Search

Infra via Terraform

userdata.sh
################################################################################################################################################ # VPC # ################################################################################################################################################ module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "~> 5.0" name = "demo-vpc" cidr = "10.0.0.0/16" azs = ["ap-northeast-2a", "ap-northeast-2b"] public_subnets = ["10.0.1.0/24", "10.0.2.0/24"] public_subnet_names = ["demo-public-subnet-a" , "demo-public-subnet-b"] map_public_ip_on_launch = true public_subnet_tags = { "kubernetes.io/role/elb" = 1 } private_subnets = ["10.0.3.0/24", "10.0.4.0/24"] private_subnet_names = ["demo-private-subnet-a" , "demo-private-subnet-b"] enable_nat_gateway = true single_nat_gateway = false one_nat_gateway_per_az = true enable_dns_hostnames = true enable_dns_support = true } ################################################################################################################################################ # EC2 # ################################################################################################################################################ data "aws_ssm_parameter" "latest_ami" { name = "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64" } resource "tls_private_key" "rsa" { algorithm = "RSA" rsa_bits = 4096 } resource "aws_key_pair" "keypair" { key_name = "bastion" public_key = tls_private_key.rsa.public_key_openssh } resource "local_file" "keypair" { content = tls_private_key.rsa.private_key_pem filename = "bastion.pem" } resource "aws_security_group" "bastion_sg" { name = "bastion-sg" description = "bastion-sg" vpc_id = module.vpc.vpc_id ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "bastion-sg" } } resource "aws_iam_role" "bastion" { name = "bastion-role" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ { Action = "sts:AssumeRole" Effect = "Allow" Sid = "" Principal = { Service = "ec2.amazonaws.com" } } ] }) managed_policy_arns = ["arn:aws:iam::aws:policy/AdministratorAccess"] } resource "aws_iam_instance_profile" "bastion" { name = "bastion-role" role = aws_iam_role.bastion.name } resource "aws_eip" "bastion" { depends_on = [aws_instance.bastion] } resource "aws_instance" "bastion" { ami = data.aws_ssm_parameter.latest_ami.value instance_type = "t3.micro" subnet_id = module.vpc.public_subnets[0] associate_public_ip_address = true iam_instance_profile = aws_iam_instance_profile.bastion.name key_name = aws_key_pair.keypair.key_name vpc_security_group_ids = [aws_security_group.bastion_sg.id] user_data = "${file("./src/userdata.sh")}" tags = { Name = "bastion" } } resource "aws_eip_association" "bastion_eip_assoc" { instance_id = aws_instance.bastion.id allocation_id = aws_eip.bastion.id } output "bastion_details" { value = { ip_address = aws_eip.bastion.public_ip instance_id = aws_instance.bastion.id availability_zone = aws_instance.bastion.availability_zone } } ################################################################################################################################################ # Karmada Control API EKS # ################################################################################################################################################ module "karmada_eks" { source = "terraform-aws-modules/eks/aws" version = "20.37.2" cluster_name = "demo-karmada-cluster" cluster_version = "1.32" cluster_addons = { coredns = {} eks-pod-identity-agent = {} kube-proxy = {} vpc-cni = {} } cluster_security_group_additional_rules = { hybrid-all = { cidr_blocks = [module.vpc.vpc_cidr_block] description = "Allow all traffic from remote node/pod network" from_port = 0 to_port = 0 protocol = "all" type = "ingress" } } enable_cluster_creator_admin_permissions = true access_entries = { example = { kubernetes_groups = [] principal_arn = aws_iam_role.bastion.arn policy_associations = { example = { policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" access_scope = { type = "cluster" } } } } } # Optional cluster_endpoint_public_access = true cluster_endpoint_private_access = true vpc_id = module.vpc.vpc_id subnet_ids = [ module.vpc.private_subnets[0], module.vpc.private_subnets[1] ] control_plane_subnet_ids = [ module.vpc.public_subnets[0], module.vpc.public_subnets[1], module.vpc.private_subnets[0], module.vpc.private_subnets[1] ] eks_managed_node_groups = { karmada-ng = { use_name_prefix = false name = "karmada-ng" ami_type = "BOTTLEROCKET_x86_64" instance_types = ["t3.small"] labels = { app = "karmada"} desired_size = 2 min_size = 2 max_size = 10 iam = { with_addon_policies = { image_builder = true aws_load_balancer_controller = true auto_scaler = true } } create_launch_template = true launch_template_name = "karmada-node-lt" launch_template_tags = { Name = "karmada-node" } } } } ################################################################################################################################################ # Production EKS # ################################################################################################################################################ module "prod_eks" { source = "terraform-aws-modules/eks/aws" version = "20.37.2" cluster_name = "demo-prod-cluster" cluster_version = "1.32" cluster_addons = { coredns = {} eks-pod-identity-agent = {} kube-proxy = {} vpc-cni = {} } cluster_security_group_additional_rules = { hybrid-all = { cidr_blocks = [module.vpc.vpc_cidr_block] description = "Allow all traffic from remote node/pod network" from_port = 0 to_port = 0 protocol = "all" type = "ingress" } } enable_cluster_creator_admin_permissions = true access_entries = { # One access entry with a policy associated example = { kubernetes_groups = [] principal_arn = aws_iam_role.bastion.arn policy_associations = { example = { policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" access_scope = { type = "cluster" } } } } } # Optional cluster_endpoint_public_access = true cluster_endpoint_private_access = true vpc_id = module.vpc.vpc_id subnet_ids = [ module.vpc.private_subnets[0], module.vpc.private_subnets[1] ] control_plane_subnet_ids = [ module.vpc.public_subnets[0], module.vpc.public_subnets[1], module.vpc.private_subnets[0], module.vpc.private_subnets[1] ] eks_managed_node_groups = { app-ng = { use_name_prefix = false name = "app-ng-prod" ami_type = "BOTTLEROCKET_x86_64" instance_types = ["t3.small"] labels = { app = "nga-prod"} desired_size = 2 min_size = 2 max_size = 10 iam = { with_addon_policies = { image_builder = true aws_load_balancer_controller = true auto_scaler = true } } create_launch_template = true launch_template_name = "app-node-lt-prod" launch_template_tags = { Name = "app-node-prod" } } } } ################################################################################################################################################ # Staging EKS # ################################################################################################################################################ module "staging_eks" { source = "terraform-aws-modules/eks/aws" version = "20.37.2" cluster_name = "demo-staging-cluster" cluster_version = "1.32" cluster_addons = { coredns = {} eks-pod-identity-agent = {} kube-proxy = {} vpc-cni = {} } cluster_security_group_additional_rules = { hybrid-all = { cidr_blocks = [module.vpc.vpc_cidr_block] description = "Allow all traffic from remote node/pod network" from_port = 0 to_port = 0 protocol = "all" type = "ingress" } } enable_cluster_creator_admin_permissions = true access_entries = { example = { kubernetes_groups = [] principal_arn = aws_iam_role.bastion.arn policy_associations = { example = { policy_arn = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" access_scope = { type = "cluster" } } } } } # Optional cluster_endpoint_public_access = true cluster_endpoint_private_access = true vpc_id = module.vpc.vpc_id subnet_ids = [ module.vpc.private_subnets[0], module.vpc.private_subnets[1] ] control_plane_subnet_ids = [ module.vpc.public_subnets[0], module.vpc.public_subnets[1], module.vpc.private_subnets[0], module.vpc.private_subnets[1] ] eks_managed_node_groups = { app-ng-staging = { use_name_prefix = false name = "app-ng-staging" ami_type = "BOTTLEROCKET_x86_64" instance_types = ["t3.small"] labels = { app = "nga-staging"} desired_size = 2 min_size = 2 max_size = 10 iam = { with_addon_policies = { image_builder = true aws_load_balancer_controller = true auto_scaler = true } } create_launch_template = true launch_template_name = "app-node-lt-staging" launch_template_tags = { Name = "app-node-staging" } } } }
JSON
복사