eks

Author: ranjeet-pivotchain

aws-devops/aws-eks/ingress/aws-eks-app-deployment

@@ -0,0 +1 @@
+Subproject commit 004427c433e59fa15777ff494e642b5a3f2bc2f1

aws-devops/aws-eks/ingress/game-2048.yaml

@@ -0,0 +1,41 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: game-2048
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: game-2048
+  name: deployment-2048
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: app-2048
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: app-2048
+    spec:
+      containers:
+      - image: public.ecr.aws/l6m2t8p7/docker-2048:latest
+        imagePullPolicy: Always
+        name: app-2048
+        ports:
+        - containerPort: 80
+---
+apiVersion: v1
+kind: Service
+metadata:
+  namespace: game-2048
+  name: service-2048
+spec:
+  ports:
+    - port: 80
+      targetPort: 80
+      protocol: TCP
+  type: NodePort
+  selector:
+    app.kubernetes.io/name: app-2048

aws-devops/aws-eks/ingress/links

@@ -0,0 +1,3 @@
+https://github.com/listentolearn/aws-eks-app-deployment/tree/main
+
+https://www.youtube.com/watch?v=ZGKaSboqKzk

aws-devops/aws-eks/ingress/serviceaccount.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/name: aws-load-balancer-controller
+  name: aws-load-balancer-controller
+  namespace: kube-system
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::804872348047:role/lb-controller-role

aws-devops/aws-eks/terra-eks/.terraform.lock.hcl

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: game-deployment
+  labels:
+    app: game
+spec:
+  selector:
+    matchLabels:
+      app: game
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: game
+    spec:
+      containers:
+      - name: game
+        image: bhargavshah86/kube-test:v0.1
+        ports:
+        - containerPort: 80
+        resources:
+          limits:
+            memory: 256Mi
+            cpu: "250m"
+          requests:
+            memory: 128Mi
+            cpu: "80m"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: game
+spec:
+  selector:
+    app: game
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+      nodePort: 30081   
+  type: NodePort

aws-devops/aws-eks/terra-eks/app-deploy.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: frontend-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/x-forwarded-prefix: /
+    nginx.ingress.kubernetes.io/enable-access-log: "false"
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: game
+            port:
+              number: 80
+

