Initial implementation of terraform-aws-eks-node-group (#1)

* Initial implementation. Add tests. Add Codefresh test pipeline

* Initial implementation. Add tests. Add Codefresh test pipeline

* Initial implementation. Add tests. Add Codefresh test pipeline

* Initial implementation. Add tests. Add Codefresh test pipeline

* Initial implementation. Add tests. Add Codefresh test pipeline

* Initial implementation. Add tests. Add Codefresh test pipeline

* Initial implementation. Add tests. Add Codefresh test pipeline

* Increase test timeout

.gitignore

@@ -5,5 +5,11 @@
 *.tfstate
 *.tfstate.*
 
-# .tfvars files
-*.tfvars
+**/.idea
+**/*.iml
+
+**/.build-harness
+**/build-harness
+
+# vim editor
+*.swp

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2019 Cloud Posse, LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

Makefile

@@ -0,0 +1,10 @@
+SHELL := /bin/bash
+
+# List of targets the `readme` target should call before generating the readme
+export README_DEPS ?= docs/targets.md docs/terraform.md
+
+-include $(shell curl -sSL -o .build-harness "https://git.io/build-harness"; echo .build-harness)
+
+## Lint terraform code
+lint:
+	$(SELF) terraform/install terraform/get-modules terraform/get-plugins terraform/lint terraform/validate

