Skip to content

Instantly share code, notes, and snippets.

@sheikhnavezz

sheikhnavezz/EKS_cluster.md

Created March 18, 2024 10:12
Show Gist options
  • Save sheikhnavezz/8c1d3ae9dece9acad4fc45abaa431f36 to your computer and use it in GitHub Desktop.
Save sheikhnavezz/8c1d3ae9dece9acad4fc45abaa431f36 to your computer and use it in GitHub Desktop.
Download ZIP
This snippet will create EKS Cluster
Raw
EKS_cluster.md

This Terraform code for creating EKS cluster, including a private subnet, IAM role for EKS worker nodes with attached policies such as AmazonEKSWorkerNodePolicy, AmazonEC2ContainerRegistryReadOnly, and AmazonEKS_CNI_Policy. then deploys an Amazon EKS cluster within the VPC, along with a node group for worker nodes. Additionally, it provisions EC2 instances with basic configurations and manages SSH key pairs for secure access to these instances.

provider.tf :

  provider "aws" {
  region = "us-east-2" # Change to your desired AWS region
  profile = "tf-navez"
  }

main.tf :

Create VPC

  resource "aws_vpc" "my_vpc" {
  cidr_block = "10.0.0.0/16"
  }

Create private subnets in two different AZs

  resource "aws_subnet" "private_subnet_a" {
    vpc_id            = aws_vpc.my_vpc.id
    cidr_block        = "10.0.1.0/24"
    availability_zone = "us-east-2a" # Change to your desired availability zone
  }

  resource "aws_subnet" "private_subnet_b" {
    vpc_id            = aws_vpc.my_vpc.id
    cidr_block        = "10.0.2.0/24"
    availability_zone = "us-east-2b" # Change to another desired availability zone
  }

Create IAM role for EKS worker nodes

    resource "aws_iam_role" "eks_node_role" {
      name = "eks-node-role"

      assume_role_policy = <<EOF
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": { "Service": "ec2.amazonaws.com" },
          "Action": "sts:AssumeRole",
          "Condition": {
            "StringEquals": {
              "sts:ExternalId": "eks-service-role"
            }
          }
        }
      ]
    }
    EOF
    }

Attach EKSWorkerNodePolicy

  resource "aws_iam_role_policy_attachment" "attach_eks_worker_node_policy" {
    role       = aws_iam_role.eks_node_role.name
    policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
  }

Attach EC2ContainerRegistryReadOnly

  resource "aws_iam_role_policy_attachment" "attach_ecr_read_only_policy" {
    role       = aws_iam_role.eks_node_role.name
    policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
  }

Attach AmazonEKS_CNI_Policy

resource "aws_iam_role_policy_attachment" "attach_eks_cni_policy" {
  role       = aws_iam_role.eks_node_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
}

Create EKS cluster

resource "aws_eks_cluster" "my_cluster" {
name = "my-eks-cluster"
role_arn = "arn:aws:iam::93478594:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS" # Change to your EKS service role ARN
# version = "1.21" # Change to your desired EKS version
vpc_config {
 subnet_ids = [
      aws_subnet.private_subnet_a.id,
      aws_subnet.private_subnet_b.id,
    ]
}
}

Create EKS worker nodes

resource "aws_eks_node_group" "my_node_group" {
  cluster_name = aws_eks_cluster.my_cluster.name
  node_group_name = "my-node-group"
  node_role_arn = "arn:aws:iam::9394794:role/eks-node-role" # Change to your EKS node role ARN
   subnet_ids      = [
    aws_subnet.private_subnet_a.id,
    aws_subnet.private_subnet_b.id,
  ]
  instance_types = ["t2.medium"]

  scaling_config {
    desired_size = 3
    max_size     = 5
    min_size     = 1
  }
}

Create Virtual Machines

  resource "aws_instance" "my_instances" {
  count = 4
  ami = "ami-0b8b44ec9a8f90422" # Change to your desired AMI
  instance_type = "t2.medium"
   subnet_id      = aws_subnet.private_subnet_a.id # Change to a desired subnet
  #   key_name       = tls_private_key.my_ssh_key.key_name
  user_data = <<-EOF
  #!/bin/bash
  sudo apt update
  chmod 700 /home/ubuntu/.ssh
  chmod 600 /home/ubuntu/.ssh/authorized_keys
  EOF
  tags = {
  Name = "my-instance-${count.index + 1}"
  }
  }

Create SSH key pair

resource "tls_private_key" "my_ssh_key" {
  algorithm = "RSA"
  rsa_bits  = 2048
}

Output the public key

output "ssh_public_key" {
  value = tls_private_key.my_ssh_key.public_key_openssh
}

Use the SSH key pair in the null_resource

  resource "null_resource" "copy_ssh_key" {
    depends_on = [aws_instance.my_instances]

    provisioner "remote-exec" {
      connection {
        type        = "ssh"
        host        = aws_instance.my_instances[0].public_ip
        user        = "ubuntu" # Change to your desired username
        private_key = tls_private_key.my_ssh_key.private_key_pem
      }

      inline = [
        "echo '${tls_private_key.my_ssh_key.public_key_openssh}' >> /home/ubuntu/.ssh/authorized_keys"
      ]
    }
  }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment