Create AWS EKS Terraform Module

It provisions all necessary resouces and firewall rules. Helm provider left in TODO, because adding it makes "terraform destroy" fail.
googleforgames · Jan 8, 2020 · 4d74996 · 4d74996
1 parent 8d383b6
commit 4d74996
Show file tree

Hide file tree

Showing 10 changed files with 399 additions and 5 deletions.
diff --git a/examples/terraform-submodules/eks/module.tf b/examples/terraform-submodules/eks/module.tf
@@ -0,0 +1,72 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+// Run:
+//  terraform apply [-var agones_version="1.0.0"]
+
+// Install latest version of agones
+variable "agones_version" {
+  default = "1.0.0"
+}
+variable "cluster_name" {
+  default = "agones-cluster"
+}
+
+variable "region" {
+  default = "us-west-2"
+}
+
+provider "aws" {
+  version = "~> 2.8"
+  region  = var.region
+}
+
+variable "machine_type" { default = "t2.large" }
+
+module "eks_cluster" {
+  source = "git::https://github.com/googleforgames/agones.git//install/terraform/modules/eks/?ref=master"
+
+  machine_type = "${var.machine_type}"
+  cluster_name = "${var.cluster_name}"
+}
+
+data "aws_eks_cluster_auth" "example" {
+  name = "${var.cluster_name}"
+}
+
+// TODO(alekser): Add Helm submodule
+// When next Helm module is used, "terraform destroy" would not succeed. 
+// This section is waiting till EKS Terraform provider will be fixed.
+// Currently "helm install" should be executed from the CLI.
+/*
+module "helm_agones" {
+  source = "git::https://github.com/googleforgames/agones.git//install/terraform/modules/helm/?ref=master"
+
+  udp_expose     = "false"
+  agones_version = "${var.agones_version}"
+  values_file    = ""
+  chart          = "agones"
+  host           = "${module.eks_cluster.host}"
+  token          = "${data.aws_eks_cluster_auth.example.token}"
+  cluster_ca_certificate = "${module.eks_cluster.cluster_ca_certificate}"
+}
+*/
+
+output "host" {
+  value = "${module.eks_cluster.host}"
+}
+output "cluster_ca_certificate" {
+  value = "${module.eks_cluster.cluster_ca_certificate}"
+}
diff --git a/install/terraform/modules/eks/eks.tf b/install/terraform/modules/eks/eks.tf
@@ -0,0 +1,112 @@
+# Copyright 2019 Google LLC All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+terraform {
+  required_version = ">= 0.12.6"
+}
+
+provider "aws" {
+  version = "~> 2.8"
+  region  = var.region
+}
+
+data "aws_availability_zones" "available" {
+}
+
+resource "aws_security_group" "worker_group_mgmt_one" {
+  name_prefix = "worker_group_mgmt_one"
+  vpc_id      = module.vpc.vpc_id
+
+  ingress {
+    from_port = 22
+    to_port   = 22
+    protocol  = "tcp"
+
+    cidr_blocks = [
+      "10.0.0.0/8",
+    ]
+  }
+  ingress {
+    from_port = 7000
+    to_port   = 8000
+    protocol  = "udp"
+
+    cidr_blocks = [
+      "0.0.0.0/0",
+    ]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "2.21.0"
+
+  name                 = "test-vpc-lt"
+  cidr                 = "10.0.0.0/16"
+  azs                  = data.aws_availability_zones.available.names
+  public_subnets       = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
+  enable_dns_hostnames = false
+
+  tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+  }
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+    "kubernetes.io/role/elb"                      = "1"
+  }
+}
+
+module "eks" {
+  source          = "git::github.com/terraform-aws-modules/terraform-aws-eks.git?ref=v7.0.1"
+  cluster_name    = "${var.cluster_name}"
+  subnets         = module.vpc.public_subnets
+  vpc_id          = module.vpc.vpc_id
+  cluster_version = "1.13"
+
+  worker_groups_launch_template = [
+    {
+      name                 = "default"
+      instance_type        = "${var.machine_type}"
+      asg_desired_capacity = 4
+      asg_min_size = 4
+      asg_max_size = 4
+      additional_security_group_ids = [aws_security_group.worker_group_mgmt_one.id]
+      public_ip            = true
+    },
+    // Node Pools with taints for metrics and system
+    {
+      name                 = "agones-system"
+      instance_type        = "${var.machine_type}"
+      asg_desired_capacity = 1
+      kubelet_extra_args   = "--node-labels=agones.dev/agones-system=true --register-with-taints=agones.dev/agones-system=true:NoExecute"
+      public_ip            = true
+    },
+    {
+      name                 = "agones-metrics"
+      instance_type        = "${var.machine_type}"
+      asg_desired_capacity = 1
+      kubelet_extra_args   = "--node-labels=agones.dev/agones-metrics=true --register-with-taints=agones.dev/agones-metrics=true:NoExecute"
+      public_ip            = true
+    }
+  ]
+}
diff --git a/install/terraform/modules/eks/outputs.tf b/install/terraform/modules/eks/outputs.tf
@@ -0,0 +1,48 @@
+# Copyright 2019 Google LLC All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+output "cluster_endpoint" {
+  description = "Endpoint for EKS control plane."
+  value       = module.eks.cluster_endpoint
+}
+
+output "cluster_security_group_id" {
+  description = "Security group ids attached to the cluster control plane."
+  value       = module.eks.cluster_security_group_id
+}
+
+output "kubectl_config" {
+  description = "kubectl config as generated by the module."
+  value       = module.eks.kubeconfig
+}
+
+output "config_map_aws_auth" {
+  description = "A kubernetes configuration to authenticate to this EKS cluster."
+  value       = module.eks.config_map_aws_auth
+}
+
+output "region" {
+  description = "AWS region."
+  value       = var.region
+}
+
+
+
+output "cluster_ca_certificate" {
+  value = "${base64decode(module.eks.cluster_certificate_authority_data)}"
+}
+
+output "host" {
+  depends_on = ["module.eks"]
+  value      = "${module.eks.cluster_endpoint}"
+}
diff --git a/install/terraform/modules/eks/variables.tf b/install/terraform/modules/eks/variables.tf
@@ -0,0 +1,66 @@
+# Copyright 2019 Google LLC All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+variable "cluster_name" {
+  default = "test-cluster"
+}
+
+variable "region" {
+  default = "us-west-2"
+}
+
+variable "machine_type" {
+  default = "t2.large"
+}
+
+variable "map_accounts" {
+  description = "Additional AWS account numbers to add to the aws-auth configmap."
+  type        = list(string)
+
+  default = [
+    "777777777777",
+    "888888888888",
+  ]
+}
+
+variable "map_roles" {
+  description = "Additional IAM roles to add to the aws-auth configmap."
+  type        = list(map(string))
+
+  default = [
+    {
+      role_arn = "arn:aws:iam::66666666666:role/role1"
+      username = "role1"
+      group    = "system:masters"
+    },
+  ]
+}
+
+variable "map_users" {
+  description = "Additional IAM users to add to the aws-auth configmap."
+  type        = list(map(string))
+
+  default = [
+    {
+      user_arn = "arn:aws:iam::66666666666:user/user1"
+      username = "user1"
+      group    = "system:masters"
+    },
+    {
+      user_arn = "arn:aws:iam::66666666666:user/user2"
+      username = "user2"
+      group    = "system:masters"
+    },
+  ]
+}
diff --git a/install/terraform/modules/helm/helm.tf b/install/terraform/modules/helm/helm.tf
@@ -124,10 +124,15 @@ resource "helm_release" "agones" {
   }
 
