Merge pull request #9 from Snowflake-Labs/refactor-for-public

Refactor for public

Author: sfc-gh-bkou

README.md

@@ -1,2 +1,2 @@
 # terraform-aws-eks-cluster
-Terraform AWS EKS cluster with eks managed node groups, security groups, ALB controller and external DNS using IRSA
+Terraform module to create AWS EKS cluster with EKS managed node groups, security groups, ALB controller and external DNS.  The module enable IAM Roles for Service Accounts (IRSA) on the EKS cluster.

examples/complete/cluster.auto.tfvars.sample

@@ -0,0 +1,26 @@
+aws_region         = "us-west-2"
+kubernetes_version = "1.21"
+
+env                   = "dev"
+module_prefix         = "blue"
+
+vpc_id                = "vpc-XXXXX"
+private_subnet_ids    = ["subnet-XXXXX", "subnet-XXXXX"]
+
+allowed_cidr_blocks            = ["IP CIDR BLOCK"]
+allowed_management_cidr_blocks = ["IP CIDR BLOCK"]
+
+hosted_zone_subdomain   = "kubenetes.example.com"
+aws_public_hosted_zone  = "ROUTE53 PUBLIC HOSTED ZONE ID"
+aws_private_hosted_zone = "ROUTE53 PRIVATE HOSTED ZONE ID"
+
+node_group_instance_sizes = ["t3.xlarge"]
+
+eks_aws_auth_configmap_enable = true
+eks_aws_auth_configmap_roles  = [
+  {
+    rolearn  = "arn:aws:iam::XXXXX:role/eks-cluster-admin"
+    username = "cluster-admin"
+    groups   = ["system:masters"]
+  }
+]

examples/complete/main.tf

@@ -0,0 +1,23 @@
+module "example_cluster" {
+  source = "../../"
+
+  env                = var.env
+  aws_region         = var.aws_region
+  module_prefix      = var.module_prefix
+  kubernetes_version = var.kubernetes_version
+
+  allowed_cidr_blocks            = var.allowed_cidr_blocks
+  allowed_management_cidr_blocks = var.allowed_management_cidr_blocks
+
+  vpc_id                = var.vpc_id
+  private_subnet_ids    = var.private_subnet_ids
+
+  aws_public_hosted_zone  = var.aws_public_hosted_zone
+  aws_private_hosted_zone = var.aws_private_hosted_zone
+
+  node_group_instance_sizes = var.node_group_instance_sizes
+
+  eks_aws_auth_configmap_enable = var.eks_aws_auth_configmap_enable
+  eks_aws_auth_configmap_roles  = var.eks_aws_auth_configmap_roles
+  eks_aws_auth_configmap_users  = var.eks_aws_auth_configmap_users
+}

examples/complete/outputs.tf

@@ -0,0 +1,44 @@
+output "eks_cluster_id" {
+  value = module.example_cluster.eks_cluster_id
+}
+
+output "cluster_endpoint" {
+  description = "Endpoint for EKS control plane."
+  value       = module.example_cluster.cluster_endpoint
+}
+
+output "cluster_primary_security_group_id" {
+  description = "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console."
+  value       = module.example_cluster.cluster_primary_security_group_id
+}
+
+output "cluster_security_group_id" {
+  description = "Security group ids attached to the cluster control plane."
+  value       = module.example_cluster.cluster_security_group_id
+}
+
+output "node_security_group_id" {
+  description = "Security group ids attached to the worker nodes of the cluster."
+  value       = module.example_cluster.node_security_group_id
+}
+
+output "cluster_iam_role_name" {
+  description = "Cluster IAM role name."
+  value       = module.example_cluster.cluster_iam_role_name
+}
+
+output "cluster_iam_role_arn" {
+  description = "IAM role ARN of the EKS cluster."
+  value       = module.example_cluster.cluster_iam_role_arn
+}
+
+output "aws_auth_configmap_yaml" {
+  description = "Kubernetes configuration to authenticate to this EKS cluster."
+  value       = module.example_cluster.aws_auth_configmap_yaml
+}
+
+output "eks_managed_node_groups" {
+  description = "Outputs from node groups"
+  value       = module.example_cluster.eks_managed_node_groups
+}
+

