Skip to content

Commit 245aed5

Browse files
ShahNewazKhanShahNewazKhan
committed
Added kubernetes specs
1 parent 516299b commit 245aed5

File tree

14 files changed

+667
-9
lines changed

14 files changed

+667
-9
lines changed

cmd/generate.go

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,16 @@
11
package cmd
22

33
import (
4+
45
"log"
56
"sync"
6-
77
"github.com/commitdev/commit0/internal/config"
88
"github.com/commitdev/commit0/internal/generate/docker"
99
"github.com/commitdev/commit0/internal/generate/golang"
1010
"github.com/commitdev/commit0/internal/generate/http"
1111
"github.com/commitdev/commit0/internal/generate/proto"
1212
"github.com/commitdev/commit0/internal/generate/react"
13+
"github.com/commitdev/commit0/internal/generate/kubernetes"
1314
"github.com/commitdev/commit0/internal/templator"
1415
"github.com/commitdev/commit0/internal/util"
1516
"github.com/gobuffalo/packr/v2"
@@ -22,9 +23,10 @@ var language string
2223
const (
2324
Go = "go"
2425
React = "react"
26+
Kubernetes = "kubernetes"
2527
)
2628

27-
var supportedLanguages = [...]string{Go, React}
29+
var supportedLanguages = [...]string{Go, React, Kubernetes}
2830

2931
func init() {
3032

@@ -59,6 +61,8 @@ var generateCmd = &cobra.Command{
5961
docker.GenerateGoDockerCompose(t, cfg, &wg)
6062
case React:
6163
react.Generate(t, cfg, &wg)
64+
case Kubernetes:
65+
kubernetes.Generate(Templator, cfg)
6266
}
6367

6468
util.TemplateFileIfDoesNotExist("", "README.md", t.Readme, &wg, cfg)

go.mod

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,12 @@ require (
88
github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 // indirect
99
github.com/k0kubun/pp v3.0.1+incompatible
1010
github.com/mattn/go-colorable v0.1.2 // indirect
11-
github.com/rogpeppe/go-internal v1.3.2 // indirect
11+
github.com/rogpeppe/go-internal v1.5.0 // indirect
1212
github.com/spf13/cobra v0.0.5
1313
github.com/stretchr/testify v1.4.0 // indirect
14-
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392 // indirect
14+
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 // indirect
1515
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e // indirect
16+
golang.org/x/sys v0.0.0-20191010194322-b09406accb47 // indirect
1617
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
1718
gopkg.in/yaml.v2 v2.2.4
1819
)

go.sum

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -48,8 +48,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
4848
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
4949
github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
5050
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
51-
github.com/rogpeppe/go-internal v1.3.2 h1:XU784Pr0wdahMY2bYcyK6N1KuaRAdLtqD4qd8D18Bfs=
52-
github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
51+
github.com/rogpeppe/go-internal v1.5.0 h1:Usqs0/lDK/NqTkvrmKSwA/3XkZAs7ZAW/eLeQ2MVBTw=
52+
github.com/rogpeppe/go-internal v1.5.0/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
5353
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
5454
github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
5555
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
@@ -74,6 +74,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
7474
golang.org/x/crypto v0.0.0-20190621222207-cc06ce4a13d4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
7575
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392 h1:ACG4HJsFiNMf47Y4PeRoebLNy/2lXT9EtprMuTFWt1M=
7676
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
77+
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
78+
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
7779
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
7880
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
7981
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -86,8 +88,8 @@ golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5h
8688
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
8789
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
8890
golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
89-
golang.org/x/sys v0.0.0-20190922100055-0a153f010e69 h1:rOhMmluY6kLMhdnrivzec6lLgaVbMHMn2ISQXJeJ5EM=
90-
golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
91+
golang.org/x/sys v0.0.0-20191010194322-b09406accb47 h1:/XfQ9z7ib8eEJX2hdgFTZJ/ntt0swNk5oYBziWeTCvY=
92+
golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
9193
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
9294
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
9395
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0 h1:Dh6fw+p6FyRl5x/FvNswO1ji0lIGzm3KP8Y9VkS9PTE=

