Rename demo resources

README.md

@@ -1,4 +1,6 @@
-# EKS Getting Started Guide Configuration
+# Terraform AWS EKS Module
+
+Terraform configuration to create an AWS EKS cluster
 
 (Adapted from https://github.com/terraform-providers/terraform-provider-aws)
 

eks-cluster.tf

@@ -5,8 +5,8 @@
 #  * EKS Cluster
 #
 
-resource "aws_iam_role" "demo-cluster" {
-  name = "terraform-eks-demo-cluster"
+resource "aws_iam_role" "eksServiceRole" {
+  name = "terraform-eks-${var.cluster-name}-eksServiceRole"
 
   assume_role_policy = <<POLICY
 {
@@ -24,20 +24,20 @@ resource "aws_iam_role" "demo-cluster" {
 POLICY
 }
 
-resource "aws_iam_role_policy_attachment" "demo-cluster-AmazonEKSClusterPolicy" {
+resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
-  role       = "${aws_iam_role.demo-cluster.name}"
+  role       = "${aws_iam_role.eksServiceRole.name}"
 }
 
-resource "aws_iam_role_policy_attachment" "demo-cluster-AmazonEKSServicePolicy" {
+resource "aws_iam_role_policy_attachment" "AmazonEKSServicePolicy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
-  role       = "${aws_iam_role.demo-cluster.name}"
+  role       = "${aws_iam_role.eksServiceRole.name}"
 }
 
-resource "aws_security_group" "demo-cluster" {
-  name        = "terraform-eks-demo-cluster"
+resource "aws_security_group" "cluster" {
+  name        = "terraform-eks-${var.cluster-name}-cluster"
   description = "Cluster communication with worker nodes"
-  vpc_id      = "${aws_vpc.demo.id}"
+  vpc_id      = "${aws_vpc.cluster.id}"
 
   egress {
     from_port   = 0
@@ -47,41 +47,41 @@ resource "aws_security_group" "demo-cluster" {
   }
 
   tags {
-    Name = "terraform-eks-demo"
+    Name = "terraform-eks-${var.cluster-name}"
   }
 }
 
-resource "aws_security_group_rule" "demo-cluster-ingress-node-https" {
+resource "aws_security_group_rule" "cluster-ingress-node-https" {
   description              = "Allow pods to communicate with the cluster API Server"
   from_port                = 443
   protocol                 = "tcp"
-  security_group_id        = "${aws_security_group.demo-cluster.id}"
-  source_security_group_id = "${aws_security_group.demo-node.id}"
+  security_group_id        = "${aws_security_group.cluster.id}"
+  source_security_group_id = "${aws_security_group.node.id}"
   to_port                  = 443
   type                     = "ingress"
 }
 
-resource "aws_security_group_rule" "demo-cluster-ingress-workstation-https" {
+resource "aws_security_group_rule" "cluster-ingress-workstation-https" {
   cidr_blocks       = ["${local.workstation-external-cidr}"]
   description       = "Allow workstation to communicate with the cluster API Server"
   from_port         = 443
   protocol          = "tcp"
-  security_group_id = "${aws_security_group.demo-cluster.id}"
+  security_group_id = "${aws_security_group.cluster.id}"
   to_port           = 443
   type              = "ingress"
 }
 
-resource "aws_eks_cluster" "demo" {
+resource "aws_eks_cluster" "cluster" {
   name     = "${var.cluster-name}"
-  role_arn = "${aws_iam_role.demo-cluster.arn}"
+  role_arn = "${aws_iam_role.eksServiceRole.arn}"
 
   vpc_config {
-    security_group_ids = ["${aws_security_group.demo-cluster.id}"]
-    subnet_ids         = ["${aws_subnet.demo.*.id}"]
+    security_group_ids = ["${aws_security_group.cluster.id}"]
+    subnet_ids         = ["${aws_subnet.cluster.*.id}"]
   }
 
   depends_on = [
-    "aws_iam_role_policy_attachment.demo-cluster-AmazonEKSClusterPolicy",
-    "aws_iam_role_policy_attachment.demo-cluster-AmazonEKSServicePolicy",
+    "aws_iam_role_policy_attachment.AmazonEKSClusterPolicy",
+    "aws_iam_role_policy_attachment.AmazonEKSServicePolicy",
   ]
 }

