pluralsh · michaeljguarino · Feb 2, 2024 · Feb 2, 2024
diff --git a/templates/clusters/eks/create.tf.liquid b/templates/clusters/eks/create.tf.liquid
@@ -0,0 +1,26 @@
+module "prod" {
+  source       = "../bootstrap/terraform/clouds/aws" // replace aws with gcp/azure/etc for other clouds
+  cluster_name = "{{ context.name }}"
+  vpc_name     = "{{ context.vpc_name }}"
+  create_db    = false
+  providers = {
+    helm = helm.{{ context.name }}
+  }
+}
+
+
+// setting up the helm provider is necessary for AWS as it'll install a few core resources via helm by default, ignore for AKS/GKE
+data "aws_eks_cluster_auth" "prod" {
+  name = module.prod.cluster.cluster_name
+
+  depends_on = [ module.prod.cluster ]
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = module.prod.cluster.cluster_endpoint
+    cluster_ca_certificate = base64decode(module.prod.cluster.cluster_certificate_authority_data)
+    token                  = data.aws_eks_cluster_auth.prod.token
+  }
+  alias = "{{ context.name }}"
+}
diff --git a/templates/clusters/eks/register.tf.liquid b/templates/clusters/eks/register.tf.liquid
@@ -0,0 +1,5 @@
+module "{{ context.name }}" {
+  source       = "../../bootstrap/terraform/modules/eks-byok"
+  cluster_name = "{{ context.name }}"
+  cluster_handle = "{{ context.name }}"
+}
diff --git a/templates/providers/bootstrap/aws.tf b/templates/providers/bootstrap/aws.tf
@@ -47,6 +47,12 @@ data "aws_eks_cluster_auth" "cluster" {
   depends_on = [ module.mgmt.cluster ]
 }
 
+provider "kubernetes" {
+  host                   = module.mgmt.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.mgmt.cluster_certificate_authority_data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
 provider "helm" {
   kubernetes {
     host                   = module.mgmt.cluster.cluster_endpoint

diff --git a/terraform/clouds/aws/eks.tf b/terraform/clouds/aws/eks.tf
@@ -12,9 +12,14 @@ module "eks" {
   control_plane_subnet_ids = module.vpc.public_subnets
 
   # EKS Managed Node Group(s)
-  eks_managed_node_group_defaults = var.node_group_defaults
+  eks_managed_node_group_defaults = merge(var.node_group_defaults,
+    {ami_release_version = data.aws_ssm_parameter.eks_ami_release_version.value})
 
