adding eks module example

Author: chefgs

aws_eks_module_demo/eks-from-own-module/.terraform.lock.hcl

@@ -0,0 +1,5 @@
+terraform {
+  backend "local" {
+    path = "terraform.tfstate"
+  }
+}

aws_eks_module_demo/eks-from-own-module/backend.tf

@@ -0,0 +1,29 @@
+provider "aws" {
+  region = var.region
+}
+
+module "vpc" {
+  source        = "./modules/vpc"
+  private_subnets = var.private_subnets
+  vpc_cidr      = var.vpc_cidr
+  public_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
+}
+
+module "iam" {
+  source = "./modules/iam"
+}
+
+module "eks" {
+  source          = "./modules/eks"
+  cluster_name    = var.cluster_name
+  vpc_id          = module.vpc.vpc_id
+  public_subnets  = module.vpc.public_subnet_ids
+  private_subnets = module.vpc.private_subnet_ids
+  desired_capacity = var.desired_capacity
+  max_size        = var.max_size
+  min_size        = var.min_size
+  instance_type   = var.instance_type
+  cluster_iam_role_arn = module.iam.eks_cluster_role_arn
+  node_group_iam_role_arn = module.iam.eks_node_group_role_arn
+  key_name = var.key_name
+}

aws_eks_module_demo/eks-from-own-module/main.tf

@@ -0,0 +1,58 @@
+resource "random_id" "eks_cluster_id" {
+  byte_length = 8
+}
+
+resource "aws_eks_cluster" "eks_cluster" {
+  name = "${var.cluster_name}-${random_id.eks_cluster_id.hex}"
+  role_arn = var.cluster_iam_role_arn
+
+  vpc_config {
+    subnet_ids = var.public_subnets
+  }
+}
+
+data "aws_ami" "eks_worker" {
+  most_recent = true
+  owners      = ["602401143452"]  # AWS EKS AMI owner ID
+
+  filter {
+    name   = "name"
+    values = ["amazon-eks-node-*"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+}
+
+resource "aws_launch_template" "eks_node_group" {
+  name_prefix   = "eks-node-group-"
+  image_id      = data.aws_ami.eks_worker.id
+  instance_type = var.instance_type
+
+  key_name = var.key_name
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_eks_node_group" "eks_node_group" {
+  depends_on = [ aws_eks_cluster.eks_cluster ]
+  cluster_name    = aws_eks_cluster.eks_cluster.name
+  node_group_name = "eks-node-group"
+  node_role_arn   = var.node_group_iam_role_arn
+  subnet_ids      = var.private_subnets
+
+  launch_template {
+    id      = aws_launch_template.eks_node_group.id
+    version = "$Latest"
+  }
+
+  scaling_config {
+    desired_size = var.desired_capacity
+    max_size     = var.max_size
+    min_size     = var.min_size
+  }
+}

aws_eks_module_demo/eks-from-own-module/modules/eks/main.tf

@@ -0,0 +1,22 @@
+output "cluster_endpoint" {
+  description = "EKS cluster endpoint"
+  value       = aws_eks_cluster.eks_cluster.endpoint
+}
+
+output "cluster_security_group_id" {
+  description = "EKS cluster security group ID"
+  value       = aws_eks_cluster.eks_cluster.vpc_config[0].cluster_security_group_id
+}
+
+output "cluster_arn" {
+  description = "EKS cluster ARN"
+  value       = aws_eks_cluster.eks_cluster.arn
+}
+
+output "cluster_id" {
+  value = aws_eks_cluster.eks_cluster.id
+}
+
+output "node_group_role_arn" {
+  value = aws_eks_node_group.eks_node_group.node_role_arn
+}