eks-worker-nodes.tf

@@ -7,8 +7,8 @@
 #  * AutoScaling Group to launch worker instances
 #
 
-resource "aws_iam_role" "demo-node" {
-  name = "terraform-eks-demo-node"
+resource "aws_iam_role" "node" {
+  name = "terraform-eks-${var.cluster-name}-node"
 
   assume_role_policy = <<POLICY
 {
@@ -26,30 +26,30 @@ resource "aws_iam_role" "demo-node" {
 POLICY
 }
 
-resource "aws_iam_role_policy_attachment" "demo-node-AmazonEKSWorkerNodePolicy" {
+resource "aws_iam_role_policy_attachment" "node-AmazonEKSWorkerNodePolicy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
-  role       = "${aws_iam_role.demo-node.name}"
+  role       = "${aws_iam_role.node.name}"
 }
 
-resource "aws_iam_role_policy_attachment" "demo-node-AmazonEKS_CNI_Policy" {
+resource "aws_iam_role_policy_attachment" "node-AmazonEKS_CNI_Policy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
-  role       = "${aws_iam_role.demo-node.name}"
+  role       = "${aws_iam_role.node.name}"
 }
 
-resource "aws_iam_role_policy_attachment" "demo-node-AmazonEC2ContainerRegistryReadOnly" {
+resource "aws_iam_role_policy_attachment" "node-AmazonEC2ContainerRegistryReadOnly" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
-  role       = "${aws_iam_role.demo-node.name}"
+  role       = "${aws_iam_role.node.name}"
 }
 
-resource "aws_iam_instance_profile" "demo-node" {
-  name = "terraform-eks-demo"
-  role = "${aws_iam_role.demo-node.name}"
+resource "aws_iam_instance_profile" "node" {
+  name = "terraform-eks-${var.cluster-name}"
+  role = "${aws_iam_role.node.name}"
 }
 
-resource "aws_security_group" "demo-node" {
-  name        = "terraform-eks-demo-node"
+resource "aws_security_group" "node" {
+  name        = "terraform-eks-${var.cluster-name}-node"
   description = "Security group for all nodes in the cluster"
-  vpc_id      = "${aws_vpc.demo.id}"
+  vpc_id      = "${aws_vpc.cluster.id}"
 
   egress {
     from_port   = 0
@@ -60,28 +60,28 @@ resource "aws_security_group" "demo-node" {
 
   tags = "${
     map(
-     "Name", "terraform-eks-demo-node",
+     "Name", "terraform-eks-${var.cluster-name}-node",
      "kubernetes.io/cluster/${var.cluster-name}", "owned",
     )
   }"
 }
 
-resource "aws_security_group_rule" "demo-node-ingress-self" {
+resource "aws_security_group_rule" "node-ingress-self" {
   description              = "Allow node to communicate with each other"
   from_port                = 0
   protocol                 = "-1"
-  security_group_id        = "${aws_security_group.demo-node.id}"
-  source_security_group_id = "${aws_security_group.demo-node.id}"
+  security_group_id        = "${aws_security_group.node.id}"
+  source_security_group_id = "${aws_security_group.node.id}"
   to_port                  = 65535
   type                     = "ingress"
 }
 
-resource "aws_security_group_rule" "demo-node-ingress-cluster" {
+resource "aws_security_group_rule" "node-ingress-cluster" {
   description              = "Allow worker Kubelets and pods to receive communication from the cluster control plane"
   from_port                = 1025
   protocol                 = "tcp"
-  security_group_id        = "${aws_security_group.demo-node.id}"
-  source_security_group_id = "${aws_security_group.demo-cluster.id}"
+  security_group_id        = "${aws_security_group.node.id}"
+  source_security_group_id = "${aws_security_group.cluster.id}"
   to_port                  = 65535
   type                     = "ingress"
 }
@@ -102,19 +102,19 @@ data "aws_ami" "eks-worker" {
 # information into the AutoScaling Launch Configuration.
 # More information: https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-06-05/amazon-eks-nodegroup.yaml
 locals {
-  demo-node-userdata = <<USERDATA
+  node-userdata = <<USERDATA
 #!/bin/bash -xe
 
