From 2bac3e97fcdfd7b3ec702545ebe745956c002344 Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Wed, 24 Jan 2024 21:45:38 -0300 Subject: [PATCH 1/8] Update EKS 1.29 --- helm_argo_rollouts.tf | 65 ++++++++++++++++++- .../chip/argo/chip-istio-rollout-canary.yml | 26 +------- variables.tf | 16 +++-- 3 files changed, 78 insertions(+), 29 deletions(-) diff --git a/helm_argo_rollouts.tf b/helm_argo_rollouts.tf index f5caad3..b818add 100644 --- a/helm_argo_rollouts.tf +++ b/helm_argo_rollouts.tf @@ -12,7 +12,6 @@ resource "helm_release" "argo_rollouts" { value = true } - set { name = "controller.metrics.enabled" value = true @@ -39,4 +38,68 @@ resource "helm_release" "argo_rollouts" { aws_eks_node_group.cluster, kubernetes_config_map.aws-auth ] +} + +resource "kubectl_manifest" "rollouts_gateway" { + yaml_body = < Date: Wed, 24 Jan 2024 21:47:01 -0300 Subject: [PATCH 2/8] terraform fmt --- addons.tf | 16 ++-- aws-auth-config.tf | 6 +- eks.tf | 122 ++++++++++++++-------------- helm_alb_ingress_controller.tf | 86 ++++++++++---------- helm_argo_rollouts.tf | 62 +++++++------- helm_chaos_mesh.tf | 22 ++--- helm_cluster_autoscaler.tf | 104 ++++++++++++------------ helm_descheduler.tf | 30 +++---- helm_jaeger.tf | 22 ++--- helm_keda.tf | 32 ++++---- helm_metrics_server.tf | 28 +++---- helm_node_termination_handler.tf | 2 +- iam_alb_controller.tf | 134 +++++++++++++++---------------- iam_cluster_role.tf | 36 ++++----- iam_karpenter.tf | 4 +- iam_keda.tf | 46 +++++------ iam_node_termination_handler.tf | 2 +- iam_nodes.tf | 80 +++++++++--------- internet_gateway.tf | 22 ++--- kms.tf | 6 +- nat_gateway.tf | 32 ++++---- nlb.tf | 84 +++++++++---------- nodes.tf | 108 ++++++++++++------------- oidc.tf | 4 +- pods_subnets.tf | 72 ++++++++--------- private_subnets.tf | 48 +++++------ private_zone.tf | 2 +- provider.tf | 20 ++--- public_subnets.tf | 42 +++++----- variables.tf | 10 +-- vpc.tf | 12 +-- 31 files changed, 648 insertions(+), 648 deletions(-) diff --git a/addons.tf b/addons.tf index beee5f6..ae66eab 100644 --- a/addons.tf +++ b/addons.tf @@ -1,6 +1,6 @@ resource "aws_eks_addon" "cni" { - cluster_name = aws_eks_cluster.eks_cluster.name - addon_name = "vpc-cni" + cluster_name = aws_eks_cluster.eks_cluster.name + addon_name = "vpc-cni" addon_version = var.addon_cni_version resolve_conflicts = "OVERWRITE" @@ -12,8 +12,8 @@ resource "aws_eks_addon" "cni" { } resource "aws_eks_addon" "coredns" { - cluster_name = aws_eks_cluster.eks_cluster.name - addon_name = "coredns" + cluster_name = aws_eks_cluster.eks_cluster.name + addon_name = "coredns" addon_version = var.addon_coredns_version resolve_conflicts = "OVERWRITE" @@ -25,8 +25,8 @@ resource "aws_eks_addon" "coredns" { } resource "aws_eks_addon" "kubeproxy" { - cluster_name = aws_eks_cluster.eks_cluster.name - addon_name = "kube-proxy" + cluster_name = aws_eks_cluster.eks_cluster.name + addon_name = "kube-proxy" addon_version = var.addon_kubeproxy_version resolve_conflicts = "OVERWRITE" @@ -37,8 +37,8 @@ resource "aws_eks_addon" "kubeproxy" { } resource "aws_eks_addon" "csi_driver" { - cluster_name = aws_eks_cluster.eks_cluster.name - addon_name = "aws-ebs-csi-driver" + cluster_name = aws_eks_cluster.eks_cluster.name + addon_name = "aws-ebs-csi-driver" addon_version = var.addon_csi_version resolve_conflicts = "OVERWRITE" diff --git a/aws-auth-config.tf b/aws-auth-config.tf index e326327..2d84149 100644 --- a/aws-auth-config.tf +++ b/aws-auth-config.tf @@ -1,11 +1,11 @@ resource "kubernetes_config_map" "aws-auth" { metadata { - name = "aws-auth" - namespace = "kube-system" + name = "aws-auth" + namespace = "kube-system" } data = { - mapRoles = < Date: Wed, 24 Jan 2024 21:56:09 -0300 Subject: [PATCH 3/8] terraform fmt --- variables.tf | 70 +++++++++++++++++++++++++++++++++------------------- 1 file changed, 44 insertions(+), 26 deletions(-) diff --git a/variables.tf b/variables.tf index eac219d..745d662 100644 --- a/variables.tf +++ b/variables.tf @@ -3,14 +3,17 @@ ######################### variable "cluster_name" { + description = "The name of the Amazon EKS cluster. This is a unique identifier for your EKS cluster within the AWS region." default = "eks-cluster" } variable "aws_region" { + description = "AWS region where the EKS cluster will be deployed. This should be set to the region where you want your Kubernetes resources to reside." default = "us-east-1" } variable "k8s_version" { + description = "The version of Kubernetes to use for the EKS cluster. This version should be compatible with the AWS EKS service and other infrastructure components." default = "1.29" } @@ -19,12 +22,14 @@ variable "k8s_version" { ######################### variable "nodes_instances_sizes" { + description = "A list of EC2 instance types to use for the EKS worker nodes. These instance types should balance between cost, performance, and resource requirements for your workload." default = [ "t3.large" ] } variable "auto_scale_options" { + description = "Configuration for the EKS cluster auto-scaling. It includes the minimum (min), maximum (max), and desired (desired) number of worker nodes." default = { min = 4 max = 10 @@ -34,23 +39,24 @@ variable "auto_scale_options" { variable "cluster_autoscaler_toggle" { type = bool - description = "Enable Cluster Autoscaler Installation" + description = "Enable or disable the Cluster Autoscaler installation. When true, Cluster Autoscaler is installed to automatically adjust the number of nodes in the cluster." default = false } + ######################### ### KARPENTER CONFIGS ### ######################### variable "karpenter_toggle" { type = bool - description = "Enable Karpenter Installation" + description = "Determines whether Karpenter is enabled for the EKS cluster. Karpenter is an open-source auto-scaler for Kubernetes clusters." default = true } variable "karpenter_instance_family" { type = list(any) - description = "Instance family list to launch on karpenter" + description = "Defines a list of EC2 instance families to be considered by Karpenter for node provisioning. Instance families like 'c6' and 'c5' offer different compute capabilities." default = [ "c6", "c6a", @@ -60,7 +66,7 @@ variable "karpenter_instance_family" { variable "karpenter_instance_sizes" { type = list(any) - description = "Instance sizes to diversify into instance family" + description = "Specifies a list of instance sizes within the chosen instance families to allow diversity in the provisioned nodes by Karpenter." default = [ "large", "2xlarge" @@ -69,7 +75,7 @@ variable "karpenter_instance_sizes" { variable "karpenter_capacity_type" { type = list(any) - description = "Capacity Type; Ex spot, on_demand" + description = "Defines the capacity types for provisioning instances in the cluster, such as 'spot' or 'on_demand', offering cost-saving options or consistent availability respectively." default = [ "spot" ] @@ -77,7 +83,7 @@ variable "karpenter_capacity_type" { variable "karpenter_availability_zones" { type = list(any) - description = "Availability zones to launch nodes" + description = "A list of AWS availability zones where Karpenter should launch nodes. These zones should be in the same region as the EKS cluster." default = [ "us-east-1a", "us-east-1b", @@ -91,53 +97,59 @@ variable "karpenter_availability_zones" { variable "nlb_ingress_internal" { type = bool + description = "Indicates whether the Network Load Balancer (NLB) for the EKS cluster should be internal, restricting access to within the AWS network." default = false } variable "nlb_ingress_type" { type = string + description = "Specifies the type of ingress to be used, such as 'network', determining how the NLB handles incoming traffic to the EKS cluster." default = "network" } variable "proxy_protocol_v2" { type = bool + description = "Enables or disables Proxy Protocol v2 on the Network Load Balancer, used for preserving client IP addresses and other connection information." default = false } variable "nlb_ingress_enable_termination_protection" { type = bool + description = "Determines if termination protection is enabled for the Network Load Balancer, preventing accidental deletion." default = false } variable "enable_cross_zone_load_balancing" { type = bool + description = "Controls whether cross-zone load balancing is enabled for the Network Load Balancer, allowing even traffic distribution across all zones." default = false } + ######################### ### ROUTE53 CONFIGS ### ######################### variable "cluster_private_zone" { type = string + description = "The private DNS zone name for the EKS cluster in AWS Route53. This zone is used for internal DNS resolution within the cluster." default = "k8s.cluster" } - ######################### ### ISTIO CONFIGS ### ######################### variable "istio_ingress_min_pods" { type = number + description = "The minimum number of pods to maintain for the Istio ingress gateway. This ensures basic availability and load handling." default = 3 - description = "Minimum pods for istio-ingress-gateway" } variable "istio_ingress_max_pods" { type = number + description = "The maximum number of pods to scale up for the Istio ingress gateway. This limits the resources used and manages the scaling behavior." default = 9 - description = "Maximum pods for istio-ingress-gateway" } ######################### @@ -145,18 +157,21 @@ variable "istio_ingress_max_pods" { ######################### variable "grafana_virtual_service_host" { - type = string - default = "grafana.k8s.raj.ninja" + type = string + description = "The hostname for the Grafana virtual service, used in Istio routing. This host is used to access Grafana dashboards for monitoring metrics." + default = "grafana.k8s.raj.ninja" } variable "kiali_virtual_service_host" { - type = string - default = "kiali.k8s.raj.ninja" + type = string + description = "The hostname for the Kiali virtual service, a part of Istio's service mesh visualization. It provides insights into the mesh topology and performance." + default = "kiali.k8s.raj.ninja" } variable "jaeger_virtual_service_host" { - type = string - default = "jaeger.k8s.raj.ninja" + type = string + description = "The hostname for the Jaeger virtual service, used for tracing and monitoring microservices within the Istio service mesh." + default = "jaeger.k8s.raj.ninja" } ############################### @@ -164,8 +179,9 @@ variable "jaeger_virtual_service_host" { ############################### variable "argo_rollouts_virtual_service_host" { - type = string - default = "argo-rollouts.k8s.raj.ninja" + type = string + description = "The hostname for the Argo Rollouts virtual service, used for advanced deployment capabilities like canary and blue-green deployments in Kubernetes." + default = "argo-rollouts.k8s.raj.ninja" } ######################### @@ -174,31 +190,31 @@ variable "argo_rollouts_virtual_service_host" { variable "descheduler_toggle" { type = bool - description = "Enable Descheduler Installation" + description = "Controls the installation of the Descheduler, a tool to balance and optimize the distribution of Pods across the cluster for improved efficiency." default = false } variable "chaos_mesh_toggle" { type = bool - description = "Enable Chaos Mesh Installation" + description = "Determines whether to install Chaos Mesh, a cloud-native Chaos Engineering platform that orchestrates chaos experiments on Kubernetes environments." default = false } variable "node_termination_handler_toggle" { type = bool - description = "Enable AWS Node Termination Handler Setup" + description = "Enables the AWS Node Termination Handler, which ensures that Kubernetes workloads are gracefully handled during EC2 instance terminations or disruptions." default = true } variable "argo_rollouts_toggle" { type = bool - description = "Enable Argo Rollouts Installation" + description = "Enables the installation of Argo Rollouts, providing advanced deployment strategies like Canary and Blue-Green deployments in Kubernetes." default = true } variable "keda_toggle" { type = bool - description = "Enable Keda Installation" + description = "Activates the installation of KEDA (Kubernetes Event-Driven Autoscaling), which adds event-driven scaling capabilities to Kubernetes workloads." default = true } @@ -208,29 +224,31 @@ variable "keda_toggle" { variable "addon_cni_version" { type = string - description = "VPC CNI Version" + description = "Specifies the version of the AWS VPC CNI (Container Network Interface) plugin to use, which manages the network interfaces for pod networking." default = "v1.14.1-eksbuild.1" } variable "addon_coredns_version" { type = string - description = "CoreDNS Version" + description = "Defines the version of CoreDNS to use, a DNS server/forwarder that is integral to internal Kubernetes DNS resolution." default = "v1.11.1-eksbuild.4" } variable "addon_kubeproxy_version" { type = string - description = "Kubeproxy Version" + description = "Sets the version of Kubeproxy to be used, which handles Kubernetes network services like forwarding the requests to correct containers." default = "v1.29.0-eksbuild.1" } variable "addon_csi_version" { type = string - description = "CSI Version" + description = "Indicates the version of the Container Storage Interface (CSI) driver to use for managing storage volumes in Kubernetes." default = "v1.26.1-eksbuild.1" } variable "default_tags" { + type = map(string) + description = "A map of default tags to apply to all resources. These tags can help with identifying and organizing resources within the AWS environment." default = { Environment = "prod" Foo = "Bar" From 8805ff1b8a81f6ba285a3686b74654673a48c19d Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Wed, 24 Jan 2024 21:58:35 -0300 Subject: [PATCH 4/8] terraform-docs --- README.md | 69 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index 97078c5..27f9516 100644 --- a/README.md +++ b/README.md @@ -180,6 +180,8 @@ No modules. | [kubectl_manifest.karpenter_template](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubectl_manifest.kiali_gateway](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubectl_manifest.kiali_virtual_service](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubectl_manifest.rollouts_gateway](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubectl_manifest.rollouts_virtual_service](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubernetes_config_map.aws-auth](https://registry.terraform.io/providers/kubernetes/latest/docs/resources/config_map) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_eks_cluster_auth.default](https://registry.terraform.io/providers/aws/latest/docs/data-sources/eks_cluster_auth) | data source | @@ -203,38 +205,39 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [addon\_cni\_version](#input\_addon\_cni\_version) | VPC CNI Version | `string` | `"v1.14.1-eksbuild.1"` | no | -| [addon\_coredns\_version](#input\_addon\_coredns\_version) | CoreDNS Version | `string` | `"v1.10.1-eksbuild.4"` | no | -| [addon\_csi\_version](#input\_addon\_csi\_version) | CSI Version | `string` | `"v1.24.0-eksbuild.1"` | no | -| [addon\_kubeproxy\_version](#input\_addon\_kubeproxy\_version) | Kubeproxy Version | `string` | `"v1.28.1-eksbuild.1"` | no | -| [argo\_rollouts\_toggle](#input\_argo\_rollouts\_toggle) | Enable Argo Rollouts Installation | `bool` | `true` | no | -| [auto\_scale\_options](#input\_auto\_scale\_options) | n/a | `map` | 
{
  "desired": 6,
  "max": 10,
  "min": 4
}
| no | -| [aws\_region](#input\_aws\_region) | n/a | `string` | `"us-east-1"` | no | -| [chaos\_mesh\_toggle](#input\_chaos\_mesh\_toggle) | Enable Chaos Mesh Installation | `bool` | `false` | no | -| [cluster\_autoscaler\_toggle](#input\_cluster\_autoscaler\_toggle) | Enable Cluster Autoscaler Installation | `bool` | `false` | no | -| [cluster\_name](#input\_cluster\_name) | n/a | `string` | `"eks-cluster"` | no | -| [cluster\_private\_zone](#input\_cluster\_private\_zone) | n/a | `string` | `"k8s.cluster"` | no | -| [default\_tags](#input\_default\_tags) | n/a | `map` | 
