mycroft/avx-pmarie-aws-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
main
avx-pmarie-aws-infra/infra/config.hcl
Patrick MARIE 8bb878da7b Upgrade eks
2023-04-04 18:16:51 +02:00

175 lines
4.8 KiB
HCL
Raw Permalink Blame History

locals {
# Common tags
environment = "dev"
source = "terraform"
repository = "avx-pmarie-aws-infra"
# VPC
vpc_name = "avx-pmarie-aws-infra-vpc"
cidr = "10.88.0.0/16"
azs = ["eu-west-3a", "eu-west-3b"]
private_subnets = ["10.88.0.0/24", "10.88.1.0/24"]
public_subnets = ["10.88.128.0/24", "10.88.129.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = false
# EKS
eks_cluster_name = "avx-pmarie-eks"
eks_cluster_version = "1.24"
enable_irsa = true
# EKS addons
cluster_addons = {
coredns = {
resolve_conflicts = "OVERWRITE"
addon_version = "v1.9.3-eksbuild.2"
}
kube-proxy = {
resolve_conflicts = "OVERWRITE"
addon_version = "v1.24.10-eksbuild.2"
}
vpc-cni = {
resolve_conflicts = "OVERWRITE"
addon_version = "v1.12.6-eksbuild.1"
}
aws-ebs-csi-driver = {
resolve_conflicts = "OVERWRITE"
addon_version = "v1.17.0-eksbuild.1"
}
}
# EKS addon CSI EBS; This is obsolete and should be removed.
eks_addon_versions = {
aws-ebs-csi-driver = "v1.17.0-eksbuild.1"
}
node_group_defaults = {
disk_size = 50
instance_types = ["t3.small"]
}
node_groups = {
"eks-${local.environment}" = {
min_size = 1
max_size = 10
desired_size = 3
bootstrap_extra_args = "--container-runtime containerd"
instance_types = ["t3.small"]
tags = {
environment = local.environment
repository = local.repository
source = local.source
}
}
}
eks_cluster_security_group_additional_rules = {
egress_nodes_ephemeral_ports_tcp = {
description = "Validation webhooks"
protocol = "tcp"
from_port = 1024
to_port = 65535
type = "egress"
source_node_security_group = true
}
}
eks_node_security_group_additional_rules = {
ingress_cluster_api_validation_webhooks = {
description = "Control Plane to webhooks"
protocol = "tcp"
from_port = 1024
to_port = 65535
type = "ingress"
source_cluster_security_group = true
}
ingress_self_all = {
description = "Node to node all ports/protocols"
protocol = "-1"
from_port = 0
to_port = 0
type = "ingress"
self = true
}
egress_all = {
description = "Node all egress"
protocol = "-1"
from_port = 0
to_port = 0
type = "egress"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
}
# EKS aws auth
eks_aws_auth_additional_roles = [{
rolearn = "arn:aws:iam::563042046245:role/AWSReservedSSO_SubAccountAdmin_6abfb8362d0dfbc0"
username = "sre-admins"
groups = ["system:masters"]
}, {
rolearn = "arn:aws:iam::${get_aws_account_id()}:role/k8s_admin"
username = "admins"
groups = ["system:masters"]
}]
# AWS load balancer
aws_load_balancer_service_account_name = "aws-load-balancer"
aws_load_balancer_namespace = "aws-load-balancer"
aws_load_balancer_iam_role_prefix = "AWSLoadBalancerController"
# DNS
dns_public_domain = "aws.mkz.me"
dns_private_domain = "aws-priv.mkz.me"
# Ingress
eks_ingress_controller = {
namespace = "nginx-ingress"
create_namespace = true
enable_internal_lb = true
ingress_config = {
use-proxy-protocol = false
proxy-real-ip-cidr = "0.0.0.0/0"
use-forwarded-headers = false
compute-full-forwarded-for = false
}
load_balancer_config = {
public = {
dns_record = "*"
backend-protocol = "tcp"
connection-idle-timeout = "60"
cross-zone-load-balancing-enabled = true
type = "nlb"
proxy-protocol = ""
nlb-target-type = ""
eip-allocations = ""
}
internal = {
dns_record = "*"
backend-protocol = "tcp"
connection-idle-timeout = "60"
cross-zone-load-balancing-enabled = true
type = "nlb"
proxy-protocol = ""
nlb-target-type = ""
eip-allocations = ""
}
}
}
elastic_ips = {
"eks_public_nlb" = {
count = length(local.azs)
vpc = true
tags = {
cluster = local.eks_cluster_name
usage = "eks_public_nlb"
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink