├── .gitignore
├── .terraform.lock.hcl
├── README.md
├── kubectl.sha256
├── kubernetes.tf
├── main.tf
├── modules
    ├── eks
    │   ├── main.tf
    │   ├── outputs.tf
    │   └── variables.tf
    └── vpc
    │   ├── main.tf
    │   ├── outputs.tf
    │   └── variables.tf
├── outputs.tf
└── provider.tf


/.gitignore:
--------------------------------------------------------------------------------
 1 | ###### root/.gitgnore
 2 | 
 3 | 
 4 | # Local .terraform directories
 5 | **/.terraform/*
 6 | 
 7 | # .tfstate files
 8 | *.tfstate
 9 | *.tfstate.*
10 | 
11 | # Crash log files
12 | crash.log
13 | crash.*.log
14 | 
15 | # Exclude all .tfvars files, which are likely to contain sensitive data, such as
16 | # password, private keys, and other secrets. These should not be part of version 
17 | # control as they are data points which are potentially sensitive and subject 
18 | # to change depending on the environment.
19 | *.tfvars
20 | *.tfvars.json
21 | 
22 | # Ignore override files as they are usually used to override resources locally and so
23 | # are not checked in
24 | override.tf
25 | override.tf.json
26 | *_override.tf
27 | *_override.tf.json
28 | 
29 | # Include override files you do wish to add to version control using negated pattern
30 | # !example_override.tf
31 | 
32 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
33 | # example: *tfplan*
34 | 
35 | # Ignore CLI configuration files
36 | .terraformrc
37 | terraform.rc


--------------------------------------------------------------------------------
/.terraform.lock.hcl:
--------------------------------------------------------------------------------
 1 | # This file is maintained automatically by "terraform init".
 2 | # Manual edits may be lost in future updates.
 3 | 
 4 | provider "registry.terraform.io/hashicorp/aws" {
 5 |   version     = "4.15.1"
 6 |   constraints = "~> 4.15.0"
 7 |   hashes = [
 8 |     "h1:KNkM4pOCRzbjlGoCxt4Yl4qGUESLQ2uKIOSHb+aiMlY=",
 9 |     "zh:1d944144f8d613b8090c0c8391e4b205ca036086d70aceb4cdf664856fa8410c",
10 |     "zh:2a0ca16a6b12c0ac509f64512f80bd2ed6e7ea0ec369212efd4be3fa65e9773d",
11 |     "zh:3f9efdce4f1c320ffd061e8715e1d031deac1be0b959eaa60c25a274925653e4",
12 |     "zh:4cf82f3267b0c3e08be29b0345f711ab84ea1ea75f0e8ce81f5a2fe635ba67b4",
13 |     "zh:58474a0b7da438e1bcd53e87f10e28830836ff9b46cce5f09413c90952ae4f78",
14 |     "zh:6eb1be8afb0314b6b8424fe212b13beeb04f3f24692f0f3ee86c5153c7eb2e63",
15 |     "zh:8022da7d3b050d452ce6c679844e13729bdb4e1b3e75dcf68931af17a06b9277",
16 |     "zh:8e2683d00fff1df43440d6e7c04a2c1eb432c7d5dacff32fe8ce9045bc948fe6",
17 |     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
18 |     "zh:b0c22d9a306e8ac2de57b5291a3d0a7a2c1713e33b7d076005662451afdc4d29",
19 |     "zh:ba6b7d7d91388b636145b133da6b4e32620cdc8046352e2dc8f3f0f81ff5d2e2",
20 |     "zh:d38a816eb60f4419d99303136a3bb61a0d2df3ca8a1dce2ced9b99bf23efa9f7",
21 |   ]
22 | }
23 | 
24 | provider "registry.terraform.io/hashicorp/kubernetes" {
25 |   version     = "2.13.1"
26 |   constraints = ">= 2.0.1"
27 |   hashes = [
28 |     "h1:1cRcvMGxS9q2Y0PxOrPiLU+nbNERuXML2liAQsWXByU=",
29 |     "zh:061f6ecbbf9a3c6345b56c28ebc2966a05d8eb02f3ba56beedd66e4ea308e332",
30 |     "zh:2119beeccb35bc5d1392b169f9fc748865261b45fb75fc8f57200e91658837c6",
31 |     "zh:26c29083d0d84fbc2e356e3dd1db3e2dc4139e943acf7a318d3c98f954ac6bd6",
32 |     "zh:2fb5823345ab05b3df74bb5c51c61072637d01b3cddffe3ad36a73b7d5b749e6",
33 |     "zh:3475b4422fffaf58584c4d877f98bfeff075e4a746f13e985d2cb20adc873a6c",
34 |     "zh:366b4bef49932d1d71b12849c1878c254a887962ff915f37982299c1185dd48a",
35 |     "zh:589f9358e4a4bd74a83b97ccc64df455ddfa64c4c4e099aef30fa29080497a8a",
36 |     "zh:7a0d75e0e4fee6cc5599ac9d5e91de563ce9ea7bd8137480c7abd09642a9e72c",
37 |     "zh:a297a42aefe0650e3d9fbe55a3ee48b14bb8bb5edb7068c09512d72afc3d9ca5",
38 |     "zh:b7f83a89b646542d02b733d464e45d6d0739a9dbb921305e7b8347e9fc98a149",
39 |     "zh:d4c721174a598b66bd1b29c40fa7cffafe90bb58186cd7506d792a6b04161103",
40 |     "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
41 |   ]
42 | }
43 | 
44 | provider "registry.terraform.io/hashicorp/random" {
45 |   version     = "3.1.0"
46 |   constraints = "3.1.0"
47 |   hashes = [
48 |     "h1:9cCiLO/Cqr6IUvMDSApCkQItooiYNatZpEXmcu0nnng=",
49 |     "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
50 |     "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
51 |     "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
52 |     "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
53 |     "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
54 |     "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
55 |     "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
56 |     "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
57 |     "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
58 |     "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
59 |     "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
60 |   ]
61 | }
62 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # eks-cluster-terraform


--------------------------------------------------------------------------------
/kubectl.sha256:
--------------------------------------------------------------------------------
1 | c17ca54480437d069679d8da8640bca0bd84a5e2614ce9fc7e9c955c4145b768


--------------------------------------------------------------------------------
/kubernetes.tf:
--------------------------------------------------------------------------------
 1 | ###### root/kubernetes.tf
 2 | 
 3 | resource "kubernetes_deployment" "luit22" {
 4 |   metadata {
 5 |     name = "terraform-luit22"
 6 |     labels = {
 7 |       test = "Myluit22App"
 8 |     }
 9 |   }
10 | 
11 |   spec {
12 |     replicas = 2
13 |     selector {
14 |       match_labels = {
15 |         test = "Myluit22App"
16 |       }
17 |     }
18 |     template {
19 |       metadata {
20 |         labels = {
21 |           test = "Myluit22App"
22 |         }
23 |       }
24 |       spec {
25 |         container {
26 |           image = "nginx:1.7.8"
27 |           name  = "luit22"
28 | 
29 |           resources {
30 |             limits = {
31 |               cpu    = "0.5"
32 |               memory = "512Mi"
33 |             }
34 |             requests = {
35 |               cpu    = "250m"
36 |               memory = "50Mi"
37 |             }
38 |           }
39 |         }
40 |       }
41 |     }
42 |   }
43 | }
44 | 
45 | resource "kubernetes_service" "luit22" {
46 |   metadata {
47 |     name = "terraform-luit22"
48 |   }
49 | 
50 |   spec {
51 |     selector = {
52 |       test = "myluit22App"
53 |     }
54 |     port {
55 |       port        = 80
56 |       target_port = 80
57 |       node_port   = 30010
58 |     }
59 | 
60 |     type = "LoadBalancer"
61 |   }
62 | }


--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
 1 | ###### root/main.tf
 2 | module "eks" {
 3 |   source                  = "./modules/eks"
 4 |   aws_public_subnet       = module.vpc.aws_public_subnet
 5 |   vpc_id                  = module.vpc.vpc_id
 6 |   cluster_name            = "module-eks-${random_string.suffix.result}"
 7 |   endpoint_public_access  = true
 8 |   endpoint_private_access = false
 9 |   public_access_cidrs     = ["0.0.0.0/0"]
10 |   node_group_name         = "luit22"
11 |   scaling_desired_size    = 1
12 |   scaling_max_size        = 1
13 |   scaling_min_size        = 1
14 |   instance_types          = ["t3.small"]
15 |   key_pair                = "XXXX"
16 | }
17 | 
18 | module "vpc" {
19 |   source                  = "./modules/vpc"
20 |   tags                    = "luit22"
21 |   instance_tenancy        = "default"
22 |   vpc_cidr                = "10.0.0.0/16"
23 |   access_ip               = "0.0.0.0/0"
24 |   public_sn_count         = 2
25 |   public_cidrs            = ["10.0.1.0/24", "10.0.2.0/24"]
26 |   map_public_ip_on_launch = true
27 |   rt_route_cidr_block     = "0.0.0.0/0"
28 | 
29 | }


--------------------------------------------------------------------------------
/modules/eks/main.tf:
--------------------------------------------------------------------------------
  1 | resource "aws_eks_cluster" "luit22" {
  2 |   name     = var.cluster_name
  3 |   role_arn = aws_iam_role.luit22.arn
  4 | 
  5 |   vpc_config {
  6 |     subnet_ids              = var.aws_public_subnet
  7 |     endpoint_public_access  = var.endpoint_public_access
  8 |     endpoint_private_access = var.endpoint_private_access
  9 |     public_access_cidrs     = var.public_access_cidrs
 10 |     security_group_ids      = [aws_security_group.node_group_one.id]
 11 |   }
 12 | 
 13 |   depends_on = [
 14 |     aws_iam_role_policy_attachment.luit22-AmazonEKSClusterPolicy,
 15 |     aws_iam_role_policy_attachment.luit22-AmazonEKSVPCResourceController,
 16 |   ]
 17 | }
 18 | 
 19 | resource "aws_eks_node_group" "luit22" {
 20 |   cluster_name    = aws_eks_cluster.luit22.name
 21 |   node_group_name = var.node_group_name
 22 |   node_role_arn   = aws_iam_role.luit222.arn
 23 |   subnet_ids      = var.aws_public_subnet
 24 |   instance_types  = var.instance_types
 25 | 
 26 |   remote_access {
 27 |     source_security_group_ids = [aws_security_group.node_group_one.id]
 28 |     ec2_ssh_key               = var.key_pair
 29 |   }
 30 | 
 31 |   scaling_config {
 32 |     desired_size = var.scaling_desired_size
 33 |     max_size     = var.scaling_max_size
 34 |     min_size     = var.scaling_min_size
 35 |   }
 36 | 
 37 |   depends_on = [
 38 |     aws_iam_role_policy_attachment.luit22-AmazonEKSWorkerNodePolicy,
 39 |     aws_iam_role_policy_attachment.luit22-AmazonEKS_CNI_Policy,
 40 |     aws_iam_role_policy_attachment.luit22-AmazonEC2ContainerRegistryReadOnly,
 41 |   ]
 42 | }
 43 | 
 44 | resource "aws_security_group" "node_group_one" {
 45 |   name_prefix = "node_group_one"
 46 |   vpc_id      = var.vpc_id
 47 | 
 48 |   ingress {
 49 |     from_port = 80
 50 |     to_port   = 80
 51 |     protocol  = "tcp"
 52 | 
 53 |     cidr_blocks = ["0.0.0.0/0"]
 54 |   }
 55 |   egress {
 56 |     from_port   = 0
 57 |     to_port     = 0
 58 |     protocol    = "-1"
 59 |     cidr_blocks = ["0.0.0.0/0"]
 60 |   }
 61 | }
 62 | 
 63 | resource "aws_iam_role" "luit22" {
 64 |   name = "eks-cluster-luit22"
 65 | 
 66 |   assume_role_policy = <<POLICY
 67 | {
 68 |   "Version": "2012-10-17",
 69 |   "Statement": [
 70 |     {
 71 |       "Effect": "Allow",
 72 |       "Principal": {
 73 |         "Service": "eks.amazonaws.com"
 74 |       },
 75 |       "Action": "sts:AssumeRole"
 76 |     }
 77 |   ]
 78 | }
 79 | POLICY
 80 | }
 81 | 
 82 | resource "aws_iam_role_policy_attachment" "luit22-AmazonEKSClusterPolicy" {
 83 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
 84 |   role       = aws_iam_role.luit22.name
 85 | }
 86 | 
 87 | # Optionally, enable Security Groups for Pods
 88 | # Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
 89 | resource "aws_iam_role_policy_attachment" "luit22-AmazonEKSVPCResourceController" {
 90 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
 91 |   role       = aws_iam_role.luit22.name
 92 | }
 93 | 
 94 | resource "aws_iam_role" "luit222" {
 95 |   name = "eks-node-group-luit22"
 96 | 
 97 |   assume_role_policy = jsonencode({
 98 |     Statement = [{
 99 |       Action = "sts:AssumeRole"
100 |       Effect = "Allow"
101 |       Principal = {
102 |         Service = "ec2.amazonaws.com"
103 |       }
104 |     }]
105 |     Version = "2012-10-17"
106 |   })
107 | }
108 | 
109 | resource "aws_iam_role_policy_attachment" "luit22-AmazonEKSWorkerNodePolicy" {
110 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
111 |   role       = aws_iam_role.luit222.name
112 | }
113 | 
114 | resource "aws_iam_role_policy_attachment" "luit22-AmazonEKS_CNI_Policy" {
115 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
116 |   role       = aws_iam_role.luit222.name
117 | }
118 | 
119 | resource "aws_iam_role_policy_attachment" "luit22-AmazonEC2ContainerRegistryReadOnly" {
120 |   policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
121 |   role       = aws_iam_role.luit222.name
122 | }
123 | 


--------------------------------------------------------------------------------
/modules/eks/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "endpoint" {
 2 |   value = aws_eks_cluster.luit22.endpoint
 3 | }
 4 | 
 5 | output "kubeconfig-certificate-authority-data" {
 6 |   value = aws_eks_cluster.luit22.certificate_authority[0].data
 7 | }
 8 | output "cluster_id" {
 9 |   value = aws_eks_cluster.luit22.id
10 | }
11 | output "cluster_endpoint" {
12 |   value = aws_eks_cluster.luit22.endpoint
13 | }
14 | output "cluster_name" {
15 |   value = aws_eks_cluster.luit22.name
16 | }


--------------------------------------------------------------------------------
/modules/eks/variables.tf:
--------------------------------------------------------------------------------
 1 | #######modules/eks/variables.tf
 2 | 
 3 | variable "aws_public_subnet" {}
 4 | 
 5 | variable "vpc_id" {}
 6 | 
 7 | variable "cluster_name" {}
 8 | 
 9 | variable "endpoint_private_access" {}
10 | 
11 | variable "endpoint_public_access" {}
12 | 
13 | variable "public_access_cidrs" {}
14 | 
15 | variable "node_group_name" {}
16 | 
17 | variable "scaling_desired_size" {}
18 | 
19 | variable "scaling_max_size" {}
20 | 
21 | variable "scaling_min_size" {}
22 | 
23 | variable "instance_types" {}
24 | 
25 | variable "key_pair" {}
26 | 
27 | 


--------------------------------------------------------------------------------
/modules/vpc/main.tf:
--------------------------------------------------------------------------------
 1 | #######modules/vpc/main.tf
 2 | resource "aws_vpc" "luit22" {
 3 |   cidr_block       = var.vpc_cidr 
 4 |   instance_tenancy = var.instance_tenancy
 5 |   tags = {
 6 |     Name = var.tags
 7 |   }
 8 | }
 9 | 
10 | resource "aws_internet_gateway" "luit22_gw" {
11 |   vpc_id = aws_vpc.luit22.id
12 | 
13 |   tags = {
14 |     Name = var.tags
15 |   }
16 | }
17 | data "aws_availability_zones" "available" {
18 | }
19 | 
20 | 
21 | resource "random_shuffle" "az_list" {
22 |   input        = data.aws_availability_zones.available.names
23 |   result_count = 2
24 | }
25 | 
26 | resource "aws_subnet" "public_luit22_subnet" {
27 |   count                   = var.public_sn_count
28 |   vpc_id                  = aws_vpc.luit22.id
29 |   cidr_block              = var.public_cidrs[count.index]
30 |   availability_zone       = random_shuffle.az_list.result[count.index]
31 |   map_public_ip_on_launch = var.map_public_ip_on_launch
32 |   tags = {
33 |     Name = var.tags
34 |   }
35 | }
36 | 
37 | 
38 | resource "aws_default_route_table" "internal_luit22_default" {
39 |   default_route_table_id = aws_vpc.luit22.default_route_table_id
40 | 
41 |   route {
42 |     cidr_block = var.rt_route_cidr_block
43 |     gateway_id = aws_internet_gateway.luit22_gw.id
44 |   }
45 |   tags = {
46 |     Name = var.tags
47 |   }
48 | }
49 | 
50 | resource "aws_route_table_association" "default" {
51 |   count          = var.public_sn_count
52 |   subnet_id      = aws_subnet.public_luit22_subnet[count.index].id
53 |   route_table_id = aws_default_route_table.internal_luit22_default.id
54 | }


--------------------------------------------------------------------------------
/modules/vpc/outputs.tf:
--------------------------------------------------------------------------------
1 | ###### vpc/outputs.tf 
2 | output "aws_public_subnet" {
3 |   value = aws_subnet.public_luit22_subnet.*.id
4 | }
5 | 
6 | output "vpc_id" {
7 |   value = aws_vpc.luit22.id
8 | }


--------------------------------------------------------------------------------
/modules/vpc/variables.tf:
--------------------------------------------------------------------------------
 1 | ####### modules/vpc/variables.tf
 2 | 
 3 | variable "vpc_cidr" {}
 4 | variable "access_ip" {}
 5 | variable "public_sn_count" {}
 6 | variable "public_cidrs" {
 7 |   type = list(any)
 8 | }
 9 | variable "instance_tenancy" {
10 | 
11 | }
12 | variable "tags" {
13 | 
14 | }
15 | variable "map_public_ip_on_launch" {
16 | 
17 | }
18 | variable "rt_route_cidr_block" {
19 | 
20 | }


--------------------------------------------------------------------------------
/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "cluster_id" {
 2 |   description = "EKS cluster ID"
 3 |   value       = module.eks.cluster_id
 4 | }
 5 | 
 6 | output "cluster_endpoint" {
 7 |   description = "Endpoint for EKS control plane"
 8 |   value       = module.eks.cluster_endpoint
 9 | }
10 | 
11 | 
12 | output "cluster_name" {
13 |   description = "Kubernetes Cluster Name"
14 |   value       = module.eks.cluster_name
15 | }


--------------------------------------------------------------------------------
/provider.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 | 
 3 |   required_providers {
 4 |     aws = {
 5 |       source  = "hashicorp/aws"
 6 |       version = "~> 4.15.0"
 7 |     }
 8 | 
 9 |     random = {
10 |       source  = "hashicorp/random"
11 |       version = "3.1.0"
12 |     }
13 |     kubernetes = {
14 |       source  = "hashicorp/kubernetes"
15 |       version = ">= 2.0.1"
16 |     }
17 |   }
18 | }
19 | 
20 | 
21 | data "aws_eks_cluster" "cluster" {
22 |   name = module.eks.cluster_id
23 | }
24 | data "aws_eks_cluster_auth" "cluster" {
25 |   name = module.eks.cluster_id
26 | }
27 | provider "kubernetes" {
28 |   cluster_ca_certificate = base64decode(module.eks.kubeconfig-certificate-authority-data)
29 |   host                   = data.aws_eks_cluster.cluster.endpoint
30 |   token                  = data.aws_eks_cluster_auth.cluster.token
31 | 
32 | }
33 | 
34 | provider "aws" {
35 |   region = "us-east-1"
36 | }
37 | 
38 | resource "random_string" "suffix" {
39 |   length  = 5
40 |   special = false
41 | }
42 | 


--------------------------------------------------------------------------------