first commit

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,21 @@
+# I have issues
+
+## I'm submitting a
+
+* [ ] bug report
+* [ ] feature request
+* [ ] support request
+
+## What is the current behavior
+
+## If this is a bug, how to reproduce? Please include a code sample
+
+## What's the expected behavior
+
+## Environment
+
+* Affected module version:
+* OS:
+* Terraform version:
+
+## Other relevant info

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,13 @@
+# PR o'clock
+
+## Description
+
+Please explain the changes you made here and link to any relevant issues.
+
+### Checklist
+
+* [ ] `terraform fmt` and `terraform validate` both work from the root and `examples/alb_test_fixture` directories (look in CI for an example)
+* [ ] Tests for the changes have been added and passing (for bug fixes/features)
+* [ ] Test results are pasted in this PR (in lieu of CI)
+* [ ] Docs have been added/updated (for bug fixes/features)
+* [ ] Any breaking changes are noted in the description above

.gitignore

@@ -0,0 +1,9 @@
+*.tfvars
+*.tfstate*
+.terraform/
+**/inspec.lock
+*.gem
+.kitchen/
+.kitchen.local.yml
+Gemfile.lock
+terraform.tfstate.d/

.kitchen.yml

@@ -0,0 +1,20 @@
+---
+driver:
+  name: "terraform"
+  root_module_directory: "examples/eks_test_fixture"
+
+provisioner:
+  name: "terraform"
+
+platforms:
+  - name: "aws"
+
+verifier:
+  name: "awspec"
+
+suites:
+  - name: "default"
+    verifier:
+      name: "awspec"
+      patterns:
+      - "test/integration/default/test_eks.rb"

.pre-commit-config.yaml

@@ -0,0 +1,10 @@
+# See http://pre-commit.com for more information
+# See http://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    sha: v0.9.2
+    hooks:
+    -   id: trailing-whitespace
+    # -   id: end-of-file-fixer
+    -   id: check-yaml
+    -   id: check-added-large-files

.ruby-version

@@ -0,0 +1 @@
+2.4.2

CHANGELOG.md

@@ -0,0 +1,12 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/) and this
+project adheres to [Semantic Versioning](http://semver.org/).
+
+## [v0.1.0] - 2018-06-06
+
+### Added
+
+- Everything! Initial release of the module.

CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+- The use of sexualized language or imagery and unwelcome sexual attention or advances
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or electronic address, without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [email protected]. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

CONTRIBUTING.md

@@ -0,0 +1,13 @@
+# Contributing
+
+When contributing to this repository, please first discuss the change you wish to make via issue,
+email, or any other method with the owners of this repository before making a change.
+
+Please note we have a code of conduct, please follow it in all your interactions with the project.
+
+## Pull Request Process
+
+1.  Ensure any install or build dependencies are removed before the end of the layer when doing a build.
+2.  Update the README.md with details of changes to the interface, this includes new environment variables, exposed ports, useful file locations and container parameters.
+3.  Increase the version numbers in any examples files and the README.md to the new version that this Pull Request would represent. The versioning scheme we use is [SemVer](http://semver.org/).
+4.  You may merge the Pull Request in once you have the sign-off of two other developers, or if you do not have permission to do that, you may request the second reviewer to merge it for you.

Gemfile

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+ruby '2.4.2'
+
+source 'https://rubygems.org/' do
+  gem 'awspec', '~> 1.4.2'
+  gem 'kitchen-terraform', '~> 3.2'
+  gem 'kitchen-verifier-awspec', '~> 0.1.1'
+end

LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2018 Brandon O'Connor - Run at Scale
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,105 @@
+# terraform-aws-eks
+
+A terraform module to create a managed Kubernetes cluster on AWS EKS. Available
+through the [Terraform registry](https://registry.terraform.io/modules/terraform-aws-modules/eks/aws).
+
+| Branch | Build status                                                                                                                                                      |
+| ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| master | [![build Status](https://travis-ci.org/terraform-aws-modules/terraform-aws-eks.svg?branch=master)](https://travis-ci.org/terraform-aws-modules/terraform-aws-eks) |
+
+## Assumptions
+
+* You want to create a set of resources around an EKS cluster: namely an autoscaling group of workers and a security group for them.
+* You've created a Virtual Private Cloud (VPC) and subnets where you intend to put this EKS.
+
+It's recommended you use this module with [terraform-aws-vpc](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws),
+[terraform-aws-security-group](https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws), and
+[terraform-aws-autoscaling](https://registry.terraform.io/modules/terraform-aws-modules/autoscaling/aws/).
+
+## Usage example
+
+A full example leveraging other community modules is contained in the [examples/eks_test_fixture directory](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks_test_fixture). Here's the gist of using it via the Terraform registry:
+
+```hcl
+module "eks" {
+  source          = "terraform-aws-modules/eks/aws"
+  version         = "0.1.0"
+  cluster_name    = "test-eks-cluster"
+  security_groups = ["sg-edcd9784", "sg-edcd9785"]
+  subnets         = ["subnet-abcde012", "subnet-bcde012a"]
+  tags            = "${map("Environment", "test")}"
+  vpc_id          = "vpc-abcde012"
+}
+```
+
+## Testing
+
+This module has been packaged with [awspec](https://github.com/k1LoW/awspec) tests through [kitchen](https://kitchen.ci/) and [kitchen-terraform](https://newcontext-oss.github.io/kitchen-terraform/). To run them:
+
+1. Install [rvm](https://rvm.io/rvm/install) and the ruby version specified in the [Gemfile](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/Gemfile).
+2. Install bundler and the gems from our Gemfile:
+
+    ```bash
+    gem install bundler && bundle install
+    ```
+
+3. Ensure your AWS environment is configured (i.e. credentials and region) for test.
+4. Test using `bundle exec kitchen test` from the root of the repo.
+
+## Doc generation
+
+Documentation should be modified within `main.tf` and generated using [terraform-docs](https://github.com/segmentio/terraform-docs).
+Generate them like so:
+
+```bash
+go get github.com/segmentio/terraform-docs
+terraform-docs md ./ | cat -s | ghead -n -1 > README.md
+```
+
+## Contributing
+
+Report issues/questions/feature requests on in the [issues](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/new) section.
+
+Full contributing [guidelines are covered here](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/CONTRIBUTING.md).
+
+## IAM Permissions
+
+Testing and using this repo requires a minimum set of IAM permissions. Test permissions
+are listed in the [eks_test_fixture README](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks_test_fixture/README.md).
+
+## Change log
+
+The [changelog](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/CHANGELOG.md) captures all important release notes.
+
+## Authors
+
+Created and maintained by [Brandon O'Connor](https://github.com/brandoconnor) - [email protected].
+Many thanks to [the contributors listed here](https://github.com/terraform-aws-modules/terraform-aws-eks/graphs/contributors)!
+
+## License
+
+MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/LICENSE) for full details.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cluster_name | Name of the EKS cluster. | string | - | yes |
+| security_groups | The security groups to attach to the EKS cluster instances | list | - | yes |
+| subnets | A list of subnets to associate with the cluster's underlying instances. | list | - | yes |
+| tags | A map of tags to add to all resources | string | `<map>` | no |
+| vpc_id | VPC id where the cluster and other resources will be deployed. | string | - | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| cluster_arn | The Amazon Resource Name (ARN) of the cluster. |
+| cluster_certificate_authority | Nested attribute containing certificate-authority-data for your cluster |
+| cluster_data | The base64 encoded certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster. |
+| cluster_endpoint | The endpoint for your Kubernetes API server. |
+| cluster_id | The name of the cluster. |
+| cluster_version | The Kubernetes server version for the cluster. |
+| cluster_vpc_config | description |
+| config_map_aws_auth | description |
+| kubeconfig | description |

cluster.tf

@@ -0,0 +1,87 @@
+#
+# EKS Cluster Resources
+#  * IAM Role to allow EKS service to manage other AWS services
+#  * EC2 Security Group to allow networking traffic with EKS cluster
+#  * EKS Cluster
+#
+
+resource "aws_eks_cluster" "demo" {
+  name     = "${var.cluster_name}"
+  role_arn = "${aws_iam_role.demo-cluster.arn}"
+
+  vpc_config {
+    security_group_ids = ["${aws_security_group.demo-cluster.id}"]
+    subnet_ids         = ["${var.subnets}"]
+  }
+
+  depends_on = [
+    "aws_iam_role_policy_attachment.demo-cluster-AmazonEKSClusterPolicy",
+    "aws_iam_role_policy_attachment.demo-cluster-AmazonEKSServicePolicy",
+  ]
+}
+
+resource "aws_iam_role" "demo-cluster" {
+  name = "terraform-eks-demo-cluster"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "demo-cluster-AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = "${aws_iam_role.demo-cluster.name}"
+}
+
+resource "aws_iam_role_policy_attachment" "demo-cluster-AmazonEKSServicePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = "${aws_iam_role.demo-cluster.name}"
+}
+
+resource "aws_security_group" "demo-cluster" {
+  name        = "terraform-eks-demo-cluster"
+  description = "Cluster communication with worker nodes"
+  vpc_id      = "${var.vpc_id}"
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags {
+    Name = "terraform-eks-demo"
+  }
+}
+
+resource "aws_security_group_rule" "demo-cluster-ingress-node-https" {
+  description              = "Allow pods to communicate with the cluster API Server"
+  from_port                = 443
+  protocol                 = "tcp"
+  security_group_id        = "${aws_security_group.demo-cluster.id}"
+  source_security_group_id = "${aws_security_group.demo-node.id}"
+  to_port                  = 443
+  type                     = "ingress"
+}
+
+resource "aws_security_group_rule" "demo-cluster-ingress-workstation-https" {
+  cidr_blocks       = ["${local.workstation_external_cidr}"]
+  description       = "Allow workstation to communicate with the cluster API Server"
+  from_port         = 443
+  protocol          = "tcp"
+  security_group_id = "${aws_security_group.demo-cluster.id}"
+  to_port           = 443
+  type              = "ingress"
+}