Add an example when EKS cluster is created and it is Omni onboarded in one go

Author: andrejatcastai

examples/onboarding-with-new-eks-cluster/eks.tf

@@ -0,0 +1,57 @@
+module "eks" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "~> 21.0"
+
+  name                   = var.cluster_name
+  kubernetes_version     = var.kubernetes_version
+  endpoint_public_access = true
+
+  addons = {
+    coredns = {
+      most_recent = true
+    }
+    kube-proxy = {
+      most_recent = true
+    }
+    vpc-cni = {
+      most_recent    = true
+      before_compute = true
+    }
+  }
+
+  vpc_id     = module.vpc.vpc_id
+  subnet_ids = module.vpc.private_subnets
+
+  enable_cluster_creator_admin_permissions = true
+
+  self_managed_node_groups = {
+    node_group_1 = {
+      name          = "${var.cluster_name}-ng-1"
+      instance_type = "m5.large"
+      max_size      = 5
+      min_size      = 2
+      desired_size  = 2
+
+      metadata_options = {
+        http_endpoint               = "enabled"
+        http_tokens                 = "required"
+        http_put_response_hop_limit = 2
+      }
+    }
+  }
+}
+
+# Example additional security group.
+resource "aws_security_group" "additional" {
+  name_prefix = "${var.cluster_name}-additional"
+  vpc_id      = module.vpc.vpc_id
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+    cidr_blocks = [
+      "10.0.0.0/8",
+    ]
+  }
+}

examples/onboarding-with-new-eks-cluster/main.tf

@@ -0,0 +1,103 @@
+# Configure Data sources and providers required for CAST AI connection.
+data "aws_caller_identity" "current" {}
+
+# Configure EKS cluster connection using CAST AI eks-cluster module.
+resource "castai_eks_clusterid" "cluster_id" {
+  account_id   = data.aws_caller_identity.current.account_id
+  region       = var.cluster_region
+  cluster_name = var.cluster_name
+}
+
+resource "castai_eks_user_arn" "castai_user_arn" {
+  cluster_id = castai_eks_clusterid.cluster_id.id
+}
+
+# Create AWS IAM policies and a user to connect to CAST AI.
+module "castai_eks_role_iam" {
+  source  = "castai/eks-role-iam/castai"
+  version = "~> 2.0"
+
+  aws_account_id     = data.aws_caller_identity.current.account_id
+  aws_cluster_region = var.cluster_region
+  aws_cluster_name   = var.cluster_name
+  aws_cluster_vpc_id = module.vpc.vpc_id
+
+  castai_user_arn = castai_eks_user_arn.castai_user_arn.arn
+
+  create_iam_resources_per_cluster = true
+}
+
+# CAST AI access entry for nodes to join the cluster.
+resource "aws_eks_access_entry" "castai" {
+  cluster_name  = module.eks.cluster_name
+  principal_arn = module.castai_eks_role_iam.instance_profile_role_arn
+  type          = "EC2_LINUX"
+}
+
+module "castai_eks_cluster" {
+  source                 = "castai/eks-cluster/castai"
+  version                = "~> 14.1"
+  api_url                = var.castai_api_url
+  castai_api_token       = var.castai_api_token
+  grpc_url               = var.castai_grpc_url
+  wait_for_cluster_ready = true
+
+  aws_account_id     = data.aws_caller_identity.current.account_id
+  aws_cluster_region = var.cluster_region
+  aws_cluster_name   = module.eks.cluster_name
+
+  aws_assume_role_arn        = module.castai_eks_role_iam.role_arn
+
+  default_node_configuration = module.castai_eks_cluster.castai_node_configurations["default"]
+
+  node_configurations = {
+    default = {
+      subnets = module.vpc.private_subnets
+      tags    = var.tags
+      security_groups = [
+        module.eks.cluster_security_group_id,
+        module.eks.node_security_group_id,
+        aws_security_group.additional.id,
+      ]
+      instance_profile_arn = module.castai_eks_role_iam.instance_profile_arn
+    }
+  }
+
+  depends_on = [module.castai_eks_role_iam]
+}
+
+module "castai_omni_cluster" {
+  source = "../.."
+
+  k8s_provider    = "eks"
+  api_url         = var.castai_api_url
+  api_token       = var.castai_api_token
+  organization_id = var.organization_id
+  cluster_id      = castai_eks_clusterid.cluster_id.id
+  cluster_name    = var.cluster_name
+  cluster_region  = var.cluster_region
+
+  pod_cidr           = module.vpc.vpc_cidr_block
+  api_server_address = module.eks.cluster_endpoint
+  service_cidr       = module.eks.cluster_service_cidr
+
+  skip_helm = var.skip_helm
+}
+
+module "castai_omni_edge_location_aws" {
+  source  = "castai/omni-edge-location-aws/castai"
+  version = "~> 1.0"
+
+  providers = {
+    aws = aws.eu_west_1
+  }
+
+  cluster_id      = module.castai_omni_cluster.cluster_id
+  organization_id = module.castai_omni_cluster.organization_id
+  region          = "eu-west-1"
+  zones           = ["eu-west-1a", "eu-west-1b"]
+
+  tags = {
+    ManagedBy = "terraform"
+  }
+}

