main.tf ( formerly eks-cluster.tf)
Jump to navigation
Jump to search
- https://github.com/hashicorp/learn-terraform-provision-eks-cluster/blob/main/main.tf (formerly eks-cluster.tf)
main.tf[edit]
# Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 provider "aws" { region = var.region } # Filter out local zones, which are not currently supported # with managed node groups data "aws_availability_zones" "available" { filter { name = "opt-in-status" values = ["opt-in-not-required"] } } locals { cluster_name = "education-eks-${random_string.suffix.result}" } resource "random_string" "suffix" { length = 8 special = false } module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "5.8.1" name = "education-vpc" cidr = "10.0.0.0/16" azs = slice(data.aws_availability_zones.available.names, 0, 3) private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] enable_nat_gateway = true single_nat_gateway = true enable_dns_hostnames = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 } private_subnet_tags = { "kubernetes.io/role/internal-elb" = 1 } } module "eks" { source = "terraform-aws-modules/eks/aws" version = "20.8.5" cluster_name = local.cluster_name cluster_version = "1.29" cluster_endpoint_public_access = true enable_cluster_creator_admin_permissions = true cluster_addons = { aws-ebs-csi-driver = { service_account_role_arn = module.irsa-ebs-csi.iam_role_arn } } vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets eks_managed_node_group_defaults = { ami_type = "AL2_x86_64" } eks_managed_node_groups = { one = { name = "node-group-1" instance_types = ["t3.small"] min_size = 1 max_size = 3 desired_size = 2 } two = { name = "node-group-2" instance_types = ["t3.small"] min_size = 1 max_size = 2 desired_size = 1 } } } # https://aws.amazon.com/blogs/containers/amazon-ebs-csi-driver-is-now-generally-available-in-amazon-eks-add-ons/ data "aws_iam_policy" "ebs_csi_policy" { arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy" } module "irsa-ebs-csi" { source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc" version = "5.39.0" create_role = true role_name = "AmazonEKSTFEBSCSIRole-${module.eks.cluster_name}" provider_url = module.eks.oidc_provider role_policy_arns = [data.aws_iam_policy.ebs_csi_policy.arn] oidc_fully_qualified_subjects = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"] }
Former Eks-cluster.tf (version 18.26.6)[edit]
module "eks" { source = "terraform-aws-modules/eks/aws" version = "18.26.6" cluster_name = local.cluster_name cluster_version = "1.22" vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets eks_managed_node_group_defaults = { ami_type = "AL2_x86_64" attach_cluster_primary_security_group = true # Disabling and using externally provided security groups create_security_group = false } eks_managed_node_groups = { one = { name = "node-group-1" instance_types = ["t3.small"] min_size = 1 max_size = 3 desired_size = 2 pre_bootstrap_user_data = <<-EOT echo 'foo bar' EOT vpc_security_group_ids = [ aws_security_group.node_group_one.id ] } two = { name = "node-group-2" instance_types = ["t3.medium"] min_size = 1 max_size = 2 desired_size = 1 pre_bootstrap_user_data = <<-EOT echo 'foo bar' EOT vpc_security_group_ids = [ aws_security_group.node_group_two.id ] } } }
Related[edit]
gke.tf
- FAQ: https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/faq.md#how-do-i-safely-remove-old-worker-groups
worker_groups
capacity_type = "SPOT"
See also[edit]
- Terraform EKS module: Deploy EKS cluster using Terraform,
manage_aws_auth_configmap, create_aws_auth_configmap, aws_auth_roles, aws_auth_users, aws_auth_accounts, module.eks, Amazon EKS Blueprints for Terraform, OIDC
- Terraform EKS, Terraform EKS module, Deploy EKS cluster using Terraform, Terraform EKS apply output,
terraform show, ~/.kube/config
,aws_eks_cluster, aws_eks_addon, module.eks_managed_node_group, eks-cluster.tf, node_groups, worker_groups
Advertising: