From 35948f988a72ef7214c98dda5a2858d16e2ba2ed Mon Sep 17 00:00:00 2001 From: David Monks Date: Wed, 20 Oct 2021 11:53:02 +0100 Subject: [PATCH] Add example of bottlerocket node groups Prior to this change, the examples only showed how to use bottlerocket with the older worker_nodes configuration. This change demonstrates the use of node_groups to create a bottlerocket based cluster. --- .../managed_bottlerocket_node_group/README.md | 75 +++++++++ .../managed_bottlerocket_node_group/main.tf | 159 ++++++++++++++++++ .../outputs.tf | 24 +++ .../userdata.toml | 30 ++++ .../variables.tf | 0 .../versions.tf | 11 ++ 6 files changed, 299 insertions(+) create mode 100644 examples/managed_bottlerocket_node_group/README.md create mode 100644 examples/managed_bottlerocket_node_group/main.tf create mode 100644 examples/managed_bottlerocket_node_group/outputs.tf create mode 100644 examples/managed_bottlerocket_node_group/userdata.toml create mode 100644 examples/managed_bottlerocket_node_group/variables.tf create mode 100644 examples/managed_bottlerocket_node_group/versions.tf diff --git a/examples/managed_bottlerocket_node_group/README.md b/examples/managed_bottlerocket_node_group/README.md new file mode 100644 index 00000000000..ec3a49497ee --- /dev/null +++ b/examples/managed_bottlerocket_node_group/README.md @@ -0,0 +1,75 @@ +# AWS EKS cluster running Bottlerocket AMI + +Configuration in this directory creates EKS cluster with nodes group running [AWS Bottlerocket OS](https://github.com/bottlerocket-os/bottlerocket) + +This is a minimalistic example which shows what knobs to turn to make Bottlerocket work. + +See [the official documentation](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami-bottlerocket.html) for more details. + +## Usage + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13.1 | +| [aws](#requirement\_aws) | >= 3.56.0 | +| [kubernetes](#requirement\_kubernetes) | ~> 2.0 | +| [local](#requirement\_local) | >= 1.4 | +| [random](#requirement\_random) | >= 2.1 | +| [tls](#requirement\_tls) | >= 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 3.56.0 | +| [random](#provider\_random) | >= 2.1 | +| [tls](#provider\_tls) | >= 2.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [eks](#module\_eks) | ../.. | | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role_policy_attachment.ssm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_key_pair.nodes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource | +| [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [tls_private_key.nodes](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | +| [aws_ami.bottlerocket_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | +| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source | +| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for EKS control plane. | +| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | Security group ids attached to the cluster control plane. | +| [config\_map\_aws\_auth](#output\_config\_map\_aws\_auth) | A kubernetes configuration to authenticate to this EKS cluster. | +| [kubectl\_config](#output\_kubectl\_config) | kubectl config as generated by the module. | +| [node\_groups](#output\_node\_groups) | Outputs from node groups | + diff --git a/examples/managed_bottlerocket_node_group/main.tf b/examples/managed_bottlerocket_node_group/main.tf new file mode 100644 index 00000000000..2fed73a5ea9 --- /dev/null +++ b/examples/managed_bottlerocket_node_group/main.tf @@ -0,0 +1,159 @@ +provider "aws" { + region = local.region +} + +locals { + name = "bottlerocket-${random_string.suffix.result}" + cluster_version = "1.20" + region = "eu-west-1" +} + +################################################################################ +# EKS Module +################################################################################ + +module "eks" { + source = "../.." + + cluster_name = local.name + cluster_version = local.cluster_version + + vpc_id = module.vpc.vpc_id + subnets = [module.vpc.private_subnets[0], module.vpc.public_subnets[1]] + fargate_subnets = [module.vpc.private_subnets[2]] + + cluster_endpoint_private_access = true + cluster_endpoint_public_access = true + + write_kubeconfig = false + manage_aws_auth = true + + node_groups = { + bottlerocket = { + name = "bottlerocket-nodes" + ami_id = data.aws_ami.bottlerocket_ami.id + instance_types = ["t3a.small"] + desired_capacity = 2 + key_name = aws_key_pair.nodes.key_name + + # Since we are using default VPC there is no NAT gateway so we need to + # attach public ip to nodes so they can reach k8s API server + # do not repeat this at home (i.e. production) + public_ip = true + + # This section overrides default userdata template to pass bottlerocket + # specific user data and pass additional arguments for userdata template rendering + user_data = { + template_file = "${path.module}/userdata.toml" + template_extra_args = { + enable_admin_container = false + enable_control_container = true + aws_region = data.aws_region.current.name + } + } + # example of k8s/kubelet configuration via additional_userdata + pre_userdata = <