   eks_managed_node_groups = var.managed_node_groups
 
   create_cloudwatch_log_group = var.create_cloudwatch_log_group
 }
+
+data "aws_ssm_parameter" "eks_ami_release_version" {
+  name = "/aws/service/eks/optimized-ami/${var.kubernetes_version}/amazon-linux-2/recommended/release_version"
+}
diff --git a/terraform/clouds/aws/outputs.tf b/terraform/clouds/aws/outputs.tf
@@ -1,5 +1,219 @@
+################################################################################
+# Cluster
+################################################################################
+
+output "cluster_arn" {
+  description = "The Amazon Resource Name (ARN) of the cluster"
+  value       = module.eks.cluster_arn
+}
+
 output "cluster" {
-    value = module.eks
+  description = "thin object representing the clusters info"
+  value = {
+    cluster_arn = module.eks.cluster_arn
+    cluster_name = module.eks.cluster_name
+    cluster_endpoint = module.eks.cluster_endpoint
+    cluster_certificate_authority_data = module.eks.cluster_certificate_authority_data
+  }
+}
+
+output "cluster_certificate_authority_data" {
+  description = "Base64 encoded certificate data required to communicate with the cluster"
+  value       = module.eks.cluster_certificate_authority_data
+}
+
+output "cluster_endpoint" {
+  description = "Endpoint for your Kubernetes API server"
+  value       = module.eks.cluster_endpoint
+}
+
+output "cluster_id" {
+  description = "The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts"
+  value       = module.eks.cluster_id
+}
+
+output "cluster_name" {
+  description = "The name of the EKS cluster"
+  value       = module.eks.cluster_name
+}
+
+output "cluster_oidc_issuer_url" {
+  description = "The URL on the EKS cluster for the OpenID Connect identity provider"
+  value       = module.eks.cluster_oidc_issuer_url
+}
+
+output "cluster_version" {
+  description = "The Kubernetes version for the cluster"
+  value       = module.eks.cluster_version
+}
+
+output "cluster_platform_version" {
+  description = "Platform version for the cluster"
+  value       = module.eks.cluster_platform_version
+}
+
+output "cluster_status" {
+  description = "Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`"
+  value       = module.eks.cluster_status
+}
+
+output "cluster_primary_security_group_id" {
+  description = "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console"
+  value       = module.eks.cluster_primary_security_group_id
+}
+
+################################################################################
+# KMS Key
+################################################################################
+
+output "kms_key_arn" {
+  description = "The Amazon Resource Name (ARN) of the key"
+  value       = module.eks.kms_key_arn
+}
+
+output "kms_key_id" {
+  description = "The globally unique identifier for the key"
+  value       = module.eks.kms_key_id
+}
+
+output "kms_key_policy" {
+  description = "The IAM resource policy set on the key"
+  value       = module.eks.kms_key_policy
+}
+
+################################################################################
+# Cluster Security Group
+################################################################################
+
+output "cluster_security_group_arn" {
+  description = "Amazon Resource Name (ARN) of the cluster security group"
+  value       = module.eks.cluster_security_group_arn
+}
+
+output "cluster_security_group_id" {
+  description = "ID of the cluster security group"
+  value       = module.eks.cluster_security_group_id
+}
+
+################################################################################
+# Node Security Group
+################################################################################
+
+output "node_security_group_arn" {
+  description = "Amazon Resource Name (ARN) of the node shared security group"
+  value       = module.eks.node_security_group_arn
+}
+
+output "node_security_group_id" {
+  description = "ID of the node shared security group"
+  value       = module.eks.node_security_group_id
+}
+
+################################################################################
+# IRSA
+################################################################################
+
+output "oidc_provider" {
+  description = "The OpenID Connect identity provider (issuer URL without leading `https://`)"
+  value       = module.eks.oidc_provider
+}
+
+output "oidc_provider_arn" {
+  description = "The ARN of the OIDC Provider if `enable_irsa = true`"
+  value       = module.eks.oidc_provider_arn
+}
+
+output "cluster_tls_certificate_sha1_fingerprint" {
+  description = "The SHA1 fingerprint of the public key of the cluster's certificate"
+  value       = module.eks.cluster_tls_certificate_sha1_fingerprint
+}
+
+################################################################################
+# IAM Role
+################################################################################
+
+output "cluster_iam_role_name" {
+  description = "IAM role name of the EKS cluster"
+  value       = module.eks.cluster_iam_role_name
+}
+
+output "cluster_iam_role_arn" {
+  description = "IAM role ARN of the EKS cluster"
+  value       = module.eks.cluster_iam_role_arn
+}
+
+output "cluster_iam_role_unique_id" {
+  description = "Stable and unique string identifying the IAM role"
+  value       = module.eks.cluster_iam_role_unique_id
+}
+
+################################################################################
+# EKS Addons
+################################################################################
+
+output "cluster_addons" {
+  description = "Map of attribute maps for all EKS cluster addons enabled"
+  value       = module.eks.cluster_addons
+}
+
+################################################################################
+# EKS Identity Provider
+################################################################################
+
+output "cluster_identity_providers" {
+  description = "Map of attribute maps for all EKS identity providers enabled"
+  value       = module.eks.cluster_identity_providers
+}
+
+################################################################################
+# CloudWatch Log Group
+################################################################################
+
+output "cloudwatch_log_group_name" {
+  description = "Name of cloudwatch log group created"
+  value       = module.eks.cloudwatch_log_group_name
+}
+
+output "cloudwatch_log_group_arn" {
+  description = "Arn of cloudwatch log group created"
+  value       = module.eks.cloudwatch_log_group_arn
+}
+
+################################################################################
+# Fargate Profile
+################################################################################
+
+output "fargate_profiles" {
+  description = "Map of attribute maps for all EKS Fargate Profiles created"
+  value       = module.eks.fargate_profiles
+}
+
+################################################################################
+# EKS Managed Node Group
+################################################################################
+
+output "eks_managed_node_groups" {
+  description = "Map of attribute maps for all EKS managed node groups created"
+  value       = module.eks.eks_managed_node_groups
+}
+
+output "eks_managed_node_groups_autoscaling_group_names" {
+  description = "List of the autoscaling group names created by EKS managed node groups"
+  value       = module.eks.eks_managed_node_groups_autoscaling_group_names
+}
+
+################################################################################
+# Self Managed Node Group
+################################################################################
+
+output "self_managed_node_groups" {
+  description = "Map of attribute maps for all self managed node groups created"
+  value       = module.eks.self_managed_node_groups
+}
+
+output "self_managed_node_groups_autoscaling_group_names" {
+  description = "List of the autoscaling group names created by self-managed node groups"
+  value       = module.eks.self_managed_node_groups_autoscaling_group_names
 }
 
 output "vpc" {

diff --git a/terraform/clouds/aws/variables.tf b/terraform/clouds/aws/variables.tf
@@ -66,17 +66,29 @@ variable "node_group_defaults" {
   type = any
   default = {
     instance_types = ["t3.xlarge", "t3a.xlarge"]
+    block_device_mappings = [
+      {
+        device_name = "/dev/xvda"
+        ebs = {
+          volume_size = 50
+          volume_type = "gp3"
+          delete_on_termination = true
+          encrypted = true
+        }
+      }
+    ]
+    disk_size = 50
   }
 }
 
 variable "managed_node_groups" {
   type = any
   default = {
-    blue = {}
     green = {
-      min_size     = 3
-      max_size     = 10
-      desired_size = 3
+      use_name_prefix = false
+      min_size        = 3
+      max_size        = 10
+      desired_size    = 3
     }
   }
 }

diff --git a/terraform/modules/aks-byok/cluster.tf b/terraform/modules/aks-byok/cluster.tf
@@ -10,15 +10,10 @@ resource "plural_cluster" "this" {
     tags     = var.tags
     protect  = var.protect
     # bindings = var.bindings
-    cloud    = "byok"
-    cloud_settings = {
-      byok = {
-        kubeconfig = {
-          host                   = data.azurerm_kubernetes_cluster.cluster.kube_config[0].host
-          client_certificate     = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].client_certificate)
-          client_key             = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].client_key)
-          cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].cluster_ca_certificate)
-        }
-      }
+    kubeconfig = {
+      host                   = data.azurerm_kubernetes_cluster.cluster.kube_config[0].host
+      client_certificate     = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].client_certificate)
+      client_key             = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].client_key)
+      cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config[0].cluster_ca_certificate)
     }
 }
diff --git a/terraform/modules/eks-byok/cluster.tf b/terraform/modules/eks-byok/cluster.tf
@@ -12,14 +12,9 @@ resource "plural_cluster" "this" {
     tags     = var.tags
     protect  = var.protect
     # bindings = var.bindings
-    cloud    = "byok"
-    cloud_settings = {
-      byok = {
-        kubeconfig = { 
-          host                   = data.aws_eks_cluster.cluster.endpoint
-          cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
-          token                  = data.aws_eks_cluster_auth.cluster.token
-        }
-      }
+    kubeconfig = { 
+      host                   = data.aws_eks_cluster.cluster.endpoint
+      cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
+      token                  = data.aws_eks_cluster_auth.cluster.token
     }
 }
diff --git a/terraform/modules/gke-byok/cluster.tf b/terraform/modules/gke-byok/cluster.tf
@@ -12,14 +12,9 @@ resource "plural_cluster" "this" {
     tags     = var.tags
     protect  = var.protect
     # bindings = var.bindings
-    cloud    = "byok"
-    cloud_settings = {
-      byok = {
-        kubeconfig = {
-          host = "https://${data.google_container_cluster.cluster.endpoint}"
-          cluster_ca_certificate = base64decode(data.google_container_cluster.cluster.master_auth.0.cluster_ca_certificate)
-          token = data.google_client_config.default.access_token
-        }
-      }
+    kubeconfig = {
+      host = "https://${data.google_container_cluster.cluster.endpoint}"
+      cluster_ca_certificate = base64decode(data.google_container_cluster.cluster.master_auth.0.cluster_ca_certificate)
+      token = data.google_client_config.default.access_token
     }
 }