/README.md rename to patterns/single-sign-on/iam-identity-center/README.md diff --git a/examples/single-sign-on/iam-identity-center/main.tf b/patterns/single-sign-on/iam-identity-center/main.tf similarity index 100% rename from examples/single-sign-on/iam-identity-center/main.tf rename to patterns/single-sign-on/iam-identity-center/main.tf diff --git a/examples/single-sign-on/iam-identity-center/outputs.tf b/patterns/single-sign-on/iam-identity-center/outputs.tf similarity index 100% rename from examples/single-sign-on/iam-identity-center/outputs.tf rename to patterns/single-sign-on/iam-identity-center/outputs.tf diff --git a/examples/single-sign-on/iam-identity-center/sso.tf b/patterns/single-sign-on/iam-identity-center/sso.tf similarity index 100% rename from examples/single-sign-on/iam-identity-center/sso.tf rename to patterns/single-sign-on/iam-identity-center/sso.tf diff --git a/examples/single-sign-on/iam-identity-center/teams.tf b/patterns/single-sign-on/iam-identity-center/teams.tf similarity index 100% rename from examples/single-sign-on/iam-identity-center/teams.tf rename to patterns/single-sign-on/iam-identity-center/teams.tf diff --git a/examples/single-sign-on/iam-identity-center/variables.tf b/patterns/single-sign-on/iam-identity-center/variables.tf similarity index 100% rename from examples/single-sign-on/iam-identity-center/variables.tf rename to patterns/single-sign-on/iam-identity-center/variables.tf diff --git a/examples/single-sign-on/iam-identity-center/versions.tf b/patterns/single-sign-on/iam-identity-center/versions.tf similarity index 100% rename from examples/single-sign-on/iam-identity-center/versions.tf rename to patterns/single-sign-on/iam-identity-center/versions.tf diff --git a/examples/single-sign-on/okta/README.md b/patterns/single-sign-on/okta/README.md similarity index 100% rename from examples/single-sign-on/okta/README.md rename to patterns/single-sign-on/okta/README.md diff --git a/examples/single-sign-on/okta/main.tf b/patterns/single-sign-on/okta/main.tf similarity index 100% rename from examples/single-sign-on/okta/main.tf rename to patterns/single-sign-on/okta/main.tf diff --git a/examples/single-sign-on/okta/okta.tf b/patterns/single-sign-on/okta/okta.tf similarity index 100% rename from examples/single-sign-on/okta/okta.tf rename to patterns/single-sign-on/okta/okta.tf diff --git a/examples/single-sign-on/okta/outputs.tf b/patterns/single-sign-on/okta/outputs.tf similarity index 100% rename from examples/single-sign-on/okta/outputs.tf rename to patterns/single-sign-on/okta/outputs.tf diff --git a/examples/single-sign-on/okta/variables.tf b/patterns/single-sign-on/okta/variables.tf similarity index 100% rename from examples/single-sign-on/okta/variables.tf rename to patterns/single-sign-on/okta/variables.tf diff --git a/examples/single-sign-on/okta/versions.tf b/patterns/single-sign-on/okta/versions.tf similarity index 100% rename from examples/single-sign-on/okta/versions.tf rename to patterns/single-sign-on/okta/versions.tf diff --git a/examples/stateful/README.md b/patterns/stateful/README.md similarity index 100% rename from examples/stateful/README.md rename to patterns/stateful/README.md diff --git a/examples/stateful/main.tf b/patterns/stateful/main.tf similarity index 100% rename from examples/stateful/main.tf rename to patterns/stateful/main.tf diff --git a/examples/stateful/outputs.tf b/patterns/stateful/outputs.tf similarity index 100% rename from examples/stateful/outputs.tf rename to patterns/stateful/outputs.tf diff --git a/examples/privatelink-access/variables.tf b/patterns/stateful/variables.tf similarity index 100% rename from examples/privatelink-access/variables.tf rename to patterns/stateful/variables.tf