README.yaml

@@ -0,0 +1,172 @@
+---
+#
+# This is the canonical configuration for the `README.md`
+# Run `make readme` to rebuild the `README.md`
+#
+
+# Name of this project
+name: terraform-aws-eks-node-group
+
+# Logo for this project
+#logo: docs/logo.png
+
+# License of this project
+license: "APACHE2"
+
+# Canonical GitHub repo
+github_repo: cloudposse/terraform-aws-eks-node-group
+
+# Badges to display
+badges:
+  - name: "Codefresh Build Status"
+    image: "https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-eks-node-group?type=cf-1"
+    url: "https://g.codefresh.io/public/accounts/cloudposse/pipelines/5dead6c731a1a7177ed48f8e"
+  - name: "Latest Release"
+    image: "https://img.shields.io/github/release/cloudposse/terraform-aws-eks-node-group.svg"
+    url: "https://github.com/cloudposse/terraform-aws-eks-node-group/releases/latest"
+  - name: "Slack Community"
+    image: "https://slack.cloudposse.com/badge.svg"
+    url: "https://slack.cloudposse.com"
+
+related:
+  - name: "terraform-aws-eks-cluster"
+    description: "Terraform module to provision an EKS cluster on AWS"
+    url: "https://github.com/cloudposse/terraform-aws-eks-cluster"
+  - name: "terraform-aws-eks-workers"
+    description: "Terraform module to provision an AWS AutoScaling Group, IAM Role, and Security Group for EKS Workers"
+    url: "https://github.com/cloudposse/terraform-aws-eks-workers"
+  - name: "terraform-aws-ec2-autoscale-group"
+    description: "Terraform module to provision Auto Scaling Group and Launch Template on AWS"
+    url: "https://github.com/cloudposse/terraform-aws-ec2-autoscale-group"
+  - name: "terraform-aws-ecs-container-definition"
+    description: "Terraform module to generate well-formed JSON documents (container definitions) that are passed to the  aws_ecs_task_definition Terraform resource"
+    url: "https://github.com/cloudposse/terraform-aws-ecs-container-definition"
+  - name: "terraform-aws-ecs-alb-service-task"
+    description: "Terraform module which implements an ECS service which exposes a web service via ALB"
+    url: "https://github.com/cloudposse/terraform-aws-ecs-alb-service-task"
+  - name: "terraform-aws-ecs-web-app"
+    description: "Terraform module that implements a web app on ECS and supports autoscaling, CI/CD, monitoring, ALB integration, and much more"
+    url: "https://github.com/cloudposse/terraform-aws-ecs-web-app"
+  - name: "terraform-aws-ecs-codepipeline"
+    description: "Terraform module for CI/CD with AWS Code Pipeline and Code Build for ECS"
+    url: "https://github.com/cloudposse/terraform-aws-ecs-codepipeline"
+  - name: "terraform-aws-ecs-cloudwatch-autoscaling"
+    description: "Terraform module to autoscale ECS Service based on CloudWatch metrics"
+    url: "https://github.com/cloudposse/terraform-aws-ecs-cloudwatch-autoscaling"
+  - name: "terraform-aws-ecs-cloudwatch-sns-alarms"
+    description: "Terraform module to create CloudWatch Alarms on ECS Service level metrics"
+    url: "https://github.com/cloudposse/terraform-aws-ecs-cloudwatch-sns-alarms"
+  - name: "terraform-aws-ec2-instance"
+    description: "Terraform module for providing a general purpose EC2 instance"
+    url: "https://github.com/cloudposse/terraform-aws-ec2-instance"
+  - name: "terraform-aws-ec2-instance-group"
+    description: "Terraform module for provisioning multiple general purpose EC2 hosts for stateful applications"
+    url: "https://github.com/cloudposse/terraform-aws-ec2-instance-group"
+
+# Short description of this project
+description: |-
+  Terraform module to provision an EKS Node Group for [Elastic Container Service for Kubernetes](https://aws.amazon.com/eks/).
+
+  Instantiate it multiple times to create many EKS node groups with specific settings such as GPUs, EC2 instance types, or autoscale parameters.
+
+introduction: |-
+
+# How to use this project
+usage: |-
+
+  For a complete example, see [examples/complete](examples/complete).
+
+  For automated tests of the complete example using [bats](https://github.com/bats-core/bats-core) and [Terratest](https://github.com/gruntwork-io/terratest) (which tests and deploys the example on AWS), see [test](test).
+
+  ```hcl
+      provider "aws" {
+        region = var.region
+      }
+
+      module "label" {
+        source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0"
+        namespace  = var.namespace
+        name       = var.name
+        stage      = var.stage
+        delimiter  = var.delimiter
+        attributes = compact(concat(var.attributes, list("cluster")))
+        tags       = var.tags
+      }
+
+      locals {
+        tags = merge(module.label.tags, map("kubernetes.io/cluster/${module.label.id}", "shared"))
+      }
+
+      module "vpc" {
+        source     = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.8.1"
+        namespace  = var.namespace
+        stage      = var.stage
+        name       = var.name
+        attributes = var.attributes
+        cidr_block = var.vpc_cidr_block
+        tags       = local.tags
+      }
+
+      module "subnets" {
+        source               = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.18.1"
+        availability_zones   = var.availability_zones
+        namespace            = var.namespace
+        stage                = var.stage
+        name                 = var.name
+        attributes           = var.attributes
+        vpc_id               = module.vpc.vpc_id
+        igw_id               = module.vpc.igw_id
+        cidr_block           = module.vpc.vpc_cidr_block
+        nat_gateway_enabled  = false
+        nat_instance_enabled = false
+        tags                 = local.tags
+      }
+
+      module "eks_cluster" {
+        source                = "git::https://github.com/cloudposse/terraform-aws-eks-cluster.git?ref=tags/0.13.0"
+        namespace             = var.namespace
+        stage                 = var.stage
+        name                  = var.name
+        attributes            = var.attributes
+        tags                  = var.tags
+        region                = var.region
+        vpc_id                = module.vpc.vpc_id
+        subnet_ids            = module.subnets.public_subnet_ids
+        kubernetes_version    = var.kubernetes_version
+        kubeconfig_path       = var.kubeconfig_path
+        oidc_provider_enabled = var.oidc_provider_enabled
+
+        workers_role_arns          = [module.eks_node_group.eks_node_group_role_arn]
+        workers_security_group_ids = []
+      }
+
+      module "eks_node_group" {
+        source                = "git::https://github.com/cloudposse/terraform-aws-eks-node-group.git?ref=master"
+        namespace                 = var.namespace
+        stage                     = var.stage
+        name                      = var.name
+        attributes                = var.attributes
+        tags                      = var.tags
+        vpc_id                    = module.vpc.vpc_id
+        subnet_ids                = module.subnets.public_subnet_ids
+        instance_types            = var.instance_types
+        desired_size              = var.desired_size
+        min_size                  = var.min_size
+        max_size                  = var.max_size
+        cluster_name              = module.eks_cluster.eks_cluster_id
+        kubernetes_version        = var.kubernetes_version
+      }
+  ```
+
+include:
+  - "docs/targets.md"
+  - "docs/terraform.md"
+
+# Contributors to this project
+contributors:
+  - name: "Erik Osterman"
+    github: "osterman"
+  - name: "Andriy Knysh"
+    github: "aknysh"
+  - name: "Igor Rodionov"
+    github: "goruha"

codefresh/test.yml

@@ -0,0 +1,77 @@
+version: '1.0'
+
+stages:
+  - Prepare
+  - Test
+
+steps:
+  wait:
+    title: Wait
+    stage: Prepare
+    image: codefresh/cli:latest
+    commands:
+      - codefresh get builds --pipeline=${{CF_REPO_NAME}} --status running --limit 1000 -o json | jq --arg id ${{CF_BUILD_ID}} -ser 'flatten|.[-1].id==$id'
+    retry:
+      maxAttempts: 10
+      delay: 20
+      exponentialFactor: 1.1
+
+  main_clone:
+    title: "Clone repository"
+    type: git-clone
+    stage: Prepare
+    description: "Initialize"
+    repo: ${{CF_REPO_OWNER}}/${{CF_REPO_NAME}}
+    git: CF-default
+    revision: ${{CF_REVISION}}
+
+  clean_init:
+    title: Prepare build-harness and test-harness
+    image: ${{TEST_IMAGE}}
+    stage: Prepare
+    commands:
+      - cf_export PATH="/usr/local/terraform/0.12/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+      - make init
+      - git -C build-harness checkout master
+      - make -C test/ clean init TEST_HARNESS_BRANCH=master
+      - make -C test/src clean init
+      - find . -type d -name '.terraform' | xargs rm -rf
+      - find . -type f -name 'terraform.tfstate*' -exec rm -f {} \;
+
+  test:
+    type: "parallel"
+    title: "Run tests"
+    description: "Run all tests in parallel"
+    stage: Test
+    steps:
+      test_readme_lint:
+        title: "Test README.md updated"
+        stage: "Test"
+        image: ${{TEST_IMAGE}}
+        description: Test "readme/lint"
+        commands:
+          - make readme/lint
+
+      test_module:
+        title: Test module with bats
+        image: ${{TEST_IMAGE}}
+        stage: Test
+        commands:
+          - make -C test/ module
+
+      test_examples_complete:
+        title: Test "examples/complete" with bats
+        image: ${{TEST_IMAGE}}
+        stage: Test
+        commands:
+          - make -C test/ examples/complete
+
+      test_examples_complete_terratest:
+        title: Test "examples/complete" with terratest
+        image: ${{TEST_IMAGE}}
+        stage: Test
+        commands:
+          - unset AWS_PROFILE
+          - unset AWS_DEFAULT_PROFILE
+          - unset AWS_MFA_PROFILE
+          - make -C test/src

docs/targets.md

@@ -0,0 +1,10 @@
+## Makefile Targets
+```
+Available targets:
+
+  help                                Help screen
+  help/all                            Display help for all targets
+  help/short                          This help short screen
+  lint                                Lint terraform code
+
+```

docs/terraform.md

@@ -0,0 +1,38 @@
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| ami_release_version | AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version | string | `null` | no |
+| ami_type | Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to `AL2_x86_64`. Valid values: `AL2_x86_64`, `AL2_x86_64_GPU`. Terraform will only perform drift detection if a configuration value is provided | string | `AL2_x86_64` | no |
+| attributes | Additional attributes (e.g. `1`) | list(string) | `<list>` | no |
+| cluster_name | The name of the EKS cluster | string | - | yes |
+| delimiter | Delimiter to be used between `namespace`, `stage`, `name` and `attributes` | string | `-` | no |
+| desired_size | Desired number of worker nodes | number | - | yes |
+| disk_size | Disk size in GiB for worker nodes. Defaults to 20. Terraform will only perform drift detection if a configuration value is provided | number | `20` | no |
+| ec2_ssh_key | SSH key name that should be used to access the worker nodes | string | `null` | no |
+| enabled | Whether to create the resources. Set to `false` to prevent the module from creating any resources | bool | `true` | no |
+| existing_workers_role_policy_arns | List of existing policy ARNs that will be attached to the workers default role on creation | list(string) | `<list>` | no |
+| existing_workers_role_policy_arns_count | Count of existing policy ARNs that will be attached to the workers default role on creation. Needed to prevent Terraform error `count can't be computed` | number | `0` | no |
+| instance_types | Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. Terraform will only perform drift detection if a configuration value is provided | list(string) | - | yes |
+| kubernetes_labels | Key-value mapping of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed | map(string) | `<map>` | no |
+| kubernetes_version | Kubernetes version. Defaults to EKS Cluster Kubernetes version. Terraform will only perform drift detection if a configuration value is provided | string | `null` | no |
+| max_size | Maximum number of worker nodes | number | - | yes |
+| min_size | Minimum number of worker nodes | number | - | yes |
+| name | Solution name, e.g. 'app' or 'cluster' | string | - | yes |
+| namespace | Namespace, which could be your organization name, e.g. 'eg' or 'cp' | string | `` | no |
+| source_security_group_ids | Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. If you specify `ec2_ssh_key`, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0) | list(string) | `<list>` | no |
+| stage | Stage, e.g. 'prod', 'staging', 'dev', or 'test' | string | `` | no |
+| subnet_ids | A list of subnet IDs to launch resources in | list(string) | - | yes |
+| tags | Additional tags (e.g. `{ BusinessUnit = "XYZ" }` | map(string) | `<map>` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| eks_node_group_arn | Amazon Resource Name (ARN) of the EKS Node Group |
+| eks_node_group_id | EKS Cluster name and EKS Node Group name separated by a colon |
+| eks_node_group_resources | List of objects containing information about underlying resources of the EKS Node Group |
+| eks_node_group_role_arn | ARN of the worker nodes IAM role |
+| eks_node_group_role_name | Name of the worker nodes IAM role |
+| eks_node_group_status | Status of the EKS Node Group |
+

examples/complete/fixtures.us-east-2.tfvars

@@ -0,0 +1,25 @@
+region = "us-east-2"
+
+availability_zones = ["us-east-2a", "us-east-2b"]
+
+vpc_cidr_block = "172.16.0.0/16"
+
+namespace = "eg"
+
+stage = "test"
+
+name = "eks-node-group"
+
+instance_types = ["t3.small"]
+
+desired_size = 2
+
+max_size = 3
+
+min_size = 2
+
+disk_size = 20
+
+kubeconfig_path = "/.kube/config"
+
+kubernetes_labels = {}