-
Notifications
You must be signed in to change notification settings - Fork 24
/
cluster.tf
105 lines (88 loc) · 3.41 KB
/
cluster.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
module "eks_cluster" {
source = "github.com/aws-ia/terraform-aws-eks-blueprints?ref=v4.32.1"
cluster_name = var.cluster_name
cluster_version = var.cluster_version
vpc_id = module.vpc.vpc_id
private_subnet_ids = module.vpc.private_subnets
node_security_group_additional_rules = {
# Extend node-to-node security group rules. Recommended and required for the Add-ons
ingress_self_all = {
description = "Node to node all ports/protocols"
protocol = "-1"
from_port = 0
to_port = 0
type = "ingress"
self = true
}
# Recommended outbound traffic for Node groups
egress_all = {
description = "Node all egress"
protocol = "-1"
from_port = 0
to_port = 0
type = "egress"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
# Allows Control Plane Nodes to talk to Worker nodes on all ports. Added this to simplify the example and further avoid issues with Add-ons communication with Control plane.
# This can be restricted further to specific port based on the requirement for each Add-on e.g., metrics-server 4443, spark-operator 8080, karpenter 8443 etc.
# Change this according to your security requirements if needed
ingress_cluster_to_node_all_traffic = {
description = "Cluster API to Nodegroup all traffic"
protocol = "-1"
from_port = 0
to_port = 0
type = "ingress"
source_cluster_security_group = true
}
}
managed_node_groups = {
node_group = {
node_group_name = "managed-ondemand"
instance_types = ["t3.large"]
subnet_ids = module.vpc.private_subnets
force_update_version = true
min_size = 1
max_size = 1
desired_size = 1
}
}
tags = {
Name = var.cluster_name
}
}
data "aws_eks_addon_version" "latest" {
for_each = toset(["vpc-cni"])
addon_name = each.value
kubernetes_version = module.eks_cluster.eks_cluster_version
most_recent = true
}
data "aws_eks_addon_version" "default" {
for_each = toset(["kube-proxy"])
addon_name = each.value
kubernetes_version = module.eks_cluster.eks_cluster_version
most_recent = false
}
module "eks_kubernetes_addons" {
source = "github.com/aws-ia/terraform-aws-eks-blueprints//modules/kubernetes-addons?ref=v4.32.1"
eks_cluster_id = module.eks_cluster.eks_cluster_id
eks_cluster_endpoint = module.eks_cluster.eks_cluster_endpoint
eks_cluster_version = module.eks_cluster.eks_cluster_version
eks_oidc_provider = module.eks_cluster.oidc_provider
eks_worker_security_group_id = module.eks_cluster.worker_node_security_group_id
auto_scaling_group_names = module.eks_cluster.self_managed_node_group_autoscaling_groups
# EKS Addons
enable_amazon_eks_vpc_cni = true
amazon_eks_vpc_cni_config = {
addon_version = data.aws_eks_addon_version.latest["vpc-cni"].version
resolve_conflicts = "OVERWRITE"
}
enable_amazon_eks_kube_proxy = true
amazon_eks_kube_proxy_config = {
addon_version = data.aws_eks_addon_version.default["kube-proxy"].version
resolve_conflicts = "OVERWRITE"
}
tags = {
Name = var.cluster_name
}
}