From cc8c7d727565bb2b231b39551d12d96780746305 Mon Sep 17 00:00:00 2001 From: Dawid Rogaczewski Date: Wed, 6 Oct 2021 11:38:50 +0200 Subject: [PATCH] update examples --- examples/README.md | 14 +++ examples/bottlerocket/main.tf | 2 +- examples/fargate/README.md | 1 + examples/fargate/main.tf | 85 +++++++++++++++++++ examples/instance_refresh/main.tf | 1 + examples/irsa/README.md | 3 + .../irsa/cluster-autoscaler-chart-values.yaml | 14 --- examples/irsa/irsa.tf | 49 ++++++++++- examples/irsa/main.tf | 3 + examples/irsa/versions.tf | 1 + .../README.md | 2 +- .../main.tf | 36 +++++++- .../variables.tf | 2 +- examples/managed_node_groups/main.tf | 25 ++++-- 14 files changed, 211 insertions(+), 27 deletions(-) create mode 100644 examples/README.md delete mode 100644 examples/irsa/cluster-autoscaler-chart-values.yaml diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 00000000000..51a1694d9b0 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,14 @@ +# Examples + +Examples are created to help users understand and build EKS clusters using this module. Examples are helpful for some Proof of Concept build and are focusing on showing usage of different possibilities. + +> Important +> +> Examples should not be used for production deployments. Examples try to be simple and not consistently implement best practices in areas of high availability or security. + +## Example rules + +- each example is independent of each other and can be created independently +- there is implemented additional random suffix so the same example should be able to be launched on the same AWS account +- each example requires some generic resources like VPC, subnets and etc., which are embedded into the standard `generic.tf` file. The file is exactly the same across all examples +- by default example is launched in `eu-west-1` region. To launch it in another region just override the region variable in terraform using `terraform apply -var=region=us-east-1` diff --git a/examples/bottlerocket/main.tf b/examples/bottlerocket/main.tf index e033945951d..fc967eb6a43 100644 --- a/examples/bottlerocket/main.tf +++ b/examples/bottlerocket/main.tf @@ -8,7 +8,7 @@ module "eks" { cluster_endpoint_public_access = true write_kubeconfig = false - manage_aws_auth = false + manage_aws_auth = true worker_groups_launch_template = [ { diff --git a/examples/fargate/README.md b/examples/fargate/README.md index ad0ad32036b..da51caac3e9 100644 --- a/examples/fargate/README.md +++ b/examples/fargate/README.md @@ -37,6 +37,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Source | Version | |------|--------|---------| | [eks](#module\_eks) | ../.. | | +| [fargate\_profile\_existing\_cluster](#module\_fargate\_profile\_existing\_cluster) | ../../modules/fargate | | | [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.7.0 | ## Resources diff --git a/examples/fargate/main.tf b/examples/fargate/main.tf index 87bfc58c183..bf85b22c56a 100644 --- a/examples/fargate/main.tf +++ b/examples/fargate/main.tf @@ -9,6 +9,28 @@ module "eks" { subnets = [module.vpc.private_subnets[0], module.vpc.public_subnets[1]] fargate_subnets = [module.vpc.private_subnets[2]] + # You require a node group to schedule coredns which is critical for running correctly internal DNS. + # If you want to use only fargate you must follow docs `(Optional) Update CoreDNS` + # available under https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html + node_groups = { + example = { + desired_capacity = 1 + + instance_types = ["t3.large"] + k8s_labels = { + Example = "managed_node_groups" + GithubRepo = "terraform-aws-eks" + GithubOrg = "terraform-aws-modules" + } + additional_tags = { + ExtraTag = "example" + } + update_config = { + max_unavailable_percentage = 50 # or set `max_unavailable` + } + } + } + fargate_profiles = { default = { name = "default" @@ -62,3 +84,66 @@ module "eks" { GithubOrg = "terraform-aws-modules" } } + + +############################################## +# Calling submodule with existing EKS cluster +############################################## + +module "fargate_profile_existing_cluster" { + source = "../../modules/fargate" + + cluster_name = module.eks.cluster_id + subnets = [module.vpc.private_subnets[0], module.vpc.private_subnets[2]] + + fargate_profiles = { + profile1 = { + name = "profile1" + selectors = [ + { + namespace = "kube-system" + labels = { + k8s-app = "kube-dns" + } + }, + { + namespace = "profile" + labels = { + WorkerType = "fargate" + } + } + ] + + tags = { + Owner = "profile1" + submodule = "true" + } + } + + profile2 = { + name = "profile2" + selectors = [ + { + namespace = "default" + labels = { + Fargate = "profile2" + } + } + ] + + # Using specific subnets instead of the ones configured in EKS (`subnets` and `fargate_subnets`) + subnets = [module.vpc.private_subnets[0]] + + tags = { + Owner = "profile2" + submodule = "true" + } + } + } + + tags = { + Example = var.example_name + GithubRepo = "terraform-aws-eks" + GithubOrg = "terraform-aws-modules" + } +} diff --git a/examples/instance_refresh/main.tf b/examples/instance_refresh/main.tf index 56393cdf50b..7bcdf1c3763 100644 --- a/examples/instance_refresh/main.tf +++ b/examples/instance_refresh/main.tf @@ -7,6 +7,7 @@ provider "helm" { token = data.aws_eks_cluster_auth.cluster.token } } + data "aws_caller_identity" "current" {} data "aws_iam_policy_document" "aws_node_termination_handler" { diff --git a/examples/irsa/README.md b/examples/irsa/README.md index 0c67ed86efe..1e91ef3b6fe 100644 --- a/examples/irsa/README.md +++ b/examples/irsa/README.md @@ -21,6 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.1 | | [aws](#requirement\_aws) | >= 3.22.0 | +| [helm](#requirement\_helm) | ~> 2.1.2 | | [kubernetes](#requirement\_kubernetes) | >= 2.0.0 | | [local](#requirement\_local) | >= 2.0.0 | | [random](#requirement\_random) | >= 2.1 | @@ -30,6 +31,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.22.0 | +| [helm](#provider\_helm) | ~> 2.1.2 | | [random](#provider\_random) | >= 2.1 | ## Modules @@ -45,6 +47,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Type | |------|------| | [aws_iam_policy.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [helm_release.cluster-autoscaler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | diff --git a/examples/irsa/cluster-autoscaler-chart-values.yaml b/examples/irsa/cluster-autoscaler-chart-values.yaml deleted file mode 100644 index 4e5494de304..00000000000 --- a/examples/irsa/cluster-autoscaler-chart-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -awsRegion: eu-west-1 - -rbac: - create: true - serviceAccount: - # This value should match local.k8s_service_account_name in locals.tf - name: cluster-autoscaler-aws-cluster-autoscaler-chart - annotations: - # This value should match the ARN of the role created by module.iam_assumable_role_admin in irsa.tf - eks.amazonaws.com/role-arn: "arn:aws:iam:::role/cluster-autoscaler" - -autoDiscovery: - clusterName: test-eks-irsa - enabled: true diff --git a/examples/irsa/irsa.tf b/examples/irsa/irsa.tf index bf5ec506c58..f0364a69d01 100644 --- a/examples/irsa/irsa.tf +++ b/examples/irsa/irsa.tf @@ -2,7 +2,54 @@ data "aws_caller_identity" "current" {} locals { k8s_service_account_namespace = "kube-system" - k8s_service_account_name = "cluster-autoscaler-aws-cluster-autoscaler-chart" + k8s_service_account_name = "cluster-autoscaler-aws" +} + +provider "helm" { + kubernetes { + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.cluster.token + } +} + +resource "helm_release" "cluster-autoscaler" { + depends_on = [ + module.eks + ] + + name = "cluster-autoscaler" + namespace = local.k8s_service_account_namespace + repository = "https://kubernetes.github.io/autoscaler" + chart = "cluster-autoscaler" + version = "9.10.7" + create_namespace = false + + set { + name = "awsRegion" + value = var.region + } + set { + name = "rbac.serviceAccount.name" + value = local.k8s_service_account_name + } + set { + name = "rbac.