eks con los permiso de kodekloud

.gitignore

@@ -4,6 +4,6 @@
 # .tfstate files
 *.tfstate
 *.tfstate.*
-
+.terraform*
 # .tfvars files
 *.tfvars

aws-auth.yaml

@@ -2,4 +2,15 @@
 ## We have configured this terraform template to display the configMap details as OUTPUT. 
 ## Once ``terrform apply`` is successful, you should see configMap details in the end of the output.
 ## Create configMap by ``kubectl apply -f aws-auth.yaml``
-
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: aws-auth
+  namespace: kube-system
+data:
+  mapRoles: |
+    - rolearn: arn:aws:iam::944820253794:role/eks-node
+      username: system:node:{{EC2PrivateDNSName}}
+      groups:
+        - system:bootstrappers
+        - system:nodes

aws-vpn-gtw.tf

@@ -2,9 +2,8 @@
 resource "aws_vpn_gateway" "vpn_gw" {
   vpc_id = "${aws_vpc.eks.id}"
 
-  tags = "${
-    map(
-     "Name", "eks aws vpn gateway"
-    )
-  }"
+  tags = {
+     "Name" = "eks aws vpn gateway"
+
+  }
 }

eks-cluster.tf

@@ -47,11 +47,11 @@ resource "aws_security_group" "eks-cluster" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 
-  tags = "${
-    map(
-     "Name", "EKS - kubernetes master sg"
-    )
-  }"
+  tags = {
+
+     "Name" = "EKS - kubernetes master sg"
+
+  }
 }
 
 ##
@@ -85,19 +85,25 @@ resource "aws_security_group_rule" "eks-cluster-ingress-workstation-https" {
 ##
 
 resource "aws_eks_cluster" "eks-cluster" {
-
   name     = "${var.cluster-name}"
   role_arn = "${aws_iam_role.eks-cluster.arn}"
   version  = "${var.eks_version}"
   # enabled_cluster_log_types = ["api", "audit", "scheduler", "controllerManager"]
-
   vpc_config {
-    security_group_ids = ["${aws_security_group.eks-cluster.id}"]
-    subnet_ids         = ["${aws_subnet.eks-public.*.id}", "${aws_subnet.eks-private.*.id}"]
+    security_group_ids = [aws_security_group.eks-cluster.id]
+#    subnet_ids         = data.aws_subnets.eks_subnet.ids
+#    subnet_ids         = [aws_subnet.eks-private[count_private.index].id, aws_subnet.eks-public[count_public.index].id]
+     subnet_ids         = [
+                           aws_subnet.eks-public[0].id, 
+                           aws_subnet.eks-public[1].id, 
+                           aws_subnet.eks-public[2].id, 
+                           aws_subnet.eks-private[0].id,
+                           aws_subnet.eks-private[1].id,
+                           aws_subnet.eks-private[2].id]
   }
 
   depends_on = [
-    "aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy",
-    "aws_iam_role_policy_attachment.eks-cluster-AmazonEKSServicePolicy",
+    aws_iam_role_policy_attachment.eks-cluster-AmazonEKSClusterPolicy,
+    aws_iam_role_policy_attachment.eks-cluster-AmazonEKSServicePolicy,
   ]
 }

eks-vpc.tf

@@ -10,12 +10,11 @@ resource "aws_vpc" "eks" {
   cidr_block = "10.15.0.0/19"
   enable_dns_hostnames = true
 
-  tags = "${
-    map(
-     "Name", "eks-vpc",
-     "kubernetes.io/cluster/${var.cluster-name}", "shared",
-    )
-  }"
+  tags = {
+     "Name" = "eks-vpc"
+     "kubernetes.io/cluster/${var.cluster-name}" = "shared"
+
+  }
 }
 
 ## EKS public subnets
@@ -26,26 +25,25 @@ resource "aws_subnet" "eks-public" {
   cidr_block        = "${var.public_subnets[count.index]}"
   vpc_id            = "${aws_vpc.eks.id}"
 
-  tags = "${
-    map(
-     "Name", "eks-public-subnet",
-     "kubernetes.io/cluster/${var.cluster-name}", "shared",
-    )
-  }"
+  tags = {
+     "Name" = "eks-public-subnet",
+     "kubernetes.io/cluster/${var.cluster-name}" = "shared",
+
+  }
 }
 
 
 ## internet gateway
 resource "aws_internet_gateway" "eks-igw" {
   vpc_id = "${aws_vpc.eks.id}"
 
-  tags {
+  tags = {
     Name = "eks-internet-gateway"
   }
 }
 
 resource "aws_route_table" "eks-public" {
-  vpc_id = "${aws_vpc.eks.id}"
+  vpc_id = aws_vpc.eks.id
 
   route {
     cidr_block = "0.0.0.0/0"
@@ -72,13 +70,13 @@ resource "aws_subnet" "eks-private" {
   cidr_block        = "${var.private_subnets[count.index]}"
   vpc_id            = "${aws_vpc.eks.id}"
 
-  tags = "${
-    map(
-     "Name", "eks-private-subnet",
-     "kubernetes.io/cluster/${var.cluster-name}", "shared",
-     "kubernetes.io/role/internal-elb", "1", 
-    )
-  }"
+  tags = {
+
+     "Name" = "eks-private-subnet",
+     "kubernetes.io/cluster/${var.cluster-name}" = "shared",
+     "kubernetes.io/role/internal-elb" = "1", 
+
+  }
 }
 
 resource "aws_eip" "nat" {
@@ -90,9 +88,9 @@ resource "aws_nat_gateway" "nat_gw" {
 
   allocation_id = "${aws_eip.nat.id}"
   subnet_id     = "${aws_subnet.eks-public.*.id[count.index]}"  #public subnet 
-  depends_on = ["aws_internet_gateway.eks-igw"]
+  depends_on = [aws_internet_gateway.eks-igw]
 
-  tags {
+  tags = {
     Name = "gw NAT"
   }
 }
@@ -101,8 +99,8 @@ resource "aws_nat_gateway" "nat_gw" {
 resource "aws_route_table" "eks-private" {
   vpc_id = "${aws_vpc.eks.id}"
 
-  tags {
-        Name = "route table for private subnets"
+  tags = {
+      Name = "route table for private subnets"
     }
 }
 

eks-worker-node-upgrade-v2.tf → eks-worker-node-upgrade-v2.tf.txt

@@ -43,7 +43,7 @@ resource "aws_autoscaling_group" "eks-private-asg-v2" {
   max_size             = 2
   min_size             = 1
   name                 = "eks-private"
-  vpc_zone_identifier  = ["${aws_subnet.eks-private.*.id}"]
+  vpc_zone_identifier  = data.aws_subnets.subs_priv.ids
 
   tag {
     key                 = "Name"