Terraform으로 EKS Cluster 프로비전(4) 結 - 구성파일

keypair.tf

# Upload Keypair
resource "aws_key_pair" "seunghyeon-bastion" {
  key_name = "seunghyeon-eks-bastion"
  public_key = file("/home/sin/.ssh/project/seunghyeon-eks-bastion.pub")
}
resource "aws_key_pair" "seunghyeon-eks" {
  key_name = "seunghyeon-eks"
  public_key = file("/home/sin/.ssh/project/seunghyeon-eks.pub")
}

main.tf

###################  Create VPC   ###################
module "vpc" {
  source = "git::https://github.com/SeungHyeonShin/terraform.git//modules/eks-vpc?ref=v1.0.1"

  aws_vpc_cidr        = "192.168.0.0/16"
  aws_private_subnets = ["192.168.1.0/24", "192.168.2.0/24", "192.168.3.0/24"]
  aws_public_subnets  = ["192.168.11.0/24", "192.168.12.0/24", "192.168.13.0/24"]
  aws_region          = local.region
  aws_azs             = ["ap-northeast-2a", "ap-northeast-2b", "ap-northeast-2c"]
  aws_default_name    = "seunghyeon"
  global_tags = {
    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
  }
}

###################  Create EKS   ###################
module "eks" {
  source          = "git::https://github.com/terraform-aws-modules/terraform-aws-eks.git?ref=v12.1.0"
  cluster_name    = local.cluster_name
  vpc_id          = module.vpc.aws_vpc_id
  subnets         = module.vpc.private_subnets
  cluster_version = "1.18"

  node_groups = {
    eks_nodes = {
      desired_capacity = 3
      max_capacity     = 5
      min_capacity     = 3
      key_name         = aws_key_pair.seunghyeon-eks.key_name
      instance_type    = "t3.micro"
      source_security_group_ids = [
        aws_security_group.seunghyeon-bastion-sg.id
      ]
    }
  }
  manage_aws_auth = false
}

############   Create Bastion Host   ################
resource "aws_security_group" "seunghyeon-bastion-sg" {
  name = "seunghyeon-bastion"
  vpc_id = module.vpc.aws_vpc_id

  ingress {
    from_port = 22
    protocol = "tcp"
    to_port = 22
    cidr_blocks = var.my-ip-address
  }

  egress {
    from_port = 0
    protocol = "-1"
    to_port = 0
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    "Name" = "seunghyeon-EKS-bastion-sg"
  }
}
resource "aws_instance" "bastion" {
  ami = "ami-027ce4ce0590e3c98"
  instance_type = "t2.micro"
  subnet_id = element(module.vpc.public_subnets, 0)
  key_name = aws_key_pair.seunghyeon-bastion.id
  vpc_security_group_ids = [
    aws_security_group.seunghyeon-bastion-sg.id
  ]

  tags = {
    "Name" = "seunghyeon-EKS-bastionHost"
  }
}

############   Local Variable  ######################
locals {
  cluster_name = "seunghyeon-eks-cluster"
  region       = "ap-northeast-2"
}

provider.tf

provider "aws" {
  region = "ap-northeast-2"
}

var.tf

variable "my-ip-address" {
  description = "Enter the IP address that connects to the Bastion EC2"
  default = ["0.0.0.0/0"]
}