From 6191c2f57534a9e628dc28fa238f4784230f44a9 Mon Sep 17 00:00:00 2001 From: Andrey Devyatkin Date: Wed, 19 May 2021 21:17:18 +0200 Subject: [PATCH] docs: Add Bottlerocket example (#1296) Signed-off-by: Andrey Devyatkin --- examples/bottlerocket/README.md | 7 ++++ examples/bottlerocket/data.tf | 22 ++++++++++ examples/bottlerocket/main.tf | 64 +++++++++++++++++++++++++++++ examples/bottlerocket/userdata.toml | 24 +++++++++++ examples/bottlerocket/variables.tf | 17 ++++++++ 5 files changed, 134 insertions(+) create mode 100644 examples/bottlerocket/README.md create mode 100644 examples/bottlerocket/data.tf create mode 100644 examples/bottlerocket/main.tf create mode 100644 examples/bottlerocket/userdata.toml create mode 100644 examples/bottlerocket/variables.tf diff --git a/examples/bottlerocket/README.md b/examples/bottlerocket/README.md new file mode 100644 index 00000000000..cc73eb7634b --- /dev/null +++ b/examples/bottlerocket/README.md @@ -0,0 +1,7 @@ +# AWS Bottlerocket based nodes + +This is a minimalistic example that shows how to use functionality of this module to deploy +nodes based on [AWS Bottlerocket container OS](https://github.com/bottlerocket-os/bottlerocket) + +Example is minimalistic by purpose - it shows what knobs to turn to make Bottlerocket work. +Do not use default VPC for your workloads deployment. \ No newline at end of file diff --git a/examples/bottlerocket/data.tf b/examples/bottlerocket/data.tf new file mode 100644 index 00000000000..bf380b382cf --- /dev/null +++ b/examples/bottlerocket/data.tf @@ -0,0 +1,22 @@ +data "aws_ami" "bottlerocket_ami" { + most_recent = true + owners = ["amazon"] + filter { + name = "name" + values = ["bottlerocket-aws-k8s-${var.k8s_version}-x86_64-*"] + } +} + +data "aws_region" "current" {} + +data "aws_vpc" "default" { + default = true +} + +data "aws_subnet_ids" "default" { + vpc_id = data.aws_vpc.default.id +} + +data "aws_iam_policy" "ssm" { + arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" +} \ No newline at end of file diff --git a/examples/bottlerocket/main.tf b/examples/bottlerocket/main.tf new file mode 100644 index 00000000000..86166df0e5c --- /dev/null +++ b/examples/bottlerocket/main.tf @@ -0,0 +1,64 @@ +terraform { + required_version = ">= 0.13.0" +} + +resource "tls_private_key" "nodes" { + algorithm = "RSA" +} + +resource "aws_key_pair" "nodes" { + key_name = "bottlerocket-nodes" + public_key = tls_private_key.nodes.public_key_openssh +} + +module "eks" { + source = "../.." + cluster_name = "bottlerocket" + cluster_version = var.k8s_version + subnets = data.aws_subnet_ids.default.ids + + vpc_id = data.aws_vpc.default.id + + write_kubeconfig = false + manage_aws_auth = false + + worker_groups_launch_template = [ + { + name = "bottlerocket-nodes" + # passing bottlerocket ami id + ami_id = data.aws_ami.bottlerocket_ami.id + instance_type = "t3a.small" + asg_desired_capacity = 2 + key_name = aws_key_pair.nodes.key_name + + # Since we are using default VPC there is no NAT gateway so we need to + # attach public ip to nodes so they can reach k8s API server + # do not repeat this at home (i.e. production) + public_ip = true + + # This section overrides default userdata template to pass bottlerocket + # specific user data + userdata_template_file = "${path.module}/userdata.toml" + # we are using this section to pass additional arguments for + # userdata template rendering + userdata_template_extra_args = { + enable_admin_container = var.enable_admin_container + enable_control_container = var.enable_control_container + aws_region = data.aws_region.current.name + } + # example of k8s/kubelet configuration via additional_userdata + additional_userdata = <