-
-
Save swade1987/33780145d1052fadc05a0331e4ef5c30 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_iam_instance_profile" "instance_profile" { | |
name = var.name | |
role = var.worker_node_iam_role | |
} | |
module "asg" { | |
source = "git::git@gitlab.com:ume-platform-engineering/tf-modules.git//modules/asg?ref=d9742ea" | |
ami = var.ami | |
health_check_grace_period = 300 | |
health_check_type = "EC2" | |
iam_instance_profile = aws_iam_instance_profile.instance_profile.arn | |
instance_key_name = "" | |
instance_role = var.instance_role | |
instances = var.asg_config["instances"] | |
load_balancers = var.loadbalancers | |
name = var.name | |
security_groups = var.security_group_ids | |
schedule = var.asg_config["schedule"] | |
subnet_ids = var.private_subnet_ids | |
tags = local.tags | |
target_group_arns = [] | |
user_data = local.user_data | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_autoscaling_attachment" "asg" { | |
count = length(var.load_balancers) | |
autoscaling_group_name = aws_autoscaling_group.asg.name | |
elb = element(var.load_balancers, count.index) | |
} | |
resource "aws_launch_configuration" "asg" { | |
associate_public_ip_address = false | |
ebs_optimized = true | |
iam_instance_profile = var.iam_instance_profile | |
image_id = var.ami | |
instance_type = lookup(var.instances, "type", "") | |
key_name = var.instance_key_name | |
name_prefix = "${var.name}-" | |
security_groups = var.security_groups | |
user_data_base64 = base64encode(var.user_data) | |
# Block device for docker (/var/lib/docker) | |
ebs_block_device { | |
delete_on_termination = true | |
device_name = "/dev/xvdb" | |
encrypted = true | |
volume_size = "50" | |
volume_type = "gp2" | |
} | |
# Ignore changes in the AMI which force recreation of the resource. This avoids accidental deletion of nodes whenever a new OS release comes out. | |
lifecycle { | |
create_before_destroy = true | |
ignore_changes = [image_id] | |
} | |
root_block_device { | |
delete_on_termination = true | |
encrypted = true | |
volume_size = "20" | |
volume_type = "gp2" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create a public DNS record pointing to the public load balancer. | |
resource "aws_route53_record" "ingress" { | |
zone_id = data.terraform_remote_state.dns.outputs.zone | |
name = "ingress.platform.${var.team_prefix}.${var.platform}.${var.root_domain}" | |
type = "A" | |
alias { | |
name = aws_elb.ingress_elb.dns_name | |
zone_id = aws_elb.ingress_elb.zone_id | |
evaluate_target_health = true | |
} | |
} | |
resource "aws_elb" "ingress_elb" { | |
name = "ingress" | |
subnets = data.terraform_remote_state.base.outputs.subnets["public"] | |
cross_zone_load_balancing = true | |
connection_draining = true | |
internal = false #tfsec:ignore:AWS005 | |
security_groups = [data.terraform_remote_state.security_groups.outputs.ids["k8s_ingress_elb"]] | |
# HTTP traffic | |
listener { | |
lb_port = 80 | |
lb_protocol = "tcp" | |
instance_port = 30080 | |
instance_protocol = "tcp" | |
} | |
# HTTPS traffic | |
listener { | |
lb_port = 443 | |
lb_protocol = "tcp" | |
instance_port = 30443 | |
instance_protocol = "tcp" | |
} | |
# Use the NGINX Ingress Controller '/healthz' endpoint as the health check. | |
health_check { | |
healthy_threshold = 2 | |
unhealthy_threshold = 2 | |
interval = 10 | |
target = "HTTP:32254/healthz" | |
timeout = 5 | |
} | |
} | |
resource "aws_proxy_protocol_policy" "proxy_protocol" { | |
load_balancer = aws_elb.ingress_elb.name | |
instance_ports = [ | |
"30080", | |
"30443", | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module "ingress_worker_node_group" { | |
source = "git::git@gitlab.com:ume-platform-engineering/tf-modules.git//modules/eks-node-group?ref=f19836f" | |
ami = data.aws_ssm_parameter.bottlerocket_ami.value | |
asg_config = var.worker_groups["ingress"] | |
cluster = module.cluster.cluster | |
instance_role = "ingress" | |
loadbalancers = [aws_elb.ingress_elb.id] | |
name = "ingress" | |
node_taints = local.node_taints_ingress | |
platform = var.platform | |
private_subnet_ids = data.terraform_remote_state.base.outputs.subnets["private"] | |
region = var.region | |
security_group_ids = local.general_ingress_security_groups | |
worker_node_iam_role = data.terraform_remote_state.iam.outputs.role_names["k8s_worker"] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment