Tj Blogumas blogumi
blogumi
/ terraform_eks.tf
Last active
April 4, 2020 18:50
The below will create a 10.0.0.0/16 VPC, two 10.0.X.0/24 subnets, an internet gateway, and setup the subnet routing to route external traffic through the internet gateway:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This data source is included for ease of sample architecture deployment | |
| # and can be swapped out as necessary. | |
| data "aws_availability_zones" "available" { | |
| } | |
| resource "aws_vpc" "demo" { | |
| cidr_block = "10.0.0.0/16" | |
| tags = { | |
| "Name" = "terraform-eks-demo-node" | |
| "kubernetes.io/cluster/${var.cluster-name}" = "shared" |
blogumi
/ terraform_iam.tf
Created
April 4, 2020 18:52
The below is an example IAM role and policy to allow the EKS service to manage or retrieve data from other AWS services.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_iam_role" "demo-node" { | |
| name = "terraform-eks-demo-cluster" | |
| assume_role_policy = <<POLICY | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { |
blogumi
/ terraform_sg.tf
Created
April 4, 2020 18:53
This security group controls networking access to the Kubernetes masters. We will later configure this with an ingress rule to allow traffic from the worker nodes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_security_group" "demo-cluster" { | |
| name = "terraform-eks-demo-cluster" | |
| description = "Cluster communication with worker nodes" | |
| vpc_id = "${aws_vpc.demo.id}" | |
| egress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] |
blogumi
/ terraform_eks_master.tf
Created
April 4, 2020 18:54
This resource is the actual Kubernetes master cluster. It can take a few minutes to provision in AWS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_eks_cluster" "demo" { | |
| name = "${var.cluster-name}" | |
| role_arn = "${aws_iam_role.demo-node.arn}" | |
| vpc_config { | |
| security_group_ids = ["${aws_security_group.demo-cluster.id}"] | |
| subnet_ids = ["${aws_subnet.demo.*.id}"] | |
| } | |
| depends_on = [ |
blogumi
/ terraform_iam_wn.tf
Created
April 4, 2020 18:55
The below is an example IAM role and policy to allow the worker nodes to manage or retrieve data from other AWS services. It is used by Kubernetes to allow worker nodes to join the cluster.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_iam_role" "demo-cluster" { | |
| name = "terraform-eks-demo-cluster" | |
| assume_role_policy = <<POLICY | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { |
blogumi
/ terraform_wn_sg.tf
Created
April 4, 2020 18:56
This security group controls networking access to the Kubernetes worker nodes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_security_group" "demo-node" { | |
| name = "terraform-eks-demo-node" | |
| description = "Security group for all nodes in the cluster" | |
| vpc_id = aws_vpc.demo.id | |
| egress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] |
blogumi
/ terraform_wn_eks_master.tf
Created
April 4, 2020 18:57
Now that we have a way to know where traffic from the worker nodes is coming from, we can allow the worker nodes networking access to the EKS master cluster.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_security_group_rule" "demo-cluster-ingress-node-https" { | |
| description = "Allow pods to communicate with the cluster API Server" | |
| from_port = 443 | |
| protocol = "tcp" | |
| security_group_id = aws_security_group.demo-cluster.id | |
| source_security_group_id = aws_security_group.demo-node.id | |
| to_port = 443 | |
| type = "ingress" | |
| } |
blogumi
/ terraform_ec2.tf
Created
April 4, 2020 19:02
Now we have everything in place to create and manage EC2 instances that will serve as our worker nodes in the Kubernetes cluster. This setup uses an EC2 AutoScaling Group (ASG) rather than manually working with EC2 instances. This offers flexibility to scale up and down the worker nodes on demand when used in conjunction with AutoScaling policie…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_ami" "eks-worker" { | |
| filter { | |
| name = "name" | |
| values = ["amazon-eks-node-${aws_eks_cluster.demo.version}-v*"] | |
| } | |
| most_recent = true | |
| owners = ["602401143452"] # Amazon EKS AMI Account ID | |
| } |
blogumi
/ terraform_as_group.tf
Created
April 4, 2020 19:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_autoscaling_group" "demo" { | |
| desired_capacity = 2 | |
| launch_configuration = aws_launch_configuration.demo.id | |
| max_size = 2 | |
| min_size = 1 | |
| name = "terraform-eks-demo" | |
| vpc_zone_identifier = [aws_subnet.demo.*.id] | |
| tag { | |
| key = "Name" |
blogumi
/ LambdaFunctionHandler.java
Created
April 7, 2020 15:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.example.howtodoinjava; | |
| import java.util.Date; | |
| import java.util.UUID; | |
| import com.amazonaws.services.lambda.runtime.Context; | |
| import com.amazonaws.services.lambda.runtime.RequestHandler; | |
| public class LambdaFunctionHandler implements RequestHandler<MyLambdaRequest, MyLambdaResponse> { | |
| @Override |
OlderNewer