diff --git a/.gitignore b/.gitignore index 6e0db03..7ffc7f5 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,4 @@ .terraform/* +/exaples/*/.terraform +/exaples/*/terraform.tfstate.backup +/exaples/*/terraform.tfstate diff --git a/exaples/basic/README.md b/exaples/basic/README.md new file mode 100644 index 0000000..daad1e4 --- /dev/null +++ b/exaples/basic/README.md @@ -0,0 +1,53 @@ +# Basic example + +The code in this example shows how to use the module with basic configuration +and minimal set of other resources. + +## Hello world application + +This example also contains resources which deploys a ‘Hello world’ application. +It is highly inspired by AWS ALB Ingress Controller [walkthrough: echoserver](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/walkthrough/echoserver/) + +> **WARNING**: These resources are just an example, and they are commented +> intentionally. Individual ALBs are not managed directly by Terraform, they +> are managed by alb-ingress-controller. Therefor Terraform will not be able +> to remove all resources when running `terraform destroy` and it will fail +> after a timeout. + + +## Requirements + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | +| helm | ~> 1.0 | +| kubernetes | ~> 1.10 | + +## Inputs + +No input. + +## Outputs + +No output. + + + + +## Known issues + +The `terraform apply` command may fail with error similar to +```text +Error: Post "https://******.eks.amazonaws.com/api/v1/namespaces": dial tcp ******: i/o timeout + + on ../../iam.tf line 1, in resource "kubernetes_namespace" "alb_ingress": + 1: resource "kubernetes_namespace" "alb_ingress" { + +Error: Kubernetes cluster unreachable: Get https://******.eks.amazonaws.com/version?timeout=32s: dial tcp ******: i/o timeout + + on ../../main.tf line 1, in resource "helm_release" "alb_ingress": + 1: resource "helm_release" "alb_ingress" { +``` + +* https://github.com/terraform-providers/terraform-provider-aws/pull/11426 +* https://github.com/aws/containers-roadmap/issues/654 diff --git a/exaples/basic/main.tf b/exaples/basic/main.tf new file mode 100644 index 0000000..f1dcbbb --- /dev/null +++ b/exaples/basic/main.tf @@ -0,0 +1,155 @@ +data "aws_region" "current" {} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + + name = "alb-ingress-vpc" + cidr = "10.0.0.0/16" + azs = ["eu-central-1a", "eu-central-1b"] + public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] + enable_nat_gateway = true +} + +module "eks_cluster" { + source = "lablabs/eks-cluster/aws" + region = data.aws_region.current.name + subnet_ids = module.vpc.public_subnets + vpc_id = module.vpc.vpc_id + name = "alb-ingress" + + oidc_provider_enabled = true + + workers_security_group_ids = [module.eks_workers.security_group_id] + workers_role_arns = [module.eks_workers.workers_role_arn] +} + + +module "eks_workers" { + source = "lablabs/eks-workers/aws" + version = "0.11.0" + + cluster_certificate_authority_data = module.eks_cluster.eks_cluster_certificate_authority_data + cluster_endpoint = module.eks_cluster.eks_cluster_endpoint + cluster_name = module.eks_cluster.eks_cluster_id + cluster_security_group_id = module.eks_cluster.security_group_id + instance_type = "t3.medium" + max_size = 2 + min_size = 2 + subnet_ids = module.vpc.public_subnets + vpc_id = module.vpc.vpc_id + associate_public_ip_address = true + + eks_worker_ami_name_filter = "amazon-eks-node-${module.eks_cluster.eks_cluster_version}-*" +} + +# Use the module: + +module "alb_ingress" { + source = "../../" + + cluster_identity_oidc_issuer = module.eks_cluster.eks_cluster_identity_oidc_issuer + cluster_identity_oidc_issuer_arn = module.eks_cluster.eks_cluster_identity_oidc_issuer_arn + cluster_name = module.eks_cluster.eks_cluster_id + + enabled = true + + settings = { + "awsVpcID" : module.vpc.vpc_id + "awsRegion" : data.aws_region.current.name + } +} + +//# The example application behind the Load balancer +// +// WARNING: These resources are just an example, and they are commented +// intentionally. Individual ALBs are not managed directly by Terraform, they +// are managed by alb-ingress-controller. Therefor Terraform will not be able +// to remove all resources when running `terraform destroy` and it will fail +// after a timeout. +// +//resource "kubernetes_namespace" "echoserver" { +// metadata { +// name = "echoserver" +// } +//} +// +//resource "kubernetes_service" "echoserver" { +// metadata { +// name = "echoserver" +// namespace = kubernetes_namespace.echoserver.metadata[0].name +// } +// spec { +// port { +// port = 80 +// target_port = 80 +// protocol = "TCP" +// } +// type = "NodePort" +// selector = { +// app = "echoserver" +// } +// } +//} +// +//resource "kubernetes_deployment" "echoserver" { +// metadata { +// name = "echoserver" +// namespace = kubernetes_namespace.echoserver.metadata[0].name +// } +// spec { +// selector { +// match_labels = { +// app = "echoserver" +// } +// } +// replicas = 3 +// template { +// metadata { +// labels = { +// app = "echoserver" +// } +// } +// spec { +// container { +// image = "nginxdemos/hello:latest" +// image_pull_policy = "Always" +// name = "echoserver" +// port { +// container_port = 80 +// } +// } +// } +// } +// } +//} +// +//resource "kubernetes_ingress" "echoserver" { +// depends_on = [ +// module.alb_ingress +// ] +// +// metadata { +// name = "echoserver" +// namespace = kubernetes_namespace.echoserver.metadata[0].name +// annotations = { +// "kubernetes.io/ingress.class": "alb" +// "alb.ingress.kubernetes.io/scheme": "internet-facing" +// "alb.ingress.kubernetes.io/target-type": "ip" +// "alb.ingress.kubernetes.io/subnets": join(",", module.vpc.public_subnets) +// "alb.ingress.kubernetes.io/tags": "Environment=dev,Team=test" +// } +// } +// spec { +// rule { +// http { +// path { +// path = "/" +// backend { +// service_name = "echoserver" +// service_port = "80" +// } +// } +// } +// } +// } +//} diff --git a/exaples/basic/outputs.tf b/exaples/basic/outputs.tf new file mode 100644 index 0000000..5dd5fe7 --- /dev/null +++ b/exaples/basic/outputs.tf @@ -0,0 +1,7 @@ +// This output is commented intentionally. See commented resources in main.tf +// file for more details. +// +//output "alb_ingress_hostname" { +// description = "The hostname of the Load balancer" +// value = kubernetes_ingress.echoserver.load_balancer_ingress[*].hostname +//} diff --git a/exaples/basic/providers.tf b/exaples/basic/providers.tf new file mode 100644 index 0000000..a30a001 --- /dev/null +++ b/exaples/basic/providers.tf @@ -0,0 +1,30 @@ +provider "aws" { + version = "~> 2.0" + region = "eu-central-1" +} + +data "aws_eks_cluster" "this" { + name = module.eks_cluster.eks_cluster_id +} + +data "aws_eks_cluster_auth" "this" { + name = module.eks_cluster.eks_cluster_id +} + +provider "kubernetes" { + version = "~> 1.10" + host = data.aws_eks_cluster.this.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.this.token + load_config_file = false +} + +provider "helm" { + version = "~> 1.0" + kubernetes { + host = data.aws_eks_cluster.this.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data) + token = data.aws_eks_cluster_auth.this.token + load_config_file = false + } +}