Merge pull request #7 from lablabs/basic-example

Add example usage of the module

.gitignore

@@ -1 +1,4 @@
 .terraform/*
+/exaples/*/.terraform
+/exaples/*/terraform.tfstate.backup
+/exaples/*/terraform.tfstate

exaples/basic/README.md

@@ -0,0 +1,53 @@
+# Basic example
+
+The code in this example shows how to use the module with basic configuration
+and minimal set of other resources.
+
+## Hello world application
+
+This example also contains resources which deploys a ‘Hello world’ application.
+It is highly inspired by AWS ALB Ingress Controller [walkthrough: echoserver](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/walkthrough/echoserver/)
+
+> **WARNING**: These resources are just an example, and they are commented
+> intentionally. Individual ALBs are not managed directly by Terraform, they
+> are managed by alb-ingress-controller. Therefor Terraform will not be able
+> to remove all resources when running `terraform destroy` and it will fail
+> after a timeout.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| aws | ~> 2.0 |
+| helm | ~> 1.0 |
+| kubernetes | ~> 1.10 |
+
+## Inputs
+
+No input.
+
+## Outputs
+
+No output.
+
+ <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+
+## Known issues
+
+The `terraform apply` command may fail with error similar to
+```text
+Error: Post "https://******.eks.amazonaws.com/api/v1/namespaces": dial tcp ******: i/o timeout
+
+  on ../../iam.tf line 1, in resource "kubernetes_namespace" "alb_ingress":
+   1: resource "kubernetes_namespace" "alb_ingress" {
+
+Error: Kubernetes cluster unreachable: Get https://******.eks.amazonaws.com/version?timeout=32s: dial tcp ******: i/o timeout
+
+  on ../../main.tf line 1, in resource "helm_release" "alb_ingress":
+   1: resource "helm_release" "alb_ingress" {
+```
+
+* https://github.com/terraform-providers/terraform-provider-aws/pull/11426
+* https://github.com/aws/containers-roadmap/issues/654

