update examples

Author: daroga0002

examples/README.md

@@ -0,0 +1,14 @@
+# Examples
+
+Examples are created to help users understand and build EKS clusters using this module. Examples are helpful for some Proof of Concept build and are focusing on showing usage of different possibilities.
+
+> Important
+>
+> Examples should not be used for production deployments. Examples try to be simple and not consistently implement best practices in areas of high availability or security.
+
+## Example rules
+
+- each example is independent of each other and can be created independently
+- there is implemented additional random suffix so the same example should be able to be launched on the same AWS account
+- each example requires some generic resources like VPC, subnets and etc., which are embedded into the standard `generic.tf` file. The file is exactly the same across all examples
+- by default example is launched in `eu-west-1` region. To launch it in another region just override the region variable in terraform using `terraform apply -var=region=us-east-1`

examples/bottlerocket/main.tf

@@ -8,7 +8,7 @@ module "eks" {
   cluster_endpoint_public_access  = true
 
   write_kubeconfig = false
-  manage_aws_auth  = false
+  manage_aws_auth  = true
 
   worker_groups_launch_template = [
     {

examples/fargate/README.md

@@ -37,6 +37,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_eks"></a> [eks](#module\_eks) | ../.. |  |
+| <a name="module_fargate_profile_existing_cluster"></a> [fargate\_profile\_existing\_cluster](#module\_fargate\_profile\_existing\_cluster) | ../../modules/fargate |  |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.7.0 |
 
 ## Resources

examples/fargate/main.tf

@@ -9,6 +9,28 @@ module "eks" {
   subnets         = [module.vpc.private_subnets[0], module.vpc.public_subnets[1]]
   fargate_subnets = [module.vpc.private_subnets[2]]
 
+  # You require a node group to schedule coredns which is critical for running correctly internal DNS.
+  # If you want to use only fargate you must follow docs `(Optional) Update CoreDNS`
+  # available under https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html
+  node_groups = {
+    example = {
+      desired_capacity = 1
+
+      instance_types = ["t3.large"]
+      k8s_labels = {
+        Example    = "managed_node_groups"
+        GithubRepo = "terraform-aws-eks"
+        GithubOrg  = "terraform-aws-modules"
+      }
+      additional_tags = {
+        ExtraTag = "example"
+      }
+      update_config = {
+        max_unavailable_percentage = 50 # or set `max_unavailable`
+      }
+    }
+  }
+
   fargate_profiles = {
     default = {
       name = "default"
@@ -62,3 +84,66 @@ module "eks" {
     GithubOrg  = "terraform-aws-modules"
   }
 }
+
+
+##############################################
+# Calling submodule with existing EKS cluster
+##############################################
+
+module "fargate_profile_existing_cluster" {
+  source = "../../modules/fargate"
+
+  cluster_name = module.eks.cluster_id
+  subnets      = [module.vpc.private_subnets[0], module.vpc.private_subnets[2]]
+
+  fargate_profiles = {
+    profile1 = {
+      name = "profile1"
+      selectors = [
+        {
+          namespace = "kube-system"
+          labels = {
+            k8s-app = "kube-dns"
+          }
+        },
+        {
+          namespace = "profile"
+          labels = {
+            WorkerType = "fargate"
+          }
+        }
+      ]
+
+      tags = {
+        Owner     = "profile1"
+        submodule = "true"
+      }
+    }
+
+    profile2 = {
+      name = "profile2"
+      selectors = [
+        {
+          namespace = "default"
+          labels = {
+            Fargate = "profile2"
+          }
+        }
+      ]
+
+      # Using specific subnets instead of the ones configured in EKS (`subnets` and `fargate_subnets`)
+      subnets = [module.vpc.private_subnets[0]]
+
+      tags = {
+        Owner     = "profile2"
+        submodule = "true"
+      }
+    }
+  }
+
+  tags = {
+    Example    = var.example_name
+    GithubRepo = "terraform-aws-eks"
+    GithubOrg  = "terraform-aws-modules"
+  }
+}

examples/instance_refresh/main.tf

@@ -7,6 +7,7 @@ provider "helm" {
     token                  = data.aws_eks_cluster_auth.cluster.token
   }
 }
+
 data "aws_caller_identity" "current" {}
 
 data "aws_iam_policy_document" "aws_node_termination_handler" {

examples/irsa/README.md

@@ -21,6 +21,7 @@ Note that this example may create resources which cost money. Run `terraform des
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.1 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.22.0 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.1.2 |
 | <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) | >= 2.0.0 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | >= 2.0.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | >= 2.1 |
@@ -30,6 +31,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.22.0 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.1.2 |
 | <a name="provider_random"></a> [random](#provider\_random) | >= 2.1 |
 