{
  "Environment": "prod",
  "Foo": "Bar",
  "Ping": "Pong"
}
| no | -| [descheduler\_toggle](#input\_descheduler\_toggle) | Enable Descheduler Installation | `bool` | `false` | no | -| [enable\_cross\_zone\_load\_balancing](#input\_enable\_cross\_zone\_load\_balancing) | n/a | `bool` | `false` | no | -| [grafana\_virtual\_service\_host](#input\_grafana\_virtual\_service\_host) | n/a | `string` | `"grafana.k8s.raj.ninja"` | no | -| [istio\_ingress\_max\_pods](#input\_istio\_ingress\_max\_pods) | Maximum pods for istio-ingress-gateway | `number` | `9` | no | -| [istio\_ingress\_min\_pods](#input\_istio\_ingress\_min\_pods) | Minimum pods for istio-ingress-gateway | `number` | `3` | no | -| [jaeger\_virtual\_service\_host](#input\_jaeger\_virtual\_service\_host) | n/a | `string` | `"jaeger.k8s.raj.ninja"` | no | -| [k8s\_version](#input\_k8s\_version) | n/a | `string` | `"1.28"` | no | -| [karpenter\_availability\_zones](#input\_karpenter\_availability\_zones) | Availability zones to launch nodes | `list` | 
[
  "us-east-1a",
  "us-east-1b",
  "us-east-1c"
]
| no | -| [karpenter\_capacity\_type](#input\_karpenter\_capacity\_type) | Capacity Type; Ex spot, on\_demand | `list` | 
[
  "spot"
]
| no | -| [karpenter\_instance\_family](#input\_karpenter\_instance\_family) | Instance family list to launch on karpenter | `list` | 
[
  "c6",
  "c6a",
  "c5"
]
| no | -| [karpenter\_instance\_sizes](#input\_karpenter\_instance\_sizes) | Instance sizes to diversify into instance family | `list` | 
[
  "large",
  "2xlarge"
]
| no | -| [karpenter\_toggle](#input\_karpenter\_toggle) | Enable Karpenter Installation | `bool` | `true` | no | -| [keda\_toggle](#input\_keda\_toggle) | Enable Keda Installation | `bool` | `true` | no | -| [kiali\_virtual\_service\_host](#input\_kiali\_virtual\_service\_host) | n/a | `string` | `"kiali.k8s.raj.ninja"` | no | -| [nlb\_ingress\_enable\_termination\_protection](#input\_nlb\_ingress\_enable\_termination\_protection) | n/a | `bool` | `false` | no | -| [nlb\_ingress\_internal](#input\_nlb\_ingress\_internal) | n/a | `bool` | `false` | no | -| [nlb\_ingress\_type](#input\_nlb\_ingress\_type) | n/a | `string` | `"network"` | no | -| [node\_termination\_handler\_toggle](#input\_node\_termination\_handler\_toggle) | Enable AWS Node Termination Handler Setup | `bool` | `true` | no | -| [nodes\_instances\_sizes](#input\_nodes\_instances\_sizes) | n/a | `list` | 
[
  "t3.large"
]
| no | -| [proxy\_protocol\_v2](#input\_proxy\_protocol\_v2) | n/a | `bool` | `false` | no | +| [addon\_cni\_version](#input\_addon\_cni\_version) | Specifies the version of the AWS VPC CNI (Container Network Interface) plugin to use, which manages the network interfaces for pod networking. | `string` | `"v1.14.1-eksbuild.1"` | no | +| [addon\_coredns\_version](#input\_addon\_coredns\_version) | Defines the version of CoreDNS to use, a DNS server/forwarder that is integral to internal Kubernetes DNS resolution. | `string` | `"v1.11.1-eksbuild.4"` | no | +| [addon\_csi\_version](#input\_addon\_csi\_version) | Indicates the version of the Container Storage Interface (CSI) driver to use for managing storage volumes in Kubernetes. | `string` | `"v1.26.1-eksbuild.1"` | no | +| [addon\_kubeproxy\_version](#input\_addon\_kubeproxy\_version) | Sets the version of Kubeproxy to be used, which handles Kubernetes network services like forwarding the requests to correct containers. | `string` | `"v1.29.0-eksbuild.1"` | no | +| [argo\_rollouts\_toggle](#input\_argo\_rollouts\_toggle) | Enables the installation of Argo Rollouts, providing advanced deployment strategies like Canary and Blue-Green deployments in Kubernetes. | `bool` | `true` | no | +| [argo\_rollouts\_virtual\_service\_host](#input\_argo\_rollouts\_virtual\_service\_host) | The hostname for the Argo Rollouts virtual service, used for advanced deployment capabilities like canary and blue-green deployments in Kubernetes. | `string` | `"argo-rollouts.k8s.raj.ninja"` | no | +| [auto\_scale\_options](#input\_auto\_scale\_options) | Configuration for the EKS cluster auto-scaling. It includes the minimum (min), maximum (max), and desired (desired) number of worker nodes. | `map` | 
{
  "desired": 6,
  "max": 10,
  "min": 4
}
| no | +| [aws\_region](#input\_aws\_region) | AWS region where the EKS cluster will be deployed. This should be set to the region where you want your Kubernetes resources to reside. | `string` | `"us-east-1"` | no | +| [chaos\_mesh\_toggle](#input\_chaos\_mesh\_toggle) | Determines whether to install Chaos Mesh, a cloud-native Chaos Engineering platform that orchestrates chaos experiments on Kubernetes environments. | `bool` | `false` | no | +| [cluster\_autoscaler\_toggle](#input\_cluster\_autoscaler\_toggle) | Enable or disable the Cluster Autoscaler installation. When true, Cluster Autoscaler is installed to automatically adjust the number of nodes in the cluster. | `bool` | `false` | no | +| [cluster\_name](#input\_cluster\_name) | The name of the Amazon EKS cluster. This is a unique identifier for your EKS cluster within the AWS region. | `string` | `"eks-cluster"` | no | +| [cluster\_private\_zone](#input\_cluster\_private\_zone) | The private DNS zone name for the EKS cluster in AWS Route53. This zone is used for internal DNS resolution within the cluster. | `string` | `"k8s.cluster"` | no | +| [default\_tags](#input\_default\_tags) | A map of default tags to apply to all resources. These tags can help with identifying and organizing resources within the AWS environment. | `map(string)` | 
{
  "Environment": "prod",
  "Foo": "Bar",
  "Ping": "Pong"
}
| no | +| [descheduler\_toggle](#input\_descheduler\_toggle) | Controls the installation of the Descheduler, a tool to balance and optimize the distribution of Pods across the cluster for improved efficiency. | `bool` | `false` | no | +| [enable\_cross\_zone\_load\_balancing](#input\_enable\_cross\_zone\_load\_balancing) | Controls whether cross-zone load balancing is enabled for the Network Load Balancer, allowing even traffic distribution across all zones. | `bool` | `false` | no | +| [grafana\_virtual\_service\_host](#input\_grafana\_virtual\_service\_host) | The hostname for the Grafana virtual service, used in Istio routing. This host is used to access Grafana dashboards for monitoring metrics. | `string` | `"grafana.k8s.raj.ninja"` | no | +| [istio\_ingress\_max\_pods](#input\_istio\_ingress\_max\_pods) | The maximum number of pods to scale up for the Istio ingress gateway. This limits the resources used and manages the scaling behavior. | `number` | `9` | no | +| [istio\_ingress\_min\_pods](#input\_istio\_ingress\_min\_pods) | The minimum number of pods to maintain for the Istio ingress gateway. This ensures basic availability and load handling. | `number` | `3` | no | +| [jaeger\_virtual\_service\_host](#input\_jaeger\_virtual\_service\_host) | The hostname for the Jaeger virtual service, used for tracing and monitoring microservices within the Istio service mesh. | `string` | `"jaeger.k8s.raj.ninja"` | no | +| [k8s\_version](#input\_k8s\_version) | The version of Kubernetes to use for the EKS cluster. This version should be compatible with the AWS EKS service and other infrastructure components. | `string` | `"1.29"` | no | +| [karpenter\_availability\_zones](#input\_karpenter\_availability\_zones) | A list of AWS availability zones where Karpenter should launch nodes. These zones should be in the same region as the EKS cluster. | `list(any)` | 
[
  "us-east-1a",
  "us-east-1b",
  "us-east-1c"
]
| no | +| [karpenter\_capacity\_type](#input\_karpenter\_capacity\_type) | Defines the capacity types for provisioning instances in the cluster, such as 'spot' or 'on\_demand', offering cost-saving options or consistent availability respectively. | `list(any)` | 
[
  "spot"
]