diff --git a/examples/stateful/versions.tf b/patterns/stateful/versions.tf similarity index 100% rename from examples/stateful/versions.tf rename to patterns/stateful/versions.tf diff --git a/examples/tls-with-aws-pca-issuer/README.md b/patterns/tls-with-aws-pca-issuer/README.md similarity index 100% rename from examples/tls-with-aws-pca-issuer/README.md rename to patterns/tls-with-aws-pca-issuer/README.md diff --git a/examples/tls-with-aws-pca-issuer/main.tf b/patterns/tls-with-aws-pca-issuer/main.tf similarity index 100% rename from examples/tls-with-aws-pca-issuer/main.tf rename to patterns/tls-with-aws-pca-issuer/main.tf diff --git a/examples/karpenter/outputs.tf b/patterns/tls-with-aws-pca-issuer/outputs.tf similarity index 100% rename from examples/karpenter/outputs.tf rename to patterns/tls-with-aws-pca-issuer/outputs.tf diff --git a/examples/tls-with-aws-pca-issuer/variables.tf b/patterns/tls-with-aws-pca-issuer/variables.tf similarity index 100% rename from examples/tls-with-aws-pca-issuer/variables.tf rename to patterns/tls-with-aws-pca-issuer/variables.tf diff --git a/examples/tls-with-aws-pca-issuer/versions.tf b/patterns/tls-with-aws-pca-issuer/versions.tf similarity index 100% rename from examples/tls-with-aws-pca-issuer/versions.tf rename to patterns/tls-with-aws-pca-issuer/versions.tf diff --git a/examples/wireguard-with-cilium/README.md b/patterns/wireguard-with-cilium/README.md similarity index 100% rename from examples/wireguard-with-cilium/README.md rename to patterns/wireguard-with-cilium/README.md diff --git a/examples/wireguard-with-cilium/main.tf b/patterns/wireguard-with-cilium/main.tf similarity index 100% rename from examples/wireguard-with-cilium/main.tf rename to patterns/wireguard-with-cilium/main.tf diff --git a/examples/tls-with-aws-pca-issuer/outputs.tf b/patterns/wireguard-with-cilium/outputs.tf similarity index 100% rename from examples/tls-with-aws-pca-issuer/outputs.tf rename to patterns/wireguard-with-cilium/outputs.tf diff --git a/examples/wireguard-with-cilium/variables.tf b/patterns/wireguard-with-cilium/variables.tf similarity index 100% rename from examples/wireguard-with-cilium/variables.tf rename to patterns/wireguard-with-cilium/variables.tf diff --git a/examples/wireguard-with-cilium/versions.tf b/patterns/wireguard-with-cilium/versions.tf similarity index 100% rename from examples/wireguard-with-cilium/versions.tf rename to patterns/wireguard-with-cilium/versions.tf From 94ac735b12262e1a02e3c8f76276eaadb32e517e Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 11 Sep 2023 12:17:43 -0400 Subject: [PATCH 2/2] fix: Update best practices guide link for custom newtworking --- docs/snippets/vpc-cni-custom-networking.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/snippets/vpc-cni-custom-networking.md b/docs/snippets/vpc-cni-custom-networking.md index 5389cb0a96..d6ae0d4d21 100644 --- a/docs/snippets/vpc-cni-custom-networking.md +++ b/docs/snippets/vpc-cni-custom-networking.md @@ -7,7 +7,7 @@ Custom networking addresses the IP exhaustion issue by assigning the node and Po Since the primary ENI is not used by custom networking, the maximum number of Pods you can run on a node is lower. The host network Pods continue to use IP address assigned to the primary ENI. Additionally, the primary ENI is used to handle source network translation and route Pods traffic outside the node. - [Documentation](https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html) -- [Best Practices Guide](https://aws.github.io/aws-eks-best-practices/reliability/docs/networkmanagement/#cni-custom-networking) +- [Best Practices Guide](https://aws.github.io/aws-eks-best-practices/networking/custom-networking/) ## VPC CNI Configuration