internal/config/config.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,13 @@ type Commit0Config struct {
5555
Maintainers []Maintainers `yaml:"maintainers"`
5656
Network Network `yaml:"network"`
5757
Services []Service `yaml:"services"`
58-
React React `yaml:react`
58+
React React `yaml:"react"`
59+
Kubernetes Kubernetes `yaml:"kubernetes"`
60+
}
61+
62+
type Kubernetes struct {
63+
ClusterName string
64+
DNSName string
5965
}
6066

6167
func LoadConfig(filePath string) *Commit0Config {

internal/generate/kubernetes/generate.go

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
package kubernetes
2+
3+
import (
4+
//"github.com/commitdev/commit0/util"
5+
6+
"github.com/commitdev/commit0/config"
7+
"github.com/commitdev/commit0/templator"
8+
)
9+
10+
func Generate(templator *templator.Templator, config *config.Commit0Config) {
11+
templator.Kubernetes.TemplateFiles(config, false)
12+
}
13+

templates/kubernetes/teraform/README.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
# EKS Terraform
2+
3+
AWS Resources created:
4+
5+
- EKS Cluster: AWS managed Kubernetes cluster of master servers
6+
- AutoScaling Group containing 2 m4.large instances based on the latest EKS Amazon Linux 2 AMI: Operator managed Kubernetes worker nodes for running Kubernetes service deployments
7+
- Associated VPC, Internet Gateway, Security Groups, and Subnets: Operator managed networking resources for the EKS Cluster and worker node instances
8+
- Associated IAM Roles and Policies: Operator managed access resources for EKS and worker node instances
9+
10+
## Pre-requisites
11+
12+
- Setup the [AWS credentials](https://www.terraform.io/docs/providers/aws/index.html#environment-variables) for terraform
13+
14+
## Spin up cluster
15+
16+
```shell
17+
18+
terraform plan
19+
terraform apply
20+
21+
```
22+
23+
### Connect to cluster
24+
The EKS service does not provide a cluster-level API parameter or resource to automatically configure the underlying Kubernetes cluster to allow worker nodes to join the cluster via AWS IAM role authentication.
25+
26+
- Run `aws eks update-kubeconfig --name staging` to configure `kubectl`
27+
- Run `terraform output config_map_aws_auth` and save the configuration into a file, e.g. config_map_aws_auth.yaml
28+
- Run `kubectl apply -f config_map_aws_auth.yaml`
29+
- You can verify the worker nodes are joining the cluster via: `kubectl get nodes --watch`