| no | +| [karpenter\_instance\_family](#input\_karpenter\_instance\_family) | Defines a list of EC2 instance families to be considered by Karpenter for node provisioning. Instance families like 'c6' and 'c5' offer different compute capabilities. | `list(any)` | 
[
  "c6",
  "c6a",
  "c5"
]
| no | +| [karpenter\_instance\_sizes](#input\_karpenter\_instance\_sizes) | Specifies a list of instance sizes within the chosen instance families to allow diversity in the provisioned nodes by Karpenter. | `list(any)` | 
[
  "large",
  "2xlarge"
]
| no | +| [karpenter\_toggle](#input\_karpenter\_toggle) | Determines whether Karpenter is enabled for the EKS cluster. Karpenter is an open-source auto-scaler for Kubernetes clusters. | `bool` | `true` | no | +| [keda\_toggle](#input\_keda\_toggle) | Activates the installation of KEDA (Kubernetes Event-Driven Autoscaling), which adds event-driven scaling capabilities to Kubernetes workloads. | `bool` | `true` | no | +| [kiali\_virtual\_service\_host](#input\_kiali\_virtual\_service\_host) | The hostname for the Kiali virtual service, a part of Istio's service mesh visualization. It provides insights into the mesh topology and performance. | `string` | `"kiali.k8s.raj.ninja"` | no | +| [nlb\_ingress\_enable\_termination\_protection](#input\_nlb\_ingress\_enable\_termination\_protection) | Determines if termination protection is enabled for the Network Load Balancer, preventing accidental deletion. | `bool` | `false` | no | +| [nlb\_ingress\_internal](#input\_nlb\_ingress\_internal) | Indicates whether the Network Load Balancer (NLB) for the EKS cluster should be internal, restricting access to within the AWS network. | `bool` | `false` | no | +| [nlb\_ingress\_type](#input\_nlb\_ingress\_type) | Specifies the type of ingress to be used, such as 'network', determining how the NLB handles incoming traffic to the EKS cluster. | `string` | `"network"` | no | +| [node\_termination\_handler\_toggle](#input\_node\_termination\_handler\_toggle) | Enables the AWS Node Termination Handler, which ensures that Kubernetes workloads are gracefully handled during EC2 instance terminations or disruptions. | `bool` | `true` | no | +| [nodes\_instances\_sizes](#input\_nodes\_instances\_sizes) | A list of EC2 instance types to use for the EKS worker nodes. These instance types should balance between cost, performance, and resource requirements for your workload. | `list` | 
[
  "t3.large"
]
| no | +| [proxy\_protocol\_v2](#input\_proxy\_protocol\_v2) | Enables or disables Proxy Protocol v2 on the Network Load Balancer, used for preserving client IP addresses and other connection information. | `bool` | `false` | no | ## Outputs @@ -248,7 +251,7 @@ No modules. ## Install ```sh -terraform init +terraform apply ``` ## Usage From 68597f687f42fe7f028f4a4eaa98d41bead2ba3f Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Wed, 24 Jan 2024 21:59:02 -0300 Subject: [PATCH 5/8] terraform-docs --- variables.tf | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/variables.tf b/variables.tf index 745d662..4f4d198 100644 --- a/variables.tf +++ b/variables.tf @@ -4,17 +4,17 @@ variable "cluster_name" { description = "The name of the Amazon EKS cluster. This is a unique identifier for your EKS cluster within the AWS region." - default = "eks-cluster" + default = "eks-cluster" } variable "aws_region" { description = "AWS region where the EKS cluster will be deployed. This should be set to the region where you want your Kubernetes resources to reside." - default = "us-east-1" + default = "us-east-1" } variable "k8s_version" { description = "The version of Kubernetes to use for the EKS cluster. This version should be compatible with the AWS EKS service and other infrastructure components." - default = "1.29" + default = "1.29" } ######################### @@ -96,33 +96,33 @@ variable "karpenter_availability_zones" { ######################### variable "nlb_ingress_internal" { - type = bool + type = bool description = "Indicates whether the Network Load Balancer (NLB) for the EKS cluster should be internal, restricting access to within