 ## Modules
@@ -45,6 +47,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Type |
 |------|------|
 | [aws_iam_policy.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [helm_release.cluster-autoscaler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

examples/irsa/cluster-autoscaler-chart-values.yaml

@@ -2,7 +2,54 @@ data "aws_caller_identity" "current" {}
 
 locals {
   k8s_service_account_namespace = "kube-system"
-  k8s_service_account_name      = "cluster-autoscaler-aws-cluster-autoscaler-chart"
+  k8s_service_account_name      = "cluster-autoscaler-aws"
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = data.aws_eks_cluster.cluster.endpoint
+    cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data)
+    token                  = data.aws_eks_cluster_auth.cluster.token
+  }
+}
+
+resource "helm_release" "cluster-autoscaler" {
+  depends_on = [
+    module.eks
+  ]
+
+  name             = "cluster-autoscaler"
+  namespace        = local.k8s_service_account_namespace
+  repository       = "https://kubernetes.github.io/autoscaler"
+  chart            = "cluster-autoscaler"
+  version          = "9.10.7"
+  create_namespace = false
+
+  set {
+    name  = "awsRegion"
+    value = var.region
+  }
+  set {
+    name  = "rbac.serviceAccount.name"
+    value = local.k8s_service_account_name
+  }
+  set {
+    name  = "rbac.serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
+    value = module.iam_assumable_role_admin.iam_role_arn
+    type  = "string"
+  }
+  set {
+    name  = "autoDiscovery.clusterName"
+    value = local.cluster_name
+  }
+  set {
+    name  = "autoDiscovery.enabled"
+    value = "true"
+  }
+  set {
+    name  = "rbac.create"
+    value = "true"
+  }
 }
 
 module "iam_assumable_role_admin" {

examples/irsa/irsa.tf

@@ -14,6 +14,7 @@ module "eks" {
       name                 = "worker-group-1"
       instance_type        = "t3.medium"
       asg_desired_capacity = 1
+      asg_max_size         = 4
       tags = [
         {
           "key"                 = "k8s.io/cluster-autoscaler/enabled"
@@ -34,3 +35,5 @@ module "eks" {
     GithubOrg  = "terraform-aws-modules"
   }
 }
+
+

examples/irsa/main.tf

@@ -6,5 +6,6 @@ terraform {
     local      = ">= 2.0.0"
     random     = ">= 2.1"
     kubernetes = ">= 2.0.0"
+    helm       = "~> 2.1.2"
   }
 }

examples/irsa/versions.tf

@@ -55,7 +55,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | EKS version | `string` | `"1.20"` | no |
-| <a name="input_example_name"></a> [example\_name](#input\_example\_name) | Example name | `string` | `"launch_templates_with_managed_node_groups"` | no |
+| <a name="input_example_name"></a> [example\_name](#input\_example\_name) | Example name | `string` | `"lt_with_managed_node_groups"` | no |
 | <a name="input_instance_types"></a> [instance\_types](#input\_instance\_types) | Instance types | `list(string)` | <pre>[<br>  "t3.small"<br>]</pre> | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region where example will be created | `string` | `"eu-west-1"` | no |
 

examples/launch_templates_with_managed_node_groups/README.md

@@ -8,7 +8,8 @@ module "eks" {
   cluster_endpoint_public_access  = true
 
   node_groups = {
-    example = {
+    example1 = {
+      name_prefix      = "example1"
       desired_capacity = 1
       max_capacity     = 15
       min_capacity     = 1
@@ -19,9 +20,39 @@ module "eks" {
       instance_types = var.instance_types
 
       additional_tags = {
-        ExtraTag = "example"
+        ExtraTag = "example1"
       }
     }
+    example2 = {
+      create_launch_template = true
+      desired_capacity = 1
+      max_capacity     = 10
+      min_capacity     = 1
+
+      disk_size       = 50
+      disk_type       = "gp3"
+      disk_throughput = 150
+      disk_iops       = 3000
+
+      instance_types = ["t3.large"]
+      capacity_type  = "SPOT"
+      k8s_labels = {
+        GithubRepo = "terraform-aws-eks"
+        GithubOrg  = "terraform-aws-modules"
+      }
+      additional_tags = {
+        ExtraTag = "example2"
+      }
+      taints = [
+        {
+          key    = "dedicated"
+          value  = "gpuGroup"
+          effect = "NO_SCHEDULE"
+        }
+      ]
+      update_config = {
+        max_unavailable_percentage = 50 # or set `max_unavailable`
+      }
   }
 
   tags = {

examples/launch_templates_with_managed_node_groups/main.tf

@@ -7,7 +7,7 @@ variable "region" {
 variable "example_name" {
   type        = string
   description = "Example name"
-  default     = "launch_templates_with_managed_node_groups"
+  default     = "lt_with_managed_node_groups"
 }
 
 variable "cluster_version" {

examples/launch_templates_with_managed_node_groups/variables.tf

@@ -14,17 +14,10 @@ module "eks" {
 
   node_groups = {
     example = {
-      create_launch_template = true
-
       desired_capacity = 1
       max_capacity     = 10
       min_capacity     = 1
 
-      disk_size       = 50
-      disk_type       = "gp3"
-      disk_throughput = 150
-      disk_iops       = 3000
-
       instance_types = ["t3.large"]
       capacity_type  = "SPOT"
       k8s_labels = {
@@ -46,6 +39,24 @@ module "eks" {
         max_unavailable_percentage = 50 # or set `max_unavailable`
       }
     }
+    example2 = {
+      desired_capacity = 1
+      max_capacity     = 10
+      min_capacity     = 1
+
+      instance_types = ["t3.medium"]
+      k8s_labels = {
+        Example    = "managed_node_groups"
+        GithubRepo = "terraform-aws-eks"
+        GithubOrg  = "terraform-aws-modules"
+      }
+      additional_tags = {
+        ExtraTag = "example2"
+      }
+      update_config = {
+        max_unavailable_percentage = 50 # or set `max_unavailable`
+      }
+    }
   }
 
   map_roles    = var.map_roles