 CA_CERTIFICATE_DIRECTORY=/etc/kubernetes/pki
 CA_CERTIFICATE_FILE_PATH=$CA_CERTIFICATE_DIRECTORY/ca.crt
 mkdir -p $CA_CERTIFICATE_DIRECTORY
-echo "${aws_eks_cluster.demo.certificate_authority.0.data}" | base64 -d >  $CA_CERTIFICATE_FILE_PATH
+echo "${aws_eks_cluster.cluster.certificate_authority.0.data}" | base64 -d >  $CA_CERTIFICATE_FILE_PATH
 INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
-sed -i s,MASTER_ENDPOINT,${aws_eks_cluster.demo.endpoint},g /var/lib/kubelet/kubeconfig
+sed -i s,MASTER_ENDPOINT,${aws_eks_cluster.cluster.endpoint},g /var/lib/kubelet/kubeconfig
 sed -i s,CLUSTER_NAME,${var.cluster-name},g /var/lib/kubelet/kubeconfig
 sed -i s,REGION,${data.aws_region.current.name},g /etc/systemd/system/kubelet.service
 sed -i s,MAX_PODS,20,g /etc/systemd/system/kubelet.service
-sed -i s,MASTER_ENDPOINT,${aws_eks_cluster.demo.endpoint},g /etc/systemd/system/kubelet.service
+sed -i s,MASTER_ENDPOINT,${aws_eks_cluster.cluster.endpoint},g /etc/systemd/system/kubelet.service
 sed -i s,INTERNAL_IP,$INTERNAL_IP,g /etc/systemd/system/kubelet.service
 DNS_CLUSTER_IP=10.100.0.10
 if [[ $INTERNAL_IP == 10.* ]] ; then DNS_CLUSTER_IP=172.20.0.10; fi
@@ -126,31 +126,31 @@ systemctl restart kubelet
 USERDATA
 }
 
-resource "aws_launch_configuration" "demo" {
+resource "aws_launch_configuration" "node" {
   associate_public_ip_address = true
-  iam_instance_profile        = "${aws_iam_instance_profile.demo-node.name}"
+  iam_instance_profile        = "${aws_iam_instance_profile.node.name}"
   image_id                    = "${data.aws_ami.eks-worker.id}"
   instance_type               = "m4.large"
-  name_prefix                 = "terraform-eks-demo"
-  security_groups             = ["${aws_security_group.demo-node.id}"]
-  user_data_base64            = "${base64encode(local.demo-node-userdata)}"
+  name_prefix                 = "terraform-eks-${var.cluster-name}"
+  security_groups             = ["${aws_security_group.node.id}"]
+  user_data_base64            = "${base64encode(local.node-userdata)}"
 
   lifecycle {
     create_before_destroy = true
   }
 }
 
-resource "aws_autoscaling_group" "demo" {
+resource "aws_autoscaling_group" "cluster" {
   desired_capacity     = 2
-  launch_configuration = "${aws_launch_configuration.demo.id}"
+  launch_configuration = "${aws_launch_configuration.node.id}"
   max_size             = 2
   min_size             = 1
-  name                 = "terraform-eks-demo"
-  vpc_zone_identifier  = ["${aws_subnet.demo.*.id}"]
+  name                 = "terraform-eks-${var.cluster-name}"
+  vpc_zone_identifier  = ["${aws_subnet.cluster.*.id}"]
 
   tag {
     key                 = "Name"
-    value               = "terraform-eks-demo"
+    value               = "terraform-eks-${var.cluster-name}"
     propagate_at_launch = true
   }
 

