Skip to content

Instantly share code, notes, and snippets.

View blogumi's full-sized avatar

Tj Blogumas blogumi

View GitHub Profile
@blogumi
blogumi / terraform_eks.tf
Last active April 4, 2020 18:50
The below will create a 10.0.0.0/16 VPC, two 10.0.X.0/24 subnets, an internet gateway, and setup the subnet routing to route external traffic through the internet gateway:
# This data source is included for ease of sample architecture deployment
# and can be swapped out as necessary.
data "aws_availability_zones" "available" {
}
resource "aws_vpc" "demo" {
cidr_block = "10.0.0.0/16"
tags = {
"Name" = "terraform-eks-demo-node"
"kubernetes.io/cluster/${var.cluster-name}" = "shared"
@blogumi
blogumi / terraform_iam.tf
Created April 4, 2020 18:52
The below is an example IAM role and policy to allow the EKS service to manage or retrieve data from other AWS services.
resource "aws_iam_role" "demo-node" {
name = "terraform-eks-demo-cluster"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
@blogumi
blogumi / terraform_sg.tf
Created April 4, 2020 18:53
This security group controls networking access to the Kubernetes masters. We will later configure this with an ingress rule to allow traffic from the worker nodes.
resource "aws_security_group" "demo-cluster" {
name = "terraform-eks-demo-cluster"
description = "Cluster communication with worker nodes"
vpc_id = "${aws_vpc.demo.id}"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
@blogumi
blogumi / terraform_eks_master.tf
Created April 4, 2020 18:54
This resource is the actual Kubernetes master cluster. It can take a few minutes to provision in AWS.
resource "aws_eks_cluster" "demo" {
name = "${var.cluster-name}"
role_arn = "${aws_iam_role.demo-node.arn}"
vpc_config {
security_group_ids = ["${aws_security_group.demo-cluster.id}"]
subnet_ids = ["${aws_subnet.demo.*.id}"]
}
depends_on = [
@blogumi
blogumi / terraform_iam_wn.tf
Created April 4, 2020 18:55
The below is an example IAM role and policy to allow the worker nodes to manage or retrieve data from other AWS services. It is used by Kubernetes to allow worker nodes to join the cluster.
resource "aws_iam_role" "demo-cluster" {
name = "terraform-eks-demo-cluster"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
@blogumi
blogumi / terraform_wn_sg.tf
Created April 4, 2020 18:56
This security group controls networking access to the Kubernetes worker nodes.
resource "aws_security_group" "demo-node" {
name = "terraform-eks-demo-node"
description = "Security group for all nodes in the cluster"
vpc_id = aws_vpc.demo.id
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
@blogumi
blogumi / terraform_wn_eks_master.tf
Created April 4, 2020 18:57
Now that we have a way to know where traffic from the worker nodes is coming from, we can allow the worker nodes networking access to the EKS master cluster.
resource "aws_security_group_rule" "demo-cluster-ingress-node-https" {
description = "Allow pods to communicate with the cluster API Server"
from_port = 443
protocol = "tcp"
security_group_id = aws_security_group.demo-cluster.id
source_security_group_id = aws_security_group.demo-node.id
to_port = 443
type = "ingress"
}
@blogumi
blogumi / terraform_ec2.tf
Created April 4, 2020 19:02
Now we have everything in place to create and manage EC2 instances that will serve as our worker nodes in the Kubernetes cluster. This setup uses an EC2 AutoScaling Group (ASG) rather than manually working with EC2 instances. This offers flexibility to scale up and down the worker nodes on demand when used in conjunction with AutoScaling policie…
data "aws_ami" "eks-worker" {
filter {
name = "name"
values = ["amazon-eks-node-${aws_eks_cluster.demo.version}-v*"]
}
most_recent = true
owners = ["602401143452"] # Amazon EKS AMI Account ID
}
resource "aws_autoscaling_group" "demo" {
desired_capacity = 2
launch_configuration = aws_launch_configuration.demo.id
max_size = 2
min_size = 1
name = "terraform-eks-demo"
vpc_zone_identifier = [aws_subnet.demo.*.id]
tag {
key = "Name"
package com.example.howtodoinjava;
import java.util.Date;
import java.util.UUID;
import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.services.lambda.runtime.RequestHandler;
public class LambdaFunctionHandler implements RequestHandler<MyLambdaRequest, MyLambdaResponse> {
@Override