   set {
-    name  = " agones.ping.http.serviceType"
+    name  = "agones.ping.http.serviceType"
     value = "${var.ping_service_type}"
   }
 
+  set {
+    name = "agones.ping.udp.expose"
+    value ="${var.udp_expose}"
+  }
+
   set {
     name  = "agones.ping.udp.serviceType"
     value = "${var.ping_service_type}"

diff --git a/install/terraform/modules/helm/variables.tf b/install/terraform/modules/helm/variables.tf
@@ -22,6 +22,10 @@ variable "agones_version" {
   default = ""
 }
 
+variable "udp_expose" {
+  default = "true"
+}
+
 variable "host" {}
 
 variable "token" {}

diff --git a/site/content/en/docs/Installation/Terraform/_index.md b/site/content/en/docs/Installation/Terraform/_index.md
@@ -10,5 +10,6 @@ description: >
 
 - [Terraform](https://www.terraform.io/) v0.12.3
 - [Helm](https://docs.helm.sh/helm/) package manager 2.10.0+
-- Access to the the Kubernetes hosting provider you are using (e.g. `gcloud` or `az` utility installed)
+- Access to the the Kubernetes hosting provider you are using (e.g. `gcloud`
+{{% feature publishVersion="1.3.0" %}}, `awscli`{{% /feature %}} or `az` utility installed)
 - Git
diff --git a/site/content/en/docs/Installation/Terraform/aks.md b/site/content/en/docs/Installation/Terraform/aks.md
@@ -3,7 +3,7 @@ title: "Installing Agones on Azure Kubernetes Service using Terraform"
 linkTitle: "Azure"
 weight: 20
 description: >
-  You can use Terraform to provision a AKS cluster and install Agones on it.
+  You can use Terraform to provision an AKS cluster and install Agones on it.
 ---
 
 ## Installation
@@ -35,7 +35,7 @@ Once you created all resources on AKS you can get the credentials so that you ca
 az aks get-credentials --resource-group agonesRG --name test-cluster
 ```
 
-Check that you have access to kubernetes cluster:
+Check that you have access to the Kubernetes cluster:
 ```
 kubectl get nodes
 ```