diff --git a/README.md b/README.md index 5c2bd02..a907977 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,13 @@ # terraform-aws-eks-basic -A basic Terraform module for creating and managing Amazon EKS (Elastic Kubernetes Service) clusters. This module supports multiple compute modes: EC2, Fargate, and AutoMode, with EC2 as the primary focus. +A basic Terraform module for creating and managing Amazon EKS (Elastic Kubernetes Service) clusters. Currently supports EC2 and Fargate; AutoMode is scaffolded only (no AutoMode-specific resources yet). ## Features -- **Multi-Compute Support**: Supports EC2, Fargate, and AutoMode compute types +- **Multi-Compute Support**: Supports EC2 and Fargate; AutoMode is scaffolded - **EC2 Managed Node Groups**: Full support for EC2 managed node groups with auto-scaling -- **Fargate Profiles**: Structure ready for Fargate profile configuration -- **AutoMode**: Structure ready for EKS AutoMode configuration +- **Fargate Profiles**: Supported via `fargate_profiles` and Fargate IAM role creation +- **AutoMode**: Placeholder wiring only; no AutoMode-specific resources yet - **IRSA Support**: OIDC provider setup for IAM Roles for Service Accounts - **EKS Capabilities**: Managed ACK, KRO, and ArgoCD capabilities (optional, default: disabled) - **ACK**: AWS Controllers for Kubernetes - create AWS resources via Kubernetes manifests @@ -18,7 +18,7 @@ A basic Terraform module for creating and managing Amazon EKS (Elastic Kubernete - AWS Load Balancer Controller (optional, default: disabled) - **Comprehensive Testing**: Includes Terraform test suite -## Requirements +## Prerequisites | Name | Version | | ---- | ------- | @@ -34,7 +34,7 @@ A basic Terraform module for creating and managing Amazon EKS (Elastic Kubernete ```hcl module "eks" { - source = "path/to/terraform-aws-eks-basic" + source = "tfstack/eks-basic/aws" cluster_name = "my-eks-cluster" cluster_version = "1.28" @@ -62,7 +62,7 @@ module "eks" { ```hcl module "eks" { - source = "path/to/terraform-aws-eks-basic" + source = "tfstack/eks-basic/aws" cluster_name = "my-eks-cluster" cluster_version = "1.28" @@ -85,7 +85,7 @@ module "eks" { ```hcl module "eks" { - source = "path/to/terraform-aws-eks-basic" + source = "tfstack/eks-basic/aws" cluster_name = "my-eks-cluster" cluster_version = "1.28" @@ -109,7 +109,7 @@ module "eks" { ```hcl module "eks" { - source = "path/to/terraform-aws-eks-basic" + source = "tfstack/eks-basic/aws" cluster_name = "my-eks-cluster" cluster_version = "1.28" @@ -141,7 +141,7 @@ module "eks" { ```hcl module "eks" { - source = "path/to/terraform-aws-eks-basic" + source = "tfstack/eks-basic/aws" cluster_name = "my-eks-cluster" cluster_version = "1.28" diff --git a/examples/basic/README.md b/examples/basic/README.md index a3a3de3..723469d 100644 --- a/examples/basic/README.md +++ b/examples/basic/README.md @@ -52,8 +52,7 @@ This example automatically creates a VPC with: ### Optional Variables -- `cluster_name`: Name of the EKS cluster (default: `example-eks-cluster`) -- `cluster_version`: Kubernetes version (default: `1.28`) +- `cluster_version`: Kubernetes version (default: `1.34`) - `node_instance_types`: EC2 instance types for nodes (default: `["t3.medium"]`) - `node_desired_size`: Desired number of nodes (default: `2`) - `node_min_size`: Minimum number of nodes (default: `1`) @@ -61,6 +60,8 @@ This example automatically creates a VPC with: - `node_disk_size`: Disk size in GiB (default: `20`) - `enable_ebs_csi_driver`: Enable EBS CSI Driver addon (default: `false`) - `enable_aws_lb_controller`: Enable AWS Load Balancer Controller (default: `false`) +- `aws_auth_map_users`: IAM users to add to aws-auth (default: `[]`) +- `aws_auth_map_roles`: IAM roles to add to aws-auth (default: `[]`) ## Outputs diff --git a/examples/ebs-web-app/README.md b/examples/ebs-web-app/README.md index f13283c..808d7c3 100644 --- a/examples/ebs-web-app/README.md +++ b/examples/ebs-web-app/README.md @@ -56,7 +56,17 @@ cluster_name = "ebs-web-app" ```bash terraform init terraform