templates/kubernetes/teraform/eks-cluster.tf

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
#
2+
# EKS Cluster Resources
3+
# * IAM Role to allow EKS service to manage other AWS services
4+
# * EC2 Security Group to allow networking traffic with EKS cluster
5+
# * EKS Cluster
6+
#
7+
8+
resource "aws_iam_role" "demo-cluster" {
9+
name = "terraform-eks-demo-cluster"
10+
11+
assume_role_policy = <<POLICY
12+
{
13+
"Version": "2012-10-17",
14+
"Statement": [
15+
{
16+
"Effect": "Allow",
17+
"Principal": {
18+
"Service": "eks.amazonaws.com"
19+
},
20+
"Action": "sts:AssumeRole"
21+
}
22+
]
23+
}
24+
POLICY
25+
}
26+
27+
resource "aws_iam_role_policy_attachment" "demo-cluster-AmazonEKSClusterPolicy" {
28+
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
29+
role = "${aws_iam_role.demo-cluster.name}"
30+
}
31+
32+
resource "aws_iam_role_policy_attachment" "demo-cluster-AmazonEKSServicePolicy" {
33+
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
34+
role = "${aws_iam_role.demo-cluster.name}"
35+
}
36+
37+
resource "aws_security_group" "demo-cluster" {
38+
name = "terraform-eks-demo-cluster"
39+
description = "Cluster communication with worker nodes"
40+
vpc_id = "${aws_vpc.demo.id}"
41+
42+
egress {
43+
from_port = 0
44+
to_port = 0
45+
protocol = "-1"
46+
cidr_blocks = ["0.0.0.0/0"]
47+
}
48+
49+
tags = {
50+
Name = "terraform-eks-demo"
51+
}
52+
}
53+
54+
resource "aws_security_group_rule" "demo-cluster-ingress-node-https" {
55+
description = "Allow pods to communicate with the cluster API Server"
56+
from_port = 443
57+
protocol = "tcp"
58+
security_group_id = "${aws_security_group.demo-cluster.id}"
59+
source_security_group_id = "${aws_security_group.demo-node.id}"
60+
to_port = 443
61+
type = "ingress"
62+
}
63+
64+
resource "aws_security_group_rule" "demo-cluster-ingress-workstation-https" {
65+
cidr_blocks = ["${local.workstation-external-cidr}"]
66+
description = "Allow workstation to communicate with the cluster API Server"
67+
from_port = 443
68+
protocol = "tcp"
69+
security_group_id = "${aws_security_group.demo-cluster.id}"
70+
to_port = 443
71+
type = "ingress"
72+
}
73+
74+
resource "aws_eks_cluster" "demo" {
75+
name = "${var.cluster-name}"
76+
role_arn = "${aws_iam_role.demo-cluster.arn}"
77+
78+
vpc_config {
79+
security_group_ids = ["${aws_security_group.demo-cluster.id}"]
80+
subnet_ids = ["${aws_subnet.demo-0.id}","${aws_subnet.demo-1.id}"]
81+
}
82+
83+
depends_on = [
84+
"aws_iam_role_policy_attachment.demo-cluster-AmazonEKSClusterPolicy",
85+
"aws_iam_role_policy_attachment.demo-cluster-AmazonEKSServicePolicy",
86+
]
87+
}