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" + value = module.iam_assumable_role_admin.iam_role_arn + type = "string" + } + set { + name = "autoDiscovery.clusterName" + value = local.cluster_name + } + set { + name = "autoDiscovery.enabled" + value = "true" + } + set { + name = "rbac.create" + value = "true" + } } module "iam_assumable_role_admin" { diff --git a/examples/irsa/main.tf b/examples/irsa/main.tf index 0408adb0256..713a288d0aa 100644 --- a/examples/irsa/main.tf +++ b/examples/irsa/main.tf @@ -14,6 +14,7 @@ module "eks" { name = "worker-group-1" instance_type = "t3.medium" asg_desired_capacity = 1 + asg_max_size = 4 tags = [ { "key" = "k8s.io/cluster-autoscaler/enabled" @@ -34,3 +35,5 @@ module "eks" { GithubOrg = "terraform-aws-modules" } } + + diff --git a/examples/irsa/versions.tf b/examples/irsa/versions.tf index 4333596daee..c0ce5bc9f0b 100644 --- a/examples/irsa/versions.tf +++ b/examples/irsa/versions.tf @@ -6,5 +6,6 @@ terraform { local = ">= 2.0.0" random = ">= 2.1" kubernetes = ">= 2.0.0" + helm = "~> 2.1.2" } } diff --git a/examples/launch_templates_with_managed_node_groups/README.md b/examples/launch_templates_with_managed_node_groups/README.md index 71a48d0119f..dd1f0652f87 100644 --- a/examples/launch_templates_with_managed_node_groups/README.md +++ b/examples/launch_templates_with_managed_node_groups/README.md @@ -55,7 +55,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [cluster\_version](#input\_cluster\_version) | EKS version | `string` | `"1.20"` | no | -| [example\_name](#input\_example\_name) | Example name | `string` | `"launch_templates_with_managed_node_groups"` | no | +| [example\_name](#input\_example\_name) | Example name | `string` | `"lt_with_managed_node_groups"` | no | | [instance\_types](#input\_instance\_types) | Instance types | `list(string)` | 
[
  "t3.small"
]
| no | | [region](#input\_region) | AWS region where example will be created | `string` | `"eu-west-1"` | no | diff --git a/examples/launch_templates_with_managed_node_groups/main.tf b/examples/launch_templates_with_managed_node_groups/main.tf index 086dc617fed..ca6650fc003 100644 --- a/examples/launch_templates_with_managed_node_groups/main.tf +++ b/examples/launch_templates_with_managed_node_groups/main.tf @@ -8,7 +8,8 @@ module "eks" { cluster_endpoint_public_access = true node_groups = { - example = { + example1 = { + name_prefix = "example1" desired_capacity = 1 max_capacity = 15 min_capacity = 1 @@ -19,7 +20,38 @@ module "eks" { instance_types = var.instance_types additional_tags = { - ExtraTag = "example" + ExtraTag = "example1" + } + } + example2 = { + create_launch_template = true + desired_capacity = 1 + max_capacity = 10 + min_capacity = 1 + + disk_size = 50 + disk_type = "gp3" + disk_throughput = 150 + disk_iops = 3000 + + instance_types = ["t3.large"] + capacity_type = "SPOT" + k8s_labels = { + GithubRepo = "terraform-aws-eks" + GithubOrg = "terraform-aws-modules" + } + additional_tags = { + ExtraTag = "example2" + } + taints = [ + { + key = "dedicated" + value = "gpuGroup" + effect = "NO_SCHEDULE" + } + ] + update_config = { + max_unavailable_percentage = 50 # or set `max_unavailable` } } } diff --git a/examples/launch_templates_with_managed_node_groups/variables.tf b/examples/launch_templates_with_managed_node_groups/variables.tf index 89c4ff76a6c..d9fa21cc449 100644 --- a/examples/launch_templates_with_managed_node_groups/variables.tf +++ b/examples/launch_templates_with_managed_node_groups/variables.tf @@ -7,7 +7,7 @@ variable "region" { variable "example_name" { type = string description = "Example name" - default = "launch_templates_with_managed_node_groups" + default = "lt_with_managed_node_groups" } variable "cluster_version" { diff --git a/examples/managed_node_groups/main.tf b/examples/managed_node_groups/main.tf index 4768cb57eba..90ea21a9f9e 100644 --- a/examples/managed_node_groups/main.tf +++ b/examples/managed_node_groups/main.tf @@ -14,17 +14,10 @@ module "eks" { node_groups = { example = { - create_launch_template = true - desired_capacity = 1 max_capacity = 10 min_capacity = 1 - disk_size = 50 - disk_type = "gp3" - disk_throughput = 150 - disk_iops = 3000 - instance_types = ["t3.large"] capacity_type = "SPOT" k8s_labels = { @@ -46,6 +39,24 @@ module "eks" { max_unavailable_percentage = 50 # or set `max_unavailable` } } + example2 = { + desired_capacity = 1 + max_capacity = 10 + min_capacity = 1 + + instance_types = ["t3.medium"] + k8s_labels = { + Example = "managed_node_groups" + GithubRepo = "terraform-aws-eks" + GithubOrg = "terraform-aws-modules" + } + additional_tags = { + ExtraTag = "example2" + } + update_config = { + max_unavailable_percentage = 50 # or set `max_unavailable` + } + } } map_roles = var.map_roles