examples/onboarding-with-new-eks-cluster/providers.tf

@@ -0,0 +1,80 @@
+terraform {
+  required_version = ">= 1.10"
+
+  required_providers {
+    castai = {
+      source  = "castai/castai"
+      version = ">= 8.4.0"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 6.23.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 3.1.1"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.35.0"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.2.4"
+    }
+    external = {
+      source  = "hashicorp/external"
+      version = ">= 2.3.5"
+    }
+  }
+}
+
+provider "aws" {
+  alias  = "eu_west_1"
+  region = "eu-west-1"
+}
+
+provider "aws" {
+  region = var.cluster_region
+}
+
+provider "helm" {
+  kubernetes = {
+    host                   = module.eks.cluster_endpoint
+    cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+    exec = {
+      api_version = "client.authentication.k8s.io/v1beta1"
+      command     = "aws"
+      args = [
+        "eks",
+        "get-token",
+        "--cluster-name",
+        module.eks.cluster_name,
+        "--region",
+        var.cluster_region
+      ]
+    }
+  }
+}
+
+provider "kubernetes" {
+  host                   = module.eks.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+  exec {
+    api_version = "client.authentication.k8s.io/v1beta1"
+    command     = "aws"
+    args = [
+      "eks",
+      "get-token",
+      "--cluster-name",
+      module.eks.cluster_name,
+      "--region",
+      var.cluster_region
+    ]
+  }
+}
+
+provider "castai" {
+  api_token = var.castai_api_token
+  api_url   = var.castai_api_url
+}

examples/onboarding-with-new-eks-cluster/tf.vars.example

@@ -0,0 +1,7 @@
+cluster_region = "<placeholder>"
+cluster_name   = "<placeholder>"
+
+castai_api_url   = "https://api.cast.ai"
+castai_grpc_url  = "grpc.cast.ai:443"
+castai_api_token = "<placeholder>"
+organization_id  = "<placeholder>"

examples/onboarding-with-new-eks-cluster/variables.tf

@@ -0,0 +1,50 @@
+variable "cluster_region" {
+  description = "EKS cluster region"
+  type        = string
+}
+
+variable "cluster_name" {
+  description = "EKS Cluster Name"
+  type        = string
+}
+
+variable "kubernetes_version" {
+  description = "Kubernetes version used by EKS"
+  type        = string
+  default     = "1.32"
+}
+
+variable "castai_api_url" {
+  description = "Cast AI API URL"
+  type        = string
+  default     = "https://api.cast.ai"
+}
+
+variable "castai_grpc_url" {
+  description = "Cast AI gRPC URL"
+  type        = string
+  default     = "https://api.cast.ai"
+}
+
+variable "castai_api_token" {
+  description = "Cast AI API Token"
+  type        = string
+  sensitive   = true
+}
+
+variable "organization_id" {
+  description = "Cast AI Organization ID"
+  type        = string
+}
+
+variable "skip_helm" {
+  description = "Skip installing any helm release; allows managing helm releases using GitOps"
+  type        = bool
+  default     = false
+}
+
+variable "tags" {
+  type        = map(any)
+  description = "Optional tags for new cluster nodes. This parameter applies only to new nodes - tags for old nodes are not reconciled."
+  default     = {}
+}

examples/onboarding-with-new-eks-cluster/vpc.tf

@@ -0,0 +1,31 @@
+data "aws_availability_zones" "available" {}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "5.0.0"
+
+  name = var.cluster_name
+  cidr = "10.0.0.0/16"
+
+  azs             = data.aws_availability_zones.available.names
+  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
+  public_subnets  = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
+
+  enable_nat_gateway     = true
+  single_nat_gateway     = true
+  one_nat_gateway_per_az = false
+
+  tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+  }
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+    "kubernetes.io/role/elb"                    = 1
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+    "kubernetes.io/role/internal-elb"           = 1
+  }
+}