Eks

.gitignore

@@ -26,4 +26,4 @@ override.tf.json
 # !example_override.tf
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
-# example: *tfplan*
+# example: *tfplan*

README.md

@@ -1 +1,27 @@
-# schedule-nginx-deployment
+# deploy-nginx
+deploy nginx will deploy surprisingly four replicas of nginx on eks cluster with k8s deployment distributed on three nodes
+
+## Setup
+These enviroment variables are required:
+
+- AWS_ACCESS_KEY_ID
+- AWS_SECRET_ACCESS_KEY
+
+```
+$ terraform init
+```
+
+## Deploy 
+```
+$ terraform apply
+```
+
+## Output
+```cluster_endpoint```: K8s cluster endpoint
+
+```lb_ip```: Load balancer ip for k8s cluster
+
+## Destroy
+```
+$ terraform destroy
+```

eks-cluster.tf

@@ -0,0 +1,58 @@
+data "aws_eks_cluster" "cluster" {
+  name = aws_eks_cluster.this.id
+}
+
+data "aws_eks_cluster_auth" "cluster" {
+  name = aws_eks_cluster.this.id
+}
+
+locals {
+  cluster_name = "nginx-cluster${random_string.suffix.result}"
+}
+
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+}
+
+resource "aws_eks_cluster" "this" {
+  name     = local.cluster_name
+  version  = var.kubernetes_version
+  role_arn = aws_iam_role.eks.arn
+
+  vpc_config {
+    subnet_ids = aws_subnet.this.*.id
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.eks_AmazonEKSClusterPolicy,
+  ]
+}
+
+resource "aws_eks_node_group" "this" {
+  cluster_name    = aws_eks_cluster.this.name
+  node_group_name = local.cluster_name
+  node_role_arn   = aws_iam_role.eks_node.arn
+  subnet_ids      = aws_subnet.this.*.id
+  instance_types  = ["t2.micro"]
+
+  scaling_config {
+    # desired_size = 2
+    desired_size = 3
+    max_size     = 4
+    min_size     = 2
+  }
+
+  # Optional: Allow external changes without Terraform plan difference
+  lifecycle {
+    ignore_changes = [scaling_config[0].desired_size]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.eks_AmazonEKSWorkerNodePolicy,
+    aws_iam_role_policy_attachment.eks_AmazonEKS_CNI_Policy,
+    aws_iam_role_policy_attachment.eks_AmazonEC2ContainerRegistryReadOnly,
+  ]
+}
+
+

iam.tf

@@ -0,0 +1,53 @@
+resource "aws_iam_role" "eks" {
+  name = local.cluster_name
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "eks_AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.eks.name
+}
+
+resource "aws_iam_role" "eks_node" {
+  name = "${local.cluster_name}-node"
+
+  assume_role_policy = jsonencode({
+    Statement = [{
+      Action = "sts:AssumeRole"
+      Effect = "Allow"
+      Principal = {
+        Service = "ec2.amazonaws.com"
+      }
+    }]
+    Version = "2012-10-17"
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "eks_AmazonEKSWorkerNodePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+  role       = aws_iam_role.eks_node.name
+}
+
+resource "aws_iam_role_policy_attachment" "eks_AmazonEKS_CNI_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  role       = aws_iam_role.eks_node.name
+}
+
+resource "aws_iam_role_policy_attachment" "eks_AmazonEC2ContainerRegistryReadOnly" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+  role       = aws_iam_role.eks_node.name
+}

kubernetes.tf

@@ -0,0 +1,63 @@
+resource "kubernetes_deployment" "nginx" {
+  metadata {
+    name = "nginx"
+    labels = {
+      App = "Nginx"
+    }
+  }
+
+  spec {
+    # replicas = 2
+    replicas = 4
+    selector {
+      match_labels = {
+        App = "Nginx"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          App = "Nginx"
+        }
+      }
+      spec {
+        container {
+          image = "nginx:1.7.8"
+          name  = "nginx"
+
+          port {
+            container_port = 80
+          }
+
+          resources {
+            limits = {
+              cpu    = "0.5"
+              memory = "512Mi"
+            }
+            requests = {
+              cpu    = "250m"
+              memory = "50Mi"
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "nginx" {
+  metadata {
+    name = "nginx"
+  }
+  spec {
+    selector = {
+      App = kubernetes_deployment.nginx.spec.0.template.0.metadata[0].labels.App
+    }
+    port {
+      port        = 80
+      target_port = 80
+    }
+
+    type = "LoadBalancer"
+  }
+}

output.tf

@@ -0,0 +1,7 @@
+output "cluster_endpoint" {
+  value = data.aws_eks_cluster.cluster.endpoint
+}
+
+output "lb_ip" {
+  value = kubernetes_service.nginx.status.0.load_balancer.0.ingress.0.hostname
+}

providers.tf

@@ -0,0 +1,5 @@
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}

variables.tf

@@ -0,0 +1,12 @@
+variable "region" {
+  type        = string
+  default     = "eu-west-3"
+  description = "aws region"
+
+}
+
+variable "kubernetes_version" {
+  type        = string
+  default     = "1.22"
+  description = "kubernetes version for eks cluster"
+}

version.tf

@@ -0,0 +1,28 @@
+terraform {
+
+  required_providers {
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.38.0"
+    }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "3.1.2"
+    }
+
+    local = {
+      source  = "hashicorp/local"
+      version = "2.1.0"
+    }
+
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.0.1"
+    }
+
+  }
+
+  required_version = ">= 1.1.2"
+}