-
Notifications
You must be signed in to change notification settings - Fork 0
/
eks.tf
90 lines (75 loc) · 2.46 KB
/
eks.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
data "aws_ami" "node_ami" {
filter {
name = "name"
values = ["amazon-eks-node-${aws_eks_cluster.cluster.version}-v*"]
}
most_recent = true
owners = ["602401143452"]
}
resource "aws_eks_cluster" "cluster" {
name = "eks-lz-cluster"
role_arn = aws_iam_role.cluster_role.arn
version = var.eks_version
enabled_cluster_log_types = ["api", "audit"]
vpc_config {
security_group_ids = [aws_security_group.eks_sg.id]
subnet_ids = [aws_subnet.private_a.id, aws_subnet.private_b.id, aws_subnet.private_c.id]
endpoint_private_access = true
endpoint_public_access = false
}
depends_on = [
aws_cloudwatch_log_group.eks_logs,
aws_iam_role_policy_attachment.cluster_AmazonEKSClusterPolicy,
aws_iam_role_policy_attachment.cluster_AmazonEKSServicePolicy,
aws_iam_role_policy_attachment.cluster_AmazonEKSVPCResourceController
]
}
resource "aws_eks_node_group" "node" {
cluster_name = aws_eks_cluster.cluster.name
node_group_name = "${var.prefix}-1"
node_role_arn = aws_iam_role.nodes_role.arn
subnet_ids = [aws_subnet.private_a.id, aws_subnet.private_b.id, aws_subnet.private_c.id]
scaling_config {
desired_size = var.eks_node_desired
max_size = var.eks_node_max
min_size = var.eks_node_min
}
launch_template {
id = aws_launch_template.node.id
version = "$Latest"
}
depends_on = [
aws_iam_role_policy_attachment.node_AmazonEC2ContainerRegistryReadOnly,
aws_iam_role_policy_attachment.node_AmazonEC2FullAccess,
aws_iam_role_policy_attachment.node_AmazonEKS_CNI_Policy,
aws_iam_role_policy_attachment.node_AmazonEKSWorkerNodePolicy
]
}
resource "aws_launch_template" "node" {
name = "${var.prefix}-DEFAULT"
ebs_optimized = true
image_id = data.aws_ami.node_ami.id
instance_type = var.eks_node_size
vpc_security_group_ids = [aws_security_group.eks_sg.id]
user_data = base64encode(local.node-userdata)
block_device_mappings {
device_name = "/dev/sda1"
ebs {
encrypted = true
volume_size = var.eks_node_storage
volume_type = "gp3"
}
}
capacity_reservation_specification {
capacity_reservation_preference = "open"
}
iam_instance_profile {
name = aws_iam_instance_profile.node_profile.name
}
monitoring {
enabled = true
}
tags = {
Name = "EKS Worker Node"
}
}