exaples/basic/main.tf

@@ -0,0 +1,155 @@
+data "aws_region" "current" {}
+
+module "vpc" {
+  source = "terraform-aws-modules/vpc/aws"
+
+  name               = "alb-ingress-vpc"
+  cidr               = "10.0.0.0/16"
+  azs                = ["eu-central-1a", "eu-central-1b"]
+  public_subnets     = ["10.0.101.0/24", "10.0.102.0/24"]
+  enable_nat_gateway = true
+}
+
+module "eks_cluster" {
+  source     = "lablabs/eks-cluster/aws"
+  region     = data.aws_region.current.name
+  subnet_ids = module.vpc.public_subnets
+  vpc_id     = module.vpc.vpc_id
+  name       = "alb-ingress"
+
+  oidc_provider_enabled = true
+
+  workers_security_group_ids = [module.eks_workers.security_group_id]
+  workers_role_arns          = [module.eks_workers.workers_role_arn]
+}
+
+
+module "eks_workers" {
+  source  = "lablabs/eks-workers/aws"
+  version = "0.11.0"
+
+  cluster_certificate_authority_data = module.eks_cluster.eks_cluster_certificate_authority_data
+  cluster_endpoint                   = module.eks_cluster.eks_cluster_endpoint
+  cluster_name                       = module.eks_cluster.eks_cluster_id
+  cluster_security_group_id          = module.eks_cluster.security_group_id
+  instance_type                      = "t3.medium"
+  max_size                           = 2
+  min_size                           = 2
+  subnet_ids                         = module.vpc.public_subnets
+  vpc_id                             = module.vpc.vpc_id
+  associate_public_ip_address        = true
+
+  eks_worker_ami_name_filter = "amazon-eks-node-${module.eks_cluster.eks_cluster_version}-*"
+}
+
+# Use the module:
+
+module "alb_ingress" {
+  source = "../../"
+
+  cluster_identity_oidc_issuer     = module.eks_cluster.eks_cluster_identity_oidc_issuer
+  cluster_identity_oidc_issuer_arn = module.eks_cluster.eks_cluster_identity_oidc_issuer_arn
+  cluster_name                     = module.eks_cluster.eks_cluster_id
+
+  enabled = true
+
+  settings = {
+    "awsVpcID" : module.vpc.vpc_id
+    "awsRegion" : data.aws_region.current.name
+  }
+}
+
+//# The example application behind the Load balancer
+//
+//   WARNING: These resources are just an example, and they are commented
+//   intentionally. Individual ALBs are not managed directly by Terraform, they
+//   are managed by alb-ingress-controller. Therefor Terraform will not be able
+//   to remove all resources when running `terraform destroy` and it will fail
+//   after a timeout.
+//
+//resource "kubernetes_namespace" "echoserver" {
+//  metadata {
+//    name = "echoserver"
+//  }
+//}
+//
+//resource "kubernetes_service" "echoserver" {
+//  metadata {
+//    name = "echoserver"
+//    namespace = kubernetes_namespace.echoserver.metadata[0].name
+//  }
+//  spec {
+//    port {
+//      port = 80
+//      target_port = 80
+//      protocol = "TCP"
+//    }
+//    type = "NodePort"
+//    selector = {
+//      app = "echoserver"
+//    }
+//  }
+//}
+//
+//resource "kubernetes_deployment" "echoserver" {
+//  metadata {
+//    name = "echoserver"
+//    namespace = kubernetes_namespace.echoserver.metadata[0].name
+//  }
+//  spec {
+//    selector {
+//      match_labels = {
+//        app = "echoserver"
+//      }
+//    }
+//    replicas = 3
+//    template {
+//      metadata {
+//        labels = {
+//          app = "echoserver"
+//        }
+//      }
+//      spec {
+//        container {
+//          image = "nginxdemos/hello:latest"
+//          image_pull_policy = "Always"
+//          name = "echoserver"
+//          port {
+//            container_port = 80
+//          }
+//        }
+//      }
+//    }
+//  }
+//}
+//
+//resource "kubernetes_ingress" "echoserver" {
+//  depends_on = [
+//    module.alb_ingress
+//  ]
+//
+//  metadata {
+//    name = "echoserver"
+//    namespace = kubernetes_namespace.echoserver.metadata[0].name
+//    annotations = {
+//      "kubernetes.io/ingress.class": "alb"
+//      "alb.ingress.kubernetes.io/scheme": "internet-facing"
+//      "alb.ingress.kubernetes.io/target-type": "ip"
+//      "alb.ingress.kubernetes.io/subnets": join(",", module.vpc.public_subnets)
+//      "alb.ingress.kubernetes.io/tags": "Environment=dev,Team=test"
+//    }
+//  }
+//  spec {
+//    rule {
+//      http {
+//        path {
+//          path = "/"
+//          backend {
+//            service_name = "echoserver"
+//            service_port = "80"
+//          }
+//        }
+//      }
+//    }
+//  }
+//}

exaples/basic/outputs.tf

@@ -0,0 +1,7 @@
+// This output is commented intentionally. See commented resources in main.tf
+// file for more details.
+//
+//output "alb_ingress_hostname" {
+//  description = "The hostname of the Load balancer"
+//  value       = kubernetes_ingress.echoserver.load_balancer_ingress[*].hostname
+//}

exaples/basic/providers.tf

@@ -0,0 +1,30 @@
+provider "aws" {
+  version = "~> 2.0"
+  region  = "eu-central-1"
+}
+
+data "aws_eks_cluster" "this" {
+  name = module.eks_cluster.eks_cluster_id
+}
+
+data "aws_eks_cluster_auth" "this" {
+  name = module.eks_cluster.eks_cluster_id
+}
+
+provider "kubernetes" {
+  version                = "~> 1.10"
+  host                   = data.aws_eks_cluster.this.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.this.token
+  load_config_file       = false
+}
+
+provider "helm" {
+  version = "~> 1.0"
+  kubernetes {
+    host                   = data.aws_eks_cluster.this.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data)
+    token                  = data.aws_eks_cluster_auth.this.token
+    load_config_file       = false
+  }
+}