examples/complete/variables.tf

@@ -0,0 +1,90 @@
+# Required
+variable "env" {
+  description = "Deployment environment."
+  type        = string
+}
+
+variable "aws_region" {
+  description = "AWS Region."
+  type        = string
+}
+
+variable "kubernetes_version" {
+  description = "The version of the EKS cluster to create for sentry."
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "VPC ID where the EKS cluster will be created."
+  type        = string
+}
+
+variable "private_subnet_ids" {
+  description = "Private subnet IDs to add kubernetes cluster on."
+  type        = list(string)
+  default     = []
+}
+
+variable "hosted_zone_subdomain" {
+  description = "Hosted zone subdomain."
+  type        = string
+}
+
+variable "module_prefix" {
+  description = "String to prefix resource names."
+  type        = string
+}
+
+
+# Optional
+variable "allowed_cidr_blocks" {
+  description = "List of cidr to allow inbound traffic to the EKS cluster."
+  type        = list(string)
+  default     = []
+}
+
+variable "allowed_management_cidr_blocks" {
+  description = "List of cidr to allow inbound traffic to the EKS management API."
+  type        = list(string)
+  default     = []
+}
+
+variable "aws_public_hosted_zone" {
+  description = "Public Route53 hosted zone domain."
+  type        = string
+  default     = null
+}
+
+variable "aws_private_hosted_zone" {
+  description = "Private Route53 hosted zone subdomain."
+  type        = string
+  default     = null
+}
+
+variable "node_group_instance_sizes" {
+  description = "Node group instance sizes as a list of strings."
+  type        = list(string)
+  default     = ["t3.xlarge"]
+}
+
+variable "eks_aws_auth_configmap_enable" {
+  description = "Determines whether to manage the aws-auth configmap"
+  type        = bool
+  default     = false
+}
+
+variable "eks_aws_auth_configmap_roles" {
+  description = "List of role maps to add to the EKS cluster aws-auth configmap, require eks_aws_auth_configmap_enable to be true"
+  type        = list(any)
+  default     = []
+}
+
+variable "eks_aws_auth_configmap_users" {
+  description = "List of user maps to add to the EKS cluster aws-auth configmap, require eks_aws_auth_configmap_enable to be true"
+  type        = list(any)
+  default     = []
+}
+
+locals {
+  eks_cluster_name = "${var.module_prefix}-cluster"
+}

examples/complete/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = "~> 1.4.6"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.38.0"
+    }
+  }
+}

examples/simple/cluster.auto.tfvars.sample

@@ -0,0 +1,11 @@
+aws_region         = "us-west-2"
+kubernetes_version = "1.21"
+
+env                   = "dev"
+module_prefix         = "blue"
+
+vpc_id             = "vpc-XXXXX"
+private_subnet_ids = ["subnet-XXXXX", "subnet-XXXXX"]
+
+hosted_zone_subdomain   = "kubenetes.example.com"
+aws_private_hosted_zone = "ROUTE53 PRIVATE HOSTED ZONE ID"

examples/simple/main.tf

@@ -0,0 +1,13 @@
+module "example_cluster" {
+  source = "../../"
+
+  env                = var.env
+  aws_region         = var.aws_region
+  module_prefix      = var.module_prefix
+  kubernetes_version = var.kubernetes_version
+
+  vpc_id                = var.vpc_id
+  private_subnet_ids    = var.private_subnet_ids
+
+  aws_private_hosted_zone = var.aws_private_hosted_zone
+}

examples/simple/outputs.tf

@@ -0,0 +1,44 @@
+output "eks_cluster_id" {
+  value = module.example_cluster.eks_cluster_id
+}
+
+output "cluster_endpoint" {
+  description = "Endpoint for EKS control plane."
+  value       = module.example_cluster.cluster_endpoint
+}
+
+output "cluster_primary_security_group_id" {
+  description = "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console."
+  value       = module.example_cluster.cluster_primary_security_group_id
+}
+
+output "cluster_security_group_id" {
+  description = "Security group ids attached to the cluster control plane."
+  value       = module.example_cluster.cluster_security_group_id
+}
+
+output "node_security_group_id" {
+  description = "Security group ids attached to the worker nodes of the cluster."
+  value       = module.example_cluster.node_security_group_id
+}
+
+output "cluster_iam_role_name" {
+  description = "Cluster IAM role name."
+  value       = module.example_cluster.cluster_iam_role_name
+}
+
+output "cluster_iam_role_arn" {
+  description = "IAM role ARN of the EKS cluster."
+  value       = module.example_cluster.cluster_iam_role_arn
+}
+
+output "aws_auth_configmap_yaml" {
+  description = "Kubernetes configuration to authenticate to this EKS cluster."
+  value       = module.example_cluster.aws_auth_configmap_yaml
+}
+
+output "eks_managed_node_groups" {
+  description = "Outputs from node groups"
+  value       = module.example_cluster.eks_managed_node_groups
+}
+

examples/simple/variables.tf

@@ -0,0 +1,45 @@
+variable "env" {
+  description = "Deployment environment."
+  type        = string
+}
+
+variable "aws_region" {
+  description = "AWS Region."
+  type        = string
+}
+
+variable "kubernetes_version" {
+  description = "The version of the EKS cluster to create for sentry."
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "VPC ID where the EKS cluster will be created."
+  type        = string
+}
+
+variable "private_subnet_ids" {
+  description = "Private subnet IDs to add kubernetes cluster on."
+  type        = list(string)
+  default     = []
+}
+
+variable "hosted_zone_subdomain" {
+  description = "Hosted zone subdomain."
+  type        = string
+}
+
+variable "aws_private_hosted_zone" {
+  description = "Private Route53 hosted zone subdomain."
+  type        = string
+  default     = null
+}
+
+variable "module_prefix" {
+  description = "String to prefix resource names."
+  type        = string
+}
+
+locals {
+  eks_cluster_name = "${var.module_prefix}-cluster"
+}