aws-devops/aws-eks/terra-eks/ingress.yaml

@@ -0,0 +1,202 @@
+#----------------------------------------------------------
+#  Terraform - From Zero to Certified Professional
+#
+# Provision:
+#  - VPC
+#  - Internet Gateway
+#  - XX Public Subnets
+#  - XX Private Subnets
+#  - XX NAT Gateways in Public Subnets to give Internet access from Private Subnets
+#
+# Developed by RANJEET JADHAV
+#----------------------------------------------------------
+provider "aws" {
+  region = "us-east-2"
+
+}
+
+data "aws_availability_zones" "available" {}
+
+#-------------VPC and Internet Gateway------------------------------------------
+resource "aws_vpc" "sbi" {
+  cidr_block = var.vpc_cidr
+  tags       = merge(var.tags, { Name = "${var.env}-vpc" })
+}
+
+resource "aws_internet_gateway" "sbi" {
+  vpc_id = aws_vpc.sbi.id
+  tags   = merge(var.tags, { Name = "${var.env}-igw" })
+}
+
+#-------------Public Subnets and Routing----------------------------------------
+resource "aws_subnet" "public_subnets" {
+  count                   = length(var.public_subnet_cidrs)
+  vpc_id                  = aws_vpc.sbi.id
+  cidr_block              = element(var.public_subnet_cidrs, count.index)
+  availability_zone       = data.aws_availability_zones.available.names[count.index]
+  map_public_ip_on_launch = true
+  tags                    = merge(var.tags, { Name = "${var.env}-public-${count.index + 1}" })
+}
+
+resource "aws_route_table" "public_subnets" {
+  vpc_id = aws_vpc.sbi.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.sbi.id
+  }
+  tags = merge(var.tags, { Name = "${var.env}-route-public-subnets" })
+}
+
+resource "aws_route_table_association" "public_routes" {
+  count          = length(aws_subnet.public_subnets[*].id)
+  route_table_id = aws_route_table.public_subnets.id
+  subnet_id      = aws_subnet.public_subnets[count.index].id
+}
+
+#-----NAT Gateways with Elastic IPs--------------------------
+
+resource "aws_eip" "nat" {
+  # count = length(var.private_subnet_cidrs)
+  vpc  = true
+  tags = merge(var.tags, { Name = "${var.env}-nat-gw" })
+}
+
+
+resource "aws_nat_gateway" "nat" {
+  # count         = length(var.private_subnet_cidrs)
+  allocation_id = aws_eip.nat.id
+  subnet_id     = aws_subnet.public_subnets[0].id
+  tags          = merge(var.tags, { Name = "${var.env}-nat-gw" })
+}
+
+#--------------Private Subnets and Routing-------------------------
+resource "aws_subnet" "private_subnets" {
+  count             = length(var.private_subnet_cidrs)
+  vpc_id            = aws_vpc.sbi.id
+  cidr_block        = var.private_subnet_cidrs[count.index]
+  availability_zone = data.aws_availability_zones.available.names[count.index]
+  tags              = merge(var.tags, { Name = "${var.env}-private-${count.index + 1}" })
+}
+
+resource "aws_route_table" "private_subnets" {
+  # count  = length(var.private_subnet_cidrs)
+  vpc_id = aws_vpc.sbi.id
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.nat.id
+  }
+  tags = merge(var.tags, { Name = "${var.env}-route-private-subnet" })
+}
+
+resource "aws_route_table_association" "private_routes" {
+  count          = length(aws_subnet.private_subnets[*].id)
+  route_table_id = aws_route_table.private_subnets.id
+  subnet_id      = aws_subnet.private_subnets[count.index].id
+}
+
+#==============================================================
+
+resource "aws_iam_role" "eks_cluster-terra" {
+  name               = "eks-cluster-terra"
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.eks_cluster-terra.name
+}
+
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSServicePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.eks_cluster-terra.name
+}
+
+resource "aws_eks_cluster" "aws_eks" {
+  name     = "eks-cluster-terra"
+  role_arn = aws_iam_role.eks_cluster-terra.arn
+
+  vpc_config {
+    subnet_ids              = ["${aws_subnet.private_subnets[0].id}", "${aws_subnet.private_subnets[1].id}", "${aws_subnet.public_subnets[0].id}", "${aws_subnet.public_subnets[1].id}"]
+    endpoint_private_access = true
+    endpoint_public_access  = true
+    public_access_cidrs     = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name  = "eks-terra"
+    Owner = "Ranjeet Jadhav"
+  }
+}
+
+resource "aws_iam_role" "eks-node-grp-terra" {
+  name               = "eks-nodegrp-terra"
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY  
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSWorkerNodePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+  role       = aws_iam_role.eks-node-grp-terra.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKS_CNI_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  role       = aws_iam_role.eks-node-grp-terra.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+  role       = aws_iam_role.eks-node-grp-terra.name
+}
+
+
+resource "aws_eks_node_group" "node" {
+  cluster_name    = aws_eks_cluster.aws_eks.name
+  node_group_name = "eks-node-group-terra"
+  node_role_arn   = aws_iam_role.eks-node-grp-terra.arn
+  instance_types  = ["t2.medium"]
+  subnet_ids      = ["${aws_subnet.private_subnets[0].id}", "${aws_subnet.private_subnets[1].id}"]
+  ami_type        = "AL2_x86_64" # AL2_x86_64, AL2_x86_64_GPU, AL2_ARM_64, CUSTOM
+  capacity_type   = "ON_DEMAND"  # ON_DEMAND, SPOT
+  disk_size       = 20
+
+  scaling_config {
+    desired_size = 1
+    max_size     = 1
+    min_size     = 1
+  }
+
+  # Ensure that IAM Role permissions are created before and deleted after EKS Node Group handling.
+  # Otherwise, EKS will not be able to properly delete EC2 Instances and Elastic Network Interfaces.
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSWorkerNodePolicy,
+    aws_iam_role_policy_attachment.AmazonEKS_CNI_Policy,
+    aws_iam_role_policy_attachment.AmazonEC2ContainerRegistryReadOnly,
+  ]
+}

aws-devops/aws-eks/terra-eks/main.tf

@@ -0,0 +1,11 @@
+# output "eks_cluster_endpoint" {
+#   value = aws_eks_cluster.aws_eks.endpoint
+# }
+
+# output "eks_cluster_certificate_authority" {
+#   value = aws_eks_cluster.aws_eks.certificate_authority
+# }
+
+output "aws_subnet_id" {
+  value = aws_subnet.private_subnets[1].id
+}