templates/kubernetes/teraform/eks-worker-ndoes.tf

Lines changed: 145 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,145 @@
1+
#
2+
# EKS Worker Nodes Resources
3+
# * IAM role allowing Kubernetes actions to access other AWS services
4+
# * EC2 Security Group to allow networking traffic
5+
# * Data source to fetch latest EKS worker AMI
6+
# * AutoScaling Launch Configuration to configure worker instances
7+
# * AutoScaling Group to launch worker instances
8+
#
9+
10+
resource "aws_iam_role" "demo-node" {
11+
name = "terraform-eks-demo-node"
12+
13+
assume_role_policy = <<POLICY
14+
{
15+
"Version": "2012-10-17",
16+
"Statement": [
17+
{
18+
"Effect": "Allow",
19+
"Principal": {
20+
"Service": "ec2.amazonaws.com"
21+
},
22+
"Action": "sts:AssumeRole"
23+
}
24+
]
25+
}
26+
POLICY
27+
}
28+
29+
resource "aws_iam_role_policy_attachment" "demo-node-AmazonEKSWorkerNodePolicy" {
30+
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
31+
role = "${aws_iam_role.demo-node.name}"
32+
}
33+
34+
resource "aws_iam_role_policy_attachment" "demo-node-AmazonEKS_CNI_Policy" {
35+
policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
36+
role = "${aws_iam_role.demo-node.name}"
37+
}
38+
39+
resource "aws_iam_role_policy_attachment" "demo-node-AmazonEC2ContainerRegistryReadOnly" {
40+
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
41+
role = "${aws_iam_role.demo-node.name}"
42+
}
43+
44+
resource "aws_iam_instance_profile" "demo-node" {
45+
name = "terraform-eks-demo"
46+
role = "${aws_iam_role.demo-node.name}"
47+
}
48+
49+
resource "aws_security_group" "demo-node" {
50+
name = "terraform-eks-demo-node"
51+
description = "Security group for all nodes in the cluster"
52+
vpc_id = "${aws_vpc.demo.id}"
53+
54+
egress {
55+
from_port = 0
56+
to_port = 0
57+
protocol = "-1"
58+
cidr_blocks = ["0.0.0.0/0"]
59+
}
60+
61+
tags = "${
62+
map(
63+
"Name", "terraform-eks-demo-node",
64+
"kubernetes.io/cluster/${var.cluster-name}", "owned",
65+
)
66+
}"
67+
}
68+
69+
resource "aws_security_group_rule" "demo-node-ingress-self" {
70+
description = "Allow node to communicate with each other"
71+
from_port = 0
72+
protocol = "-1"
73+
security_group_id = "${aws_security_group.demo-node.id}"
74+
source_security_group_id = "${aws_security_group.demo-node.id}"
75+
to_port = 65535
76+
type = "ingress"
77+
}
78+
79+
resource "aws_security_group_rule" "demo-node-ingress-cluster" {
80+
description = "Allow worker Kubelets and pods to receive communication from the cluster control plane"
81+
from_port = 1025
82+
protocol = "tcp"
83+
security_group_id = "${aws_security_group.demo-node.id}"
84+
source_security_group_id = "${aws_security_group.demo-cluster.id}"
85+
to_port = 65535
86+
type = "ingress"
87+
}
88+
89+
data "aws_ami" "eks-worker" {
90+
filter {
91+
name = "name"
92+
values = ["amazon-eks-node-${aws_eks_cluster.demo.version}-v*"]
93+
}
94+
95+
most_recent = true
96+
owners = ["602401143452"] # Amazon EKS AMI Account ID
97+
}
98+
99+
# EKS currently documents this required userdata for EKS worker nodes to
100+
# properly configure Kubernetes applications on the EC2 instance.
101+
# We utilize a Terraform local here to simplify Base64 encoding this
102+
# information into the AutoScaling Launch Configuration.
103+
# More information: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
104+
locals {
105+
demo-node-userdata = <<USERDATA
106+
#!/bin/bash
107+
set -o xtrace
108+
/etc/eks/bootstrap.sh --apiserver-endpoint '${aws_eks_cluster.demo.endpoint}' --b64-cluster-ca '${aws_eks_cluster.demo.certificate_authority.0.data}' '${var.cluster-name}'
109+
USERDATA
110+
}
111+
112+
resource "aws_launch_configuration" "demo" {
113+
associate_public_ip_address = true
114+
iam_instance_profile = "${aws_iam_instance_profile.demo-node.name}"
115+
image_id = "${data.aws_ami.eks-worker.id}"
116+
instance_type = "m4.large"
117+
name_prefix = "terraform-eks-demo"
118+
security_groups = ["${aws_security_group.demo-node.id}"]
119+
user_data_base64 = "${base64encode(local.demo-node-userdata)}"
120+
121+
lifecycle {
122+
create_before_destroy = true
123+
}
124+
}
125+
126+
resource "aws_autoscaling_group" "demo" {
127+
desired_capacity = 2
128+
launch_configuration = "${aws_launch_configuration.demo.id}"
129+
max_size = 2
130+
min_size = 1
131+
name = "terraform-eks-demo"
132+
vpc_zone_identifier = ["${aws_subnet.demo-0.id}","${aws_subnet.demo-1.id}"]
133+
134+
tag {
135+
key = "Name"
136+
value = "terraform-eks-demo"
137+
propagate_at_launch = true
138+
}
139+
140+
tag {
141+
key = "kubernetes.io/cluster/${var.cluster-name}"
142+
value = "owned"
143+
propagate_at_launch = true
144+
}
145+
}

0 commit comments

Comments
 (0)