aws_eks_module_demo/eks-from-own-module/modules/eks/outputs.tf

@@ -0,0 +1,54 @@
+variable "cluster_name" {
+  description = "EKS cluster name"
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "VPC ID"
+  type        = string
+}
+
+variable "public_subnets" {
+  description = "Public subnet IDs"
+  type        = list(string)
+}
+
+variable "private_subnets" {
+  description = "Private subnet IDs"
+  type        = list(string)
+}
+
+variable "desired_capacity" {
+  description = "Desired number of worker nodes"
+  type        = number
+}
+
+variable "max_size" {
+  description = "Maximum number of worker nodes"
+  type        = number
+}
+
+variable "min_size" {
+  description = "Minimum number of worker nodes"
+  type        = number
+}
+
+variable "instance_type" {
+  description = "EC2 instance type for worker nodes"
+  type        = string
+}
+
+variable "cluster_iam_role_arn" {
+  description = "EKS Cluster IAM Role ARN"
+  type        = string
+}
+
+variable "node_group_iam_role_arn" {
+  description = "EKS Node Group IAM Role ARN"
+  type        = string
+}
+
+variable "key_name" {
+  description = "Node group instance key"
+  type = string
+}

aws_eks_module_demo/eks-from-own-module/modules/eks/variables.tf

@@ -0,0 +1,71 @@
+resource "random_id" "eks_cluster_role_id" {
+  byte_length = 8
+}
+
+resource "aws_iam_role" "eks_cluster_role" {
+  name = "eksClusterRole-${var.environment}-${random_id.eks_cluster_role_id.hex}"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Principal = {
+          Service = "eks.amazonaws.com"
+        }
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "eks_cluster_policy" {
+  role       = aws_iam_role.eks_cluster_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+}
+
+resource "aws_iam_role_policy_attachment" "eks_service_policy" {
+  role       = aws_iam_role.eks_cluster_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+}
+
+resource "random_id" "eks_nodegroup_role_id" {
+  byte_length = 8
+}
+
+resource "aws_iam_role" "eks_node_group_role" {
+  name = "eksNodeGroupRole-${var.environment}-${random_id.eks_nodegroup_role_id.hex}"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+        Action = "sts:AssumeRole"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "eks_worker_node_policy" {
+  role       = aws_iam_role.eks_node_group_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+}
+
+resource "aws_iam_role_policy_attachment" "eks_cni_policy" {
+  role       = aws_iam_role.eks_node_group_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+}
+
+resource "aws_iam_role_policy_attachment" "eks_ec2_container_registry_read_only" {
+  role       = aws_iam_role.eks_node_group_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+}
+
+resource "aws_iam_role_policy_attachment" "eks_vpc_resource_controller_policy" {
+  role       = aws_iam_role.eks_node_group_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
+}

aws_eks_module_demo/eks-from-own-module/modules/iam/main.tf

@@ -0,0 +1,9 @@
+output "eks_cluster_role_arn" {
+  description = "EKS Cluster IAM Role ARN"
+  value       = aws_iam_role.eks_cluster_role.arn
+}
+
+output "eks_node_group_role_arn" {
+  description = "EKS Node Group IAM Role ARN"
+  value       = aws_iam_role.eks_node_group_role.arn
+}

aws_eks_module_demo/eks-from-own-module/modules/iam/outputs.tf

@@ -0,0 +1,5 @@
+variable "environment" {
+  description = "Environment tag"
+  type        = string
+  default     = "dev"
+}

aws_eks_module_demo/eks-from-own-module/modules/iam/variables.tf

@@ -0,0 +1,40 @@
+resource "aws_vpc" "eks_vpc" {
+  cidr_block = var.vpc_cidr
+}
+
+data "aws_availability_zones" "available" {
+  state = "available"
+}
+
+resource "aws_subnet" "public_subnets" {
+  count             = length(var.public_subnets)
+  vpc_id            = aws_vpc.eks_vpc.id
+  cidr_block        = var.public_subnets[count.index]
+  availability_zone = element(data.aws_availability_zones.available.names, count.index)
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private_subnets" {
+  count      = length(var.private_subnets)
+  vpc_id     = aws_vpc.eks_vpc.id
+  cidr_block = var.private_subnets[count.index]
+}
+
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.eks_vpc.id
+}
+
+resource "aws_route_table" "public_rt" {
+  vpc_id = aws_vpc.eks_vpc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.igw.id
+  }
+}
+
+resource "aws_route_table_association" "public_rt_assoc" {
+  count          = length(var.public_subnets)
+  subnet_id      = aws_subnet.public_subnets[count.index].id
+  route_table_id = aws_route_table.public_rt.id
+}