the AWS network." - default = false + default = false } variable "nlb_ingress_type" { - type = string + type = string description = "Specifies the type of ingress to be used, such as 'network', determining how the NLB handles incoming traffic to the EKS cluster." - default = "network" + default = "network" } variable "proxy_protocol_v2" { - type = bool + type = bool description = "Enables or disables Proxy Protocol v2 on the Network Load Balancer, used for preserving client IP addresses and other connection information." - default = false + default = false } variable "nlb_ingress_enable_termination_protection" { - type = bool + type = bool description = "Determines if termination protection is enabled for the Network Load Balancer, preventing accidental deletion." - default = false + default = false } variable "enable_cross_zone_load_balancing" { - type = bool + type = bool description = "Controls whether cross-zone load balancing is enabled for the Network Load Balancer, allowing even traffic distribution across all zones." - default = false + default = false } @@ -131,9 +131,9 @@ variable "enable_cross_zone_load_balancing" { ######################### variable "cluster_private_zone" { - type = string + type = string description = "The private DNS zone name for the EKS cluster in AWS Route53. This zone is used for internal DNS resolution within the cluster." - default = "k8s.cluster" + default = "k8s.cluster" } ######################### From 6a8f21f4b035903bd076618783240f3d890bdd64 Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Wed, 24 Jan 2024 22:02:01 -0300 Subject: [PATCH 6/8] feature(argo): fix version --- helm_argo_rollouts.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/helm_argo_rollouts.tf b/helm_argo_rollouts.tf index 4636935..98044b1 100644 --- a/helm_argo_rollouts.tf +++ b/helm_argo_rollouts.tf @@ -5,6 +5,9 @@ resource "helm_release" "argo_rollouts" { chart = "argo-rollouts" repository = "https://argoproj.github.io/argo-helm" namespace = "argo-rollouts" + + version = "2.34.1" + create_namespace = true set { From 46c4836c6f1bea2b8cbc5d11f303a61d65c85bbf Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Wed, 24 Jan 2024 22:07:01 -0300 Subject: [PATCH 7/8] feature(istio): istio and kiali upgrade --- helm_istio.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/helm_istio.tf b/helm_istio.tf index 91087f7..519008b 100644 --- a/helm_istio.tf +++ b/helm_istio.tf @@ -6,7 +6,7 @@ resource "helm_release" "istio_base" { namespace = "istio-system" create_namespace = true - version = "1.17.1" + version = "1.20.2" depends_on = [ aws_eks_cluster.eks_cluster, @@ -23,7 +23,7 @@ resource "helm_release" "istiod" { namespace = "istio-system" create_namespace = true - version = "1.17.1" + version = "1.20.2" depends_on = [ aws_eks_cluster.eks_cluster, @@ -40,7 +40,7 @@ resource "helm_release" "istio_ingress" { namespace = "istio-system" create_namespace = true - version = "1.17.1" + version = "1.20.2" set { name = "service.type" @@ -200,7 +200,7 @@ resource "helm_release" "kiali-server" { namespace = "istio-system" create_namespace = true - version = "1.67.0" + version = "1.79.0" set { name = "server.web_fqdn" From 9af603f38b2ccf6feea10edca30ef8675fd96fc8 Mon Sep 17 00:00:00 2001 From: Matheus Fidelis Date: Wed, 24 Jan 2024 22:08:18 -0300 Subject: [PATCH 8/8] feature(argo): fix version --- helm_argo_rollouts.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/helm_argo_rollouts.tf b/helm_argo_rollouts.tf index 98044b1..58e5542 100644 --- a/helm_argo_rollouts.tf +++ b/helm_argo_rollouts.tf @@ -1,12 +1,12 @@ resource "helm_release" "argo_rollouts" { count = var.argo_rollouts_toggle ? 1 : 0 - name = "argo-rollouts" - chart = "argo-rollouts" - repository = "https://argoproj.github.io/argo-helm" - namespace = "argo-rollouts" + name = "argo-rollouts" + chart = "argo-rollouts" + repository = "https://argoproj.github.io/argo-helm" + namespace = "argo-rollouts" - version = "2.34.1" + version = "2.34.1" create_namespace = true