outputs.tf

@@ -13,7 +13,7 @@ metadata:
   namespace: kube-system
 data:
   mapRoles: |
-    - rolearn: ${aws_iam_role.demo-node.arn}
+    - rolearn: ${aws_iam_role.node.arn}
       username: system:node:{{EC2PrivateDNSName}}
       groups:
         - system:bootstrappers
@@ -26,23 +26,23 @@ CONFIGMAPAWSAUTH
 apiVersion: v1
 clusters:
 - cluster:
-    server: ${aws_eks_cluster.demo.endpoint}
-    certificate-authority-data: ${aws_eks_cluster.demo.certificate_authority.0.data}
-  name: kubernetes
+    server: ${aws_eks_cluster.cluster.endpoint}
+    certificate-authority-data: ${aws_eks_cluster.cluster.certificate_authority.0.data}
+  name: ${var.cluster-name}
 contexts:
 - context:
-    cluster: kubernetes
-    user: aws
-  name: aws
-current-context: aws
+    cluster: ${var.cluster-name}
+    user: aws-${var.cluster-name}
+  name: aws-${var.cluster-name}
+current-context: aws-${var.cluster-name}
 kind: Config
 preferences: {}
 users:
-- name: aws
+- name: aws-${var.cluster-name}
   user:
     exec:
       apiVersion: client.authentication.k8s.io/v1alpha1
-      command: aws-iam-authenticator
+      command: heptio-authenticator-aws
       args:
         - "token"
         - "-i"
@@ -57,3 +57,14 @@ output "config_map_aws_auth" {
 output "kubeconfig" {
   value = "${local.kubeconfig}"
 }
+
+output "endpoint" {
+  value = "${aws_eks_cluster.cluster.endpoint}"
+}
+output "certificate_authority_data" {
+  value = "${aws_eks_cluster.cluster.certificate_authority.0.data}"
+}
+
+output "rolearn" {
+  value = "${aws_iam_role.node.arn}"
+}

providers.tf

@@ -2,9 +2,9 @@
 # Provider Configuration
 #
 
-provider "aws" {
-  region = "us-west-2"
-}
+#provider "aws" {
+#  region = "us-west-2"
+#}
 
 # Using these data sources allows the configuration to be
 # generic for any region.

vpc.tf

@@ -6,52 +6,52 @@
 #  * Route Table
 #
 
-resource "aws_vpc" "demo" {
+resource "aws_vpc" "cluster" {
   cidr_block = "10.0.0.0/16"
 
   tags = "${
     map(
-     "Name", "terraform-eks-demo-node",
+     "Name", "terraform-eks-${var.cluster-name}",
      "kubernetes.io/cluster/${var.cluster-name}", "shared",
     )
   }"
 }
 
-resource "aws_subnet" "demo" {
+resource "aws_subnet" "cluster" {
   count = 2
 
   availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
   cidr_block        = "10.0.${count.index}.0/24"
-  vpc_id            = "${aws_vpc.demo.id}"
+  vpc_id            = "${aws_vpc.cluster.id}"
 
   tags = "${
     map(
-     "Name", "terraform-eks-demo-node",
+     "Name", "terraform-eks-${var.cluster-name}",
      "kubernetes.io/cluster/${var.cluster-name}", "shared",
     )
   }"
 }
 
-resource "aws_internet_gateway" "demo" {
-  vpc_id = "${aws_vpc.demo.id}"
+resource "aws_internet_gateway" "cluster" {
+  vpc_id = "${aws_vpc.cluster.id}"
 
   tags {
-    Name = "terraform-eks-demo"
+    Name = "terraform-eks-${var.cluster-name}"
   }
 }
 
-resource "aws_route_table" "demo" {
-  vpc_id = "${aws_vpc.demo.id}"
+resource "aws_route_table" "cluster" {
+  vpc_id = "${aws_vpc.cluster.id}"
 
   route {
     cidr_block = "0.0.0.0/0"
-    gateway_id = "${aws_internet_gateway.demo.id}"
+    gateway_id = "${aws_internet_gateway.cluster.id}"
   }
 }
 
-resource "aws_route_table_association" "demo" {
+resource "aws_route_table_association" "eks" {
   count = 2
 
-  subnet_id      = "${aws_subnet.demo.*.id[count.index]}"
-  route_table_id = "${aws_route_table.demo.id}"
+  subnet_id      = "${aws_subnet.cluster.*.id[count.index]}"
+  route_table_id = "${aws_route_table.cluster.id}"
 }