add example

terraform-aws-modules · Nov 4, 2020 · 7406d1e · 7406d1e
1 parent 2890606
commit 7406d1e
Show file tree

Hide file tree

Showing 6 changed files with 202 additions and 3 deletions.
diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf
@@ -0,0 +1,112 @@
+terraform {
+  required_version = ">= 0.12.6"
+}
+
+provider "aws" {
+  version = ">= 2.28.1"
+  region  = var.region
+}
+
+provider "random" {
+  version = "~> 2.1"
+}
+
+provider "local" {
+  version = "~> 1.2"
+}
+
+provider "null" {
+  version = "~> 2.1"
+}
+
+provider "template" {
+  version = "~> 2.1"
+}
+
+data "aws_eks_cluster" "cluster" {
+  name = module.eks.cluster_id
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = module.eks.cluster_id
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+  load_config_file       = false
+  version                = "~> 1.11"
+}
+
+data "aws_availability_zones" "available" {
+}
+
+locals {
+  cluster_name = "test-eks-${random_string.suffix.result}"
+}
+
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "2.47.0"
+
+  name                 = "test-vpc"
+  cidr                 = "172.16.0.0/16"
+  azs                  = data.aws_availability_zones.available.names
+  private_subnets      = ["172.16.1.0/24", "172.16.2.0/24", "172.16.3.0/24"]
+  public_subnets       = ["172.16.4.0/24", "172.16.5.0/24", "172.16.6.0/24"]
+  enable_nat_gateway   = true
+  single_nat_gateway   = true
+  enable_dns_hostnames = true
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+    "kubernetes.io/role/elb"                      = "1"
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+    "kubernetes.io/role/internal-elb"             = "1"
+  }
+}
+
+module "eks" {
+  source          = "../.."
+  cluster_name    = local.cluster_name
+  cluster_version = "1.17"
+  subnets         = module.vpc.private_subnets
+
+  tags = {
+    Environment = "test"
+    GithubRepo  = "terraform-aws-eks"
+    GithubOrg   = "terraform-aws-modules"
+  }
+
+  vpc_id = module.vpc.vpc_id
+
+  fargate_profiles = {
+    example = {
+      namespace = "default"
+
+      # Kubernetes labels for selection
+      # labels = {
+      #   Environment = "test"
+      #   GithubRepo  = "terraform-aws-eks"
+      #   GithubOrg   = "terraform-aws-modules"
+      # }
+
+      tags = {
+        Owner = "test"
+      }
+    }
+  }
+
+  map_roles    = var.map_roles
+  map_users    = var.map_users
+  map_accounts = var.map_accounts
+}
diff --git a/examples/fargate/outputs.tf b/examples/fargate/outputs.tf
@@ -0,0 +1,29 @@
+output "cluster_endpoint" {
+  description = "Endpoint for EKS control plane."
+  value       = module.eks.cluster_endpoint
+}
+
+output "cluster_security_group_id" {
+  description = "Security group ids attached to the cluster control plane."
+  value       = module.eks.cluster_security_group_id
+}
+
+output "kubectl_config" {
+  description = "kubectl config as generated by the module."
+  value       = module.eks.kubeconfig
+}
+
+output "config_map_aws_auth" {
+  description = "A kubernetes configuration to authenticate to this EKS cluster."
+  value       = module.eks.config_map_aws_auth
+}
+
+output "region" {
+  description = "AWS region."
+  value       = var.region
+}
+
+output "fargate_profile_arns" {
+  description = "Outputs from node groups"
+  value       = module.eks.fargate_profile_arns
+}
diff --git a/examples/fargate/variables.tf b/examples/fargate/variables.tf
@@ -0,0 +1,52 @@
+variable "region" {
+  default = "us-west-2"
+}
+
+variable "map_accounts" {
+  description = "Additional AWS account numbers to add to the aws-auth configmap."
+  type        = list(string)
+
+  default = [
+    "777777777777",
+    "888888888888",
+  ]
+}
+
+variable "map_roles" {
+  description = "Additional IAM roles to add to the aws-auth configmap."
+  type = list(object({
+    rolearn  = string
+    username = string
+    groups   = list(string)
+  }))
+
+  default = [
+    {
+      rolearn  = "arn:aws:iam::66666666666:role/role1"
+      username = "role1"
+      groups   = ["system:masters"]
+    },
+  ]
+}
+
+variable "map_users" {
+  description = "Additional IAM users to add to the aws-auth configmap."
+  type = list(object({
+    userarn  = string
+    username = string
+    groups   = list(string)
+  }))
+
+  default = [
+    {
+      userarn  = "arn:aws:iam::66666666666:user/user1"
+      username = "user1"
+      groups   = ["system:masters"]
+    },
+    {
+      userarn  = "arn:aws:iam::66666666666:user/user2"
+      username = "user2"
+      groups   = ["system:masters"]
+    },
+  ]
+}
diff --git a/modules/fargate/README.md b/modules/fargate/README.md
@@ -13,6 +13,7 @@ Helper submodule to create and manage resources related to `aws_eks_fargate_prof
 | name | Fargate profile name | `string` | Auto generated in the following format `[cluster_name]-fargate-[fargate_profile_map_key]`| no |
 | namespace | Kubernetes namespace for selection | `string` | n/a | yes |
 | labels | Key-value map of Kubernetes labels for selection | `map(string)` | `{}` | no |
+| tags | Key-value map of resource tags. Will be merged with root module tags. | `map(string)` | `var.tags` | no |
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Requirements

diff --git a/modules/fargate/fargate.tf b/modules/fargate/fargate.tf
@@ -13,16 +13,16 @@ resource "aws_iam_role_policy_attachment" "eks_fargate_pod" {
 }
 
 resource "aws_eks_fargate_profile" "this" {
-  for_each               = local.create_eks ? var.fargate_profiles : {}
+  for_each               = local.create_eks ? local.fargate_profiles_expanded : {}
   cluster_name           = var.cluster_name
   fargate_profile_name   = lookup(each.value, "name", format("%s-fargate-%s", var.cluster_name, replace(each.key, "_", "-")))
   pod_execution_role_arn = local.pod_execution_role_arn
   subnet_ids             = var.subnets
-  tags                   = var.tags
+  tags                   = each.value.tags
 
   selector {
     namespace = each.value.namespace
-    labels    = each.value.labels
+    labels    = lookup(each.value, "labels", null)
   }
 
   depends_on = [var.eks_depends_on]

diff --git a/modules/fargate/locals.tf b/modules/fargate/locals.tf
@@ -2,4 +2,9 @@ locals {
   create_eks              = var.create_eks && length(var.fargate_profiles) > 0
   pod_execution_role_arn  = var.create_fargate_pod_execution_role ? element(concat(aws_iam_role.eks_fargate_pod.*.arn, list("")), 0) : element(concat(data.aws_iam_role.custom_fargate_iam_role.*.arn, list("")), 0)
   pod_execution_role_name = var.create_fargate_pod_execution_role ? element(concat(aws_iam_role.eks_fargate_pod.*.name, list("")), 0) : element(concat(data.aws_iam_role.custom_fargate_iam_role.*.name, list("")), 0)
+
+  fargate_profiles_expanded = { for k, v in var.fargate_profiles : k => merge(
+    { tags = var.tags },
+    v,
+  ) if var.create_eks }
 }