diff --git a/build/modules/eks/eks.tf b/build/modules/eks/eks.tf index 8fa361fc5b..0e417b0e18 100644 --- a/build/modules/eks/eks.tf +++ b/build/modules/eks/eks.tf @@ -19,46 +19,148 @@ provider "aws" { resource "aws_vpc" "example" { - cidr_block = "10.0.0.0/16" - enable_dns_hostnames = true - enable_dns_support = true - tags = "${ - map( - "Name", "terraform-eks", - "kubernetes.io/cluster/example", "shared", - ) - }" + cidr_block = "10.0.0.0/16" + enable_dns_hostnames = true + enable_dns_support = true + tags = "${ + map( + "Name", "terraform-eks", + "kubernetes.io/cluster/example", "shared", + ) + }" +} + +data "aws_availability_zones" "available" { } resource "aws_vpc" "main" { -cidr_block = "10.0.0.0/16" -enable_dns_hostnames = true -enable_dns_support = true -tags = "${ - map( - "Name", "terraform-eks", - "kubernetes.io/cluster/example", "shared", - ) -}" + cidr_block = "10.0.0.0/16" + enable_dns_hostnames = true + enable_dns_support = true + tags = "${ + map( + "Name", "terraform-eks", + "kubernetes.io/cluster/example", "shared", + ) + }" +} + +resource "aws_security_group" "worker_group_mgmt_one" { + name_prefix = "worker_group_mgmt_one" + vpc_id = module.vpc.vpc_id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + + cidr_blocks = [ + "10.0.0.0/8", + ] + } + ingress { + from_port = 7000 + to_port = 8000 + protocol = "udp" + + cidr_blocks = [ + "10.0.0.0/8", + ] + } } +resource "aws_security_group" "worker_group_mgmt_two" { + name_prefix = "worker_group_mgmt_two" + vpc_id = module.vpc.vpc_id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + + cidr_blocks = [ + "192.168.0.0/16", + ] + } +} + + + +resource "aws_security_group" "worker_group_mgmt_three" { + name_prefix = "worker_group_mgmt_three" + vpc_id = module.vpc.vpc_id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + + cidr_blocks = [ + "192.168.0.0/16", + ] + } +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "2.6.0" + + name = "test-vpc" + cidr = "10.0.0.0/16" + azs = data.aws_availability_zones.available.names + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"] + enable_nat_gateway = true + single_nat_gateway = true + enable_dns_hostnames = true + + tags = { + "kubernetes.io/cluster/${var.cluster_name}" = "shared" + } + + public_subnet_tags = { + "kubernetes.io/cluster/${var.cluster_name}" = "shared" + "kubernetes.io/role/elb" = "1" + } + + private_subnet_tags = { + "kubernetes.io/cluster/${var.cluster_name}" = "shared" + "kubernetes.io/role/internal-elb" = "1" + } +} + + # # main EKS terraform resource definition # -resource "aws_eks_cluster" "main" { - name = "${var.cluster_name}" +module "eks" { + source = "git::github.com/terraform-aws-modules/terraform-aws-eks.git?ref=v5.1.0" + cluster_name = "${var.cluster_name}" + cluster_version = "1.12" + + vpc_id = module.vpc.vpc_id + subnets = module.vpc.private_subnets worker_groups = [ { - name = "worker-group-1" - instance_type = "t2.micro" - asg_desired_capacity = 5 + name = "default" + instance_type = "${var.machine_type}" + asg_desired_capacity = 3 additional_security_group_ids = [aws_security_group.worker_group_mgmt_one.id] }, + // TODO: add two additional Node Pools with taints for metrics and system + /* { - name = "worker-group-2" - instance_type = "t2.micro" + name = "agones-system" + instance_type = "${var.machine_type}" additional_security_group_ids = [aws_security_group.worker_group_mgmt_two.id] - asg_desired_capacity = 5 + asg_desired_capacity = 1 + }, + { + name = "agones-metrics" + instance_type = "${var.machine_type}" + additional_security_group_ids = [aws_security_group.worker_group_mgmt_three.id] + asg_desired_capacity = 1 }, + */ ] } \ No newline at end of file diff --git a/build/modules/eks/outputs.tf b/build/modules/eks/outputs.tf index 824d90e1b7..e9ebafe5bd 100644 --- a/build/modules/eks/outputs.tf +++ b/build/modules/eks/outputs.tf @@ -11,23 +11,52 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +output "cluster_endpoint" { + description = "Endpoint for EKS control plane." + value = module.eks.cluster_endpoint +} + +output "cluster_security_group_id" { + description = "Security group ids attached to the cluster control plane." + value = module.eks.cluster_security_group_id +} + +output "kubectl_config" { + description = "kubectl config as generated by the module." + value = module.eks.kubeconfig +} + +output "config_map_aws_auth" { + description = "A kubernetes configuration to authenticate to this EKS cluster." + value = module.eks.config_map_aws_auth +} + +output "region" { + description = "AWS region." + value = var.region +} + + output "cluster_ca_certificate" { - value = "${base64decode(aws_eks_cluster.main.kube_config.0.cluster_ca_certificate)}" + value = "${base64decode( module.eks.cluster_certificate_authority_data)}" } +output "host" { + depends_on = ["module.eks"] + value = "${ module.eks.cluster_endpoint}" +} +/* output "client_certificate" { - value = "${aws_eks_cluster.main.kube_config.0.client_certificate}" + value = "${ module.eks.kubeconfig.client_certificate}" } output "kube_config" { - value = "${aws_eks_cluster.main.kube_config_raw}" + value = "${ module.eks.kubeconfig}" } -output "host" { - value = "${aws_eks_cluster.main.kube_config.0.host}" -} output "token" { - value = "${aws_eks_cluster.main.kube_config.0.password}" + value = "${ module.eks.kubeconfig.password}" } +*/ \ No newline at end of file diff --git a/build/modules/eks/variables.tf b/build/modules/eks/variables.tf index a2db5cb15e..9760298086 100644 --- a/build/modules/eks/variables.tf +++ b/build/modules/eks/variables.tf @@ -19,3 +19,48 @@ variable "cluster_name" { variable "region" { default = "us-west-2" } + +variable "machine_type" { + default = "t2.large" +} + +variable "map_accounts" { + description = "Additional AWS account numbers to add to the aws-auth configmap." + type = list(string) + + default = [ + "777777777777", + "888888888888", + ] +} + +variable "map_roles" { + description = "Additional IAM roles to add to the aws-auth configmap." + type = list(map(string)) + + default = [ + { + role_arn = "arn:aws:iam::66666666666:role/role1" + username = "role1" + group = "system:masters" + }, + ] +} + +variable "map_users" { + description = "Additional IAM users to add to the aws-auth configmap." + type = list(map(string)) + + default = [ + { + user_arn = "arn:aws:iam::66666666666:user/user1" + username = "user1" + group = "system:masters" + }, + { + user_arn = "arn:aws:iam::66666666666:user/user2" + username = "user2" + group = "system:masters" + }, + ] +} \ No newline at end of file diff --git a/build/modules/helm/helm.tf b/build/modules/helm/helm.tf index 03f840b44f..6df619f906 100644 --- a/build/modules/helm/helm.tf +++ b/build/modules/helm/helm.tf @@ -124,10 +124,15 @@ resource "helm_release" "agones" { } set { - name = " agones.ping.http.serviceType" + name = "agones.ping.http.serviceType" value = "${var.ping_service_type}" } + set { + name = "agones.ping.udp.expose" + value ="${var.udp_expose}" + } + set { name = "agones.ping.udp.serviceType" value = "${var.ping_service_type}" diff --git a/build/modules/helm/variables.tf b/build/modules/helm/variables.tf index 9b0bb7bfc0..f0c4f58f6e 100644 --- a/build/modules/helm/variables.tf +++ b/build/modules/helm/variables.tf @@ -22,6 +22,10 @@ variable "agones_version" { default = "" } +variable "udp_expose" { + default = "true" +} + variable "host" {} variable "token" {} diff --git a/examples/terraform-submodules/eks/module.tf b/examples/terraform-submodules/eks/module.tf new file mode 100644 index 0000000000..6ecdf9c371 --- /dev/null +++ b/examples/terraform-submodules/eks/module.tf @@ -0,0 +1,66 @@ +// Copyright 2019 Google LLC All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +// Run: +// terraform apply [-var agones_version="0.12.0"] + +// Install latest version of agones +variable "agones_version" { + default = "0.12.0" +} +variable "cluster_name" { + default = "test-cluster" +} + +variable "region" { + default = "us-west-2" +} + +provider "aws" { + version = ">= 2.11" + region = var.region +} + +variable "machine_type" { default = "t2.large" } + +module "eks_cluster" { + source = "../../../build/modules/eks" + + machine_type = "${var.machine_type}" + cluster_name = "${var.cluster_name}" +} + +data "aws_eks_cluster_auth" "example" { + name = "${var.cluster_name}" +} + +module "helm_agones" { + source = "git::https://github.com/googleforgames/agones.git//build/modules/helm/?ref=master" + + udp_expose = "false" + agones_version = "${var.agones_version}" + values_file = "" + chart = "agones" + host = "${module.eks_cluster.host}" + token = "${data.aws_eks_cluster_auth.example.token}" + cluster_ca_certificate = "${module.eks_cluster.cluster_ca_certificate}" +} + +output "host" { + value = "${module.eks_cluster.host}" +} +output "cluster_ca_certificate" { + value = "${module.eks_cluster.cluster_ca_certificate}" +} diff --git a/site/content/en/docs/Installation/terraform.md b/site/content/en/docs/Installation/terraform.md index 49c72c80a8..ec465851fe 100644 --- a/site/content/en/docs/Installation/terraform.md +++ b/site/content/en/docs/Installation/terraform.md @@ -9,14 +9,14 @@ description: > ## Prerequisites -- Terraform v0.11.13 +- Terraform v0.12 - [Helm](https://docs.helm.sh/helm/) package manager 2.10.0+ -- Access to the the Kubernetes hosting provider you are using (e.g. `gcloud` or `az` utility installed) +- Access to the the Kubernetes hosting provider you are using (e.g. `gcloud`, `awscli` or `az` utility installed) - Git # Installing the Agones as Terraform submodule on Google Kubernetes Engine -You can use Terraform to provision your GKE cluster and install agones on it using Helm Terraform provider. +You can use Terraform to provision your GKE cluster and install Agones on it using Helm Terraform provider. First step would be to enable `Kubernetes Engine API`. From the Cloud Console, navigate to APIs & Services > Dashboard, then click `Enable APIs and Services`. Type `kubernetes` in the search box, and you should find the Kubernetes Engine API. Click Enable. @@ -38,7 +38,7 @@ The example of submodule configuration could be found here: Configurable parameters and their meaning: - password - if not specified basic Auth would be disabled in GKE cluster -- agones_version - which version of agones to install +- agones_version - which version of Agones to install - project - your Google Cloud Project ID - machine_type - primary cluster machine type ( default is "n1-standard-4") - node_count - count of nodes in primary Node Pool. Defaults to "4". @@ -73,7 +73,7 @@ Fetching cluster endpoint and auth data. kubeconfig entry generated for test-cluster. ``` -Check that you have access to kubernetes cluster: +Check that you have an access to kubernetes cluster: ``` kubectl get nodes ``` @@ -118,7 +118,7 @@ Once you created all resources on AKS you can get the credentials so that you ca az aks get-credentials --resource-group agonesRG --name test-cluster ``` -Check that you have access to kubernetes cluster: +Check that you have an access to kubernetes cluster: ``` kubectl get nodes ``` @@ -132,3 +132,47 @@ terraform destroy ## Reference Details on how you can authenticate your AKS terraform provider using official [instructions](https://www.terraform.io/docs/providers/azurerm/auth/service_principal_client_secret.html) + + +# Installing the Agones as Terraform submodule on AWS EKS + +You can use Terraform to provision your Amazon EKS (Elastic Kubernetes Service) cluster and install Agones on it using Helm Terraform provider. + +The example of EKS submodule config file could be found here: + {{< ghlink href="examples/terraform-submodules/eks/module.tf" >}}Terraform configuration with Agones submodule{{< /ghlink >}} + +Copy `module.tf` file into a separate folder. + +Configure your AWS CLI tool [CLI configure](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html): +``` +aws configure +``` + +Configure your terraform: +``` +terraform init +``` + +By editing `modules.tf` you can change some parameters as you need, for example EC2 instance type. Note that the maximum number of instances in the workers group is limited by 3. + +Now you can deploy Agones on EKS: +``` +terraform apply +``` + +After deploying the cluster with Agones, you can get or update your kubeconfig using next command: +``` +aws eks --region us-west-2 update-kubeconfig --name test-cluster +``` + +Check that you have an access to kubernetes cluster: +``` +kubectl get nodes +``` + +## Uninstall the Agones and delete EKS cluster + +Run the following command to delete all Terraform provisioned resources: +``` +terraform destroy +```