Phathdt/eks.yml

## eks.yml
module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "~> 4.0"

  name = "${var.project} EKS VPC"
  cidr = var.vpc_cidr

  azs             = var.azs
  private_subnets = [for k, v in var.azs : cidrsubnet(var.vpc_cidr, 4, k)]
  public_subnets  = [for k, v in var.azs : cidrsubnet(var.vpc_cidr, 8, k + 48)]
  intra_subnets   = [for k, v in var.azs : cidrsubnet(var.vpc_cidr, 8, k + 52)]

  enable_nat_gateway     = true
  single_nat_gateway     = true
  enable_ipv6            = false
  create_egress_only_igw = true

  public_subnet_tags = {
    "kubernetes.io/role/elb" = 1
  }

  private_subnet_tags = {
    "kubernetes.io/role/internal-elb" = 1
  }

  tags = local.tags
}

variable "node_groups" {
  description = "Map of node groups"
  type        = map(object({
    name           = string
    instance_types = list(string)
    min_size       = number
    max_size       = number
    desired_size   = number
  }))

  default = {
    worker_01 = {
      name           = "istio_worker_01"
      instance_types = ["t3.medium"]
      min_size       = 1
      max_size       = 6
      desired_size   = 3
    }
  }
}

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "19.16.0"

  cluster_name    = "${var.project}-cluster"
  cluster_version = "1.27"

  vpc_id                         = module.vpc.vpc_id
  subnet_ids                     = module.vpc.private_subnets
  control_plane_subnet_ids       = module.vpc.intra_subnets
  cluster_endpoint_public_access = true
  create_cloudwatch_log_group    = false

  cluster_addons = {
    coredns = {
      most_recent = true
    }
    kube-proxy = {
      most_recent = true
    }
    vpc-cni = {
      most_recent    = true
      before_compute = true
    }
  }

  eks_managed_node_group_defaults = {
    ami_type                   = "AL2_x86_64"
    instance_types             = ["t3.medium"]
    iam_role_attach_cni_policy = true
  }

  eks_managed_node_groups = {
    for worker_group in var.node_groups :
    worker_group.name => {
      name           = worker_group.name
      instance_types = worker_group.instance_types
      min_size       = worker_group.min_size
      max_size       = worker_group.max_size
      desired_size   = worker_group.desired_size
    }
  }

  node_security_group_additional_rules = {
    ingress_15017 = {
      description                   = "Cluster API - Istio Webhook namespace.sidecar-injector.istio.io"
      protocol                      = "TCP"
      from_port                     = 15017
      to_port                       = 15017
      type                          = "ingress"
      source_cluster_security_group = true
    }

    ingress_15012 = {
      description                   = "Cluster API to nodes ports/protocols"
      protocol                      = "TCP"
      from_port                     = 15012
      to_port                       = 15012
      type                          = "ingress"
      source_cluster_security_group = true
    }

    egress_all = {
      description      = "Node all egress"
      protocol         = "-1"
      from_port        = 0
      to_port          = 0
      type             = "egress"
      cidr_blocks      = ["0.0.0.0/0"]
      ipv6_cidr_blocks = ["::/0"]
    }
  }
}

resource "null_resource" "update_desired_size" {
  for_each = var.node_groups

  triggers = {
    desired_size = each.value.desired_size
  }

  provisioner "local-exec" {
    interpreter = ["/bin/bash", "-c"]

    # Note: this requires the awscli to be installed locally where Terraform is executed
    command = <<-EOT
      aws eks update-nodegroup-config \
        --cluster-name ${module.eks.cluster_name} \
        --nodegroup-name ${element(split(":", module.eks.eks_managed_node_groups[each.value.name].node_group_id), 1)} \
        --scaling-config desiredSize=${each.value.desired_size}
    EOT
  }
}

output "cluster_endpoint" {
  description = "Endpoint for EKS control plane"
  value       = module.eks.cluster_endpoint
}

output "cluster_security_group_id" {
  description = "Security group ids attached to the cluster control plane"
  value       = module.eks.cluster_security_group_id
}

output "cluster_name" {
  description = "Kubernetes Cluster Name"
  value       = module.eks.cluster_name
}
	module "vpc" {
	source = "terraform-aws-modules/vpc/aws"
	version = "~> 4.0"

	name = "${var.project} EKS VPC"
	cidr = var.vpc_cidr

	azs = var.azs
	private_subnets = [for k, v in var.azs : cidrsubnet(var.vpc_cidr, 4, k)]
	public_subnets = [for k, v in var.azs : cidrsubnet(var.vpc_cidr, 8, k + 48)]
	intra_subnets = [for k, v in var.azs : cidrsubnet(var.vpc_cidr, 8, k + 52)]

	enable_nat_gateway = true
	single_nat_gateway = true
	enable_ipv6 = false
	create_egress_only_igw = true

	public_subnet_tags = {
	"kubernetes.io/role/elb" = 1
	}

	private_subnet_tags = {
	"kubernetes.io/role/internal-elb" = 1
	}

	tags = local.tags
	}

	variable "node_groups" {
	description = "Map of node groups"
	type = map(object({
	name = string
	instance_types = list(string)
	min_size = number
	max_size = number
	desired_size = number
	}))

	default = {
	worker_01 = {
	name = "istio_worker_01"
	instance_types = ["t3.medium"]
	min_size = 1
	max_size = 6
	desired_size = 3
	}
	}
	}

	module "eks" {
	source = "terraform-aws-modules/eks/aws"
	version = "19.16.0"

	cluster_name = "${var.project}-cluster"
	cluster_version = "1.27"

	vpc_id = module.vpc.vpc_id
	subnet_ids = module.vpc.private_subnets
	control_plane_subnet_ids = module.vpc.intra_subnets
	cluster_endpoint_public_access = true
	create_cloudwatch_log_group = false

	cluster_addons = {
	coredns = {
	most_recent = true
	}
	kube-proxy = {
	most_recent = true
	}
	vpc-cni = {
	most_recent = true
	before_compute = true
	}
	}

	eks_managed_node_group_defaults = {
	ami_type = "AL2_x86_64"
	instance_types = ["t3.medium"]
	iam_role_attach_cni_policy = true
	}

	eks_managed_node_groups = {
	for worker_group in var.node_groups :
	worker_group.name => {
	name = worker_group.name
	instance_types = worker_group.instance_types
	min_size = worker_group.min_size
	max_size = worker_group.max_size
	desired_size = worker_group.desired_size
	}
	}

	node_security_group_additional_rules = {
	ingress_15017 = {
	description = "Cluster API - Istio Webhook namespace.sidecar-injector.istio.io"
	protocol = "TCP"
	from_port = 15017
	to_port = 15017
	type = "ingress"
	source_cluster_security_group = true
	}

	ingress_15012 = {
	description = "Cluster API to nodes ports/protocols"
	protocol = "TCP"
	from_port = 15012
	to_port = 15012
	type = "ingress"
	source_cluster_security_group = true
	}

	egress_all = {
	description = "Node all egress"
	protocol = "-1"
	from_port = 0
	to_port = 0
	type = "egress"
	cidr_blocks = ["0.0.0.0/0"]
	ipv6_cidr_blocks = ["::/0"]
	}
	}
	}

	resource "null_resource" "update_desired_size" {
	for_each = var.node_groups

	triggers = {
	desired_size = each.value.desired_size
	}

	provisioner "local-exec" {
	interpreter = ["/bin/bash", "-c"]

	# Note: this requires the awscli to be installed locally where Terraform is executed
	command = <<-EOT
	aws eks update-nodegroup-config \
	--cluster-name ${module.eks.cluster_name} \
	--nodegroup-name ${element(split(":", module.eks.eks_managed_node_groups[each.value.name].node_group_id), 1)} \
	--scaling-config desiredSize=${each.value.desired_size}
	EOT
	}
	}

	output "cluster_endpoint" {
	description = "Endpoint for EKS control plane"
	value = module.eks.cluster_endpoint
	}

	output "cluster_security_group_id" {
	description = "Security group ids attached to the cluster control plane"
	value = module.eks.cluster_security_group_id
	}

	output "cluster_name" {
	description = "Kubernetes Cluster Name"
	value = module.eks.cluster_name
	}