From 3c711d61a36810d431d3fa9487c6ab9fe39601e1 Mon Sep 17 00:00:00 2001 From: Steven Caswell Date: Mon, 10 Feb 2020 06:43:46 -0500 Subject: [PATCH] Node group name arguments (node_group_name and node_group_role_name) (#2) * new node_group_name and node_group_role_name optional arguments to override hard-wired defaults * example for named node group arguments --- README.md | 2 + examples/single-named-node-group/main.tf | 115 +++++++++++++++++++++++ main.tf | 6 +- variables.tf | 11 +++ 4 files changed, 131 insertions(+), 3 deletions(-) create mode 100644 examples/single-named-node-group/main.tf diff --git a/README.md b/README.md index 522e104..3d63ab4 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,8 @@ Module managed by [Marcin Cuber](https://github.com/marcincuber) [LinkedIn](http | kubernetes\_version | Kubernetes version. Defaults to EKS Cluster Kubernetes version. Terraform will only perform drift detection if a configuration value is provided | string | `"null"` | no | | max\_size | Maximum number of worker nodes | number | n/a | yes | | min\_size | Minimum number of worker nodes | number | n/a | yes | +| node\_group\_name | The name of the cluster node group. | string | - | no | +| node\_group\_role\_name | The name of the cluster node group role. | string | - | no | | node\_role\_arn | IAM role arn that will be used by managed node group | string | `""` | no | | source\_security\_group\_ids | Set of EC2 Security Group IDs to allow SSH access \(port 22\) from on the worker nodes. If you specify `ec2\_ssh\_key`, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet \(0.0.0.0/0\) | list(string) | `[]` | no | | subnet\_ids | A list of subnet IDs to launch resources in | list(string) | n/a | yes | diff --git a/examples/single-named-node-group/main.tf b/examples/single-named-node-group/main.tf new file mode 100644 index 0000000..03d7990 --- /dev/null +++ b/examples/single-named-node-group/main.tf @@ -0,0 +1,115 @@ +provider "aws" { + region = "eu-west-1" +} + +##### +# VPC and subnets +##### +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "2.21.0" + + name = "simple-vpc" + + cidr = "10.0.0.0/16" + + azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = "1" + } + + public_subnet_tags = { + "kubernetes.io/role/elb" = "1" + } + + enable_dns_hostnames = true + enable_dns_support = true + enable_nat_gateway = true + enable_vpn_gateway = true + single_nat_gateway = true + one_nat_gateway_per_az = false + + tags = { + "kubernetes.io/cluster/eks" = "shared", + Environment = "test" + } +} + +##### +# EKS Cluster +##### + +resource "aws_eks_cluster" "cluster" { + enabled_cluster_log_types = [] + name = "eks" + role_arn = aws_iam_role.cluster.arn + version = "1.14" + + vpc_config { + subnet_ids = flatten([module.vpc.public_subnets, module.vpc.private_subnets]) + security_group_ids = [] + endpoint_private_access = "true" + endpoint_public_access = "true" + } +} + +resource "aws_iam_role" "cluster" { + name = "eks-cluster-role" + + assume_role_policy = <