plan -terraform apply +``` + +Because this example uses the Kubernetes provider (which needs a live cluster), +apply it in two stages: + +```bash +# 1) Create the EKS cluster first +terraform apply -target=module.eks -auto-approve + +# 2) Apply the rest (EBS CSI Driver, PVC, deployment, service) +terraform apply -auto-approve ``` Wait for the cluster and EBS CSI Driver to be fully provisioned (this may take 10-15 minutes). diff --git a/examples/eks-capabilities/README.md b/examples/eks-capabilities/README.md index 2d39efe..6558d06 100644 --- a/examples/eks-capabilities/README.md +++ b/examples/eks-capabilities/README.md @@ -4,10 +4,10 @@ This example demonstrates how to use EKS Capabilities (ACK, KRO, and ArgoCD) for ## What This Example Creates -1. **EKS Cluster** with all three capabilities enabled: +1. **EKS Cluster** with capabilities enabled: - **ACK** (AWS Controllers for Kubernetes) - Create AWS resources via Kubernetes manifests - **KRO** (Kube Resource Orchestrator) - Platform engineering abstractions - - **ArgoCD** - GitOps capability for continuous deployment + - **ArgoCD** - GitOps capability for continuous deployment (disabled by default in this example) 2. **KRO Resource Graph Definition (RGD)** - Platform team abstraction template 3. **KRO Resource Group Instance** - Developer-facing application deployment @@ -16,7 +16,7 @@ This example demonstrates how to use EKS Capabilities (ACK, KRO, and ArgoCD) for ## Features Demonstrated -- ✅ EKS Capabilities enablement (ACK, KRO, ArgoCD) +- ✅ EKS Capabilities enablement (ACK, KRO, optional ArgoCD) - ✅ Platform engineering with KRO Resource Graph Definitions - ✅ Creating AWS resources (DynamoDB, S3, IAM) via ACK as part of the WebAppStack - ✅ Creating additional ACK example resources via standalone manifests @@ -61,7 +61,7 @@ terraform apply -auto-approve Wait for the cluster and capabilities to be fully provisioned (this may take 10-15 minutes). -**Note:** The module automatically creates IAM roles for each capability (ACK, KRO, ArgoCD) with the appropriate managed policies. If you prefer to use existing roles, you can provide them via the `*_capability_role_arn` variables. +**Note:** The module automatically creates IAM roles for enabled capabilities (ACK, KRO, and ArgoCD if you enable it) with the appropriate managed policies. If you prefer to use existing roles, you can provide them via the `*_capability_role_arn` variables. ### Step 3: Configure kubectl @@ -156,7 +156,9 @@ kubectl get policy.iam.services.k8s.aws eks-capabilities-app-policy kubectl get podidentityassociation eks-capabilities-app # Optional S3 bucket (only if bucket.enabled=true) -kubectl get bucket eks-capabilities-bucket +kubectl get bucket eks-capabilities-app-bucket + +# Keep this name distinct from the ACK example bucket (eks-capabilities-bucket) ``` @@ -197,7 +199,6 @@ The WebAppStack uses ACK-backed resources under the hood: - DynamoDB table for app state - Optional S3 bucket when enabled - IAM role/policy for Pod Identity -- DynamoDB table for app state ## Verifying the Deployment @@ -249,7 +250,7 @@ kubectl get ingress eks-capabilities-app-ingress -o jsonpath='{.status.loadBalan ## ArgoCD Capability -The ArgoCD capability is enabled but requires additional configuration for full GitOps setup. The capability provides: +The ArgoCD capability is disabled by default in this example. If you enable it, it provides: - Managed ArgoCD installation - GitOps workflow support diff --git a/examples/eks-capabilities/kubernetes/dev-team/eks-capabilities-app-instance.yaml b/examples/eks-capabilities/kubernetes/dev-team/eks-capabilities-app-instance.yaml index e2690f2..efae8df 100644 --- a/examples/eks-capabilities/kubernetes/dev-team/eks-capabilities-app-instance.yaml +++ b/examples/eks-capabilities/kubernetes/dev-team/eks-capabilities-app-instance.yaml @@ -16,5 +16,5 @@ spec: alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]' bucket: enabled: false - name: eks-capabilities-bucket + name: eks-capabilities-app-bucket region: ap-southeast-2