gijsdpg/gist:3009309d32c9d298b214d2c7ea615e13 Secret

## gistfile1.txt
data "aws_subnet" "private-a" {
  id = "subnet-#####"
}

data "aws_subnet" "private-b" {
  id = "subnet-#####"
}

data "aws_subnet" "private-c" {
  id = "subnet-#####"
}

data "aws_vpc" "prod" {
  id = "vpc-####"
}

locals {
  cluster_name = "DELETE_ME"

  tags = {
    CreatedBy   = "terraform"
    Responsible = "recosearch"
    Stage       = local.cluster_name
    CNCA        = local.cluster_name
    repository  = "https://#####"
  }
}

provider "aws" {
  region = "eu-west-1"

  default_tags {
    tags = local.tags
  }
}

terraform {
  required_version = ">= 1.0"
}


module "eks" {
  source          = "terraform-aws-modules/eks/aws"
  version         = "18.11.0"
  cluster_name    = local.cluster_name
  cluster_version = "1.21"
  subnet_ids      = [
    data.aws_subnet.private-a.id, data.aws_subnet.private-b.id, data.aws_subnet.private-c.id
  ]
  vpc_id                          = data.aws_vpc.prod.id
  cluster_endpoint_private_access = true
  cluster_endpoint_public_access  = true
  enable_irsa                     = true

  cluster_addons = {
    coredns = {
      resolve_conflicts = "OVERWRITE"
      addon_version     = "v1.8.4-eksbuild.1"
    }
    kube-proxy = {
      resolve_conflicts = "OVERWRITE"
      addon_version     = "v1.21.2-eksbuild.2"
    }
    vpc-cni = {
      resolve_conflicts        = "OVERWRITE"
      addon_version            = "v1.10.1-eksbuild.1"
      service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
    }
  }


  eks_managed_node_groups = {
    spot0 = {
      name         = "spot0-${local.cluster_name}"
      min_size     = 1
      max_size     = 3
      desired_size = 1

      instance_types = ["m6i.large"]
      capacity_type  = "SPOT"

      iam_role_additional_policies = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]

      tags = merge(local.tags, {
        "k8s.io/cluster-autoscaler/${local.cluster_name}" = "owned"
        "k8s.io/cluster-autoscaler/enabled"               = "TRUE"
      })
    }

    spot1 = {
      name         = "spot1-${local.cluster_name}"
      min_size     = 1
      max_size     = 3
      desired_size = 1

      instance_types = ["m6a.large"]
      capacity_type  = "SPOT"

      iam_role_additional_policies = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]

      tags = merge(local.tags, {
        "k8s.io/cluster-autoscaler/${local.cluster_name}" = "owned"
        "k8s.io/cluster-autoscaler/enabled"               = "TRUE"
      })
    }

  }
}

module "vpc_cni_irsa" {
  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"

  role_name             = "kubernetes-vpc_cni-${local.cluster_name}"
  attach_vpc_cni_policy = true
  vpc_cni_enable_ipv4   = true

  oidc_providers = {
    main = {
      provider_arn               = module.eks.oidc_provider_arn
      namespace_service_accounts = ["kube-system:aws-node"]
    }
  }

}
	data "aws_subnet" "private-a" {
	id = "subnet-#####"
	}

	data "aws_subnet" "private-b" {
	id = "subnet-#####"
	}

	data "aws_subnet" "private-c" {
	id = "subnet-#####"
	}

	data "aws_vpc" "prod" {
	id = "vpc-####"
	}

	locals {
	cluster_name = "DELETE_ME"

	tags = {
	CreatedBy = "terraform"
	Responsible = "recosearch"
	Stage = local.cluster_name
	CNCA = local.cluster_name
	repository = "https://#####"
	}
	}

	provider "aws" {
	region = "eu-west-1"

	default_tags {
	tags = local.tags
	}
	}

	terraform {
	required_version = ">= 1.0"
	}


	module "eks" {
	source = "terraform-aws-modules/eks/aws"
	version = "18.11.0"
	cluster_name = local.cluster_name
	cluster_version = "1.21"
	subnet_ids = [
	data.aws_subnet.private-a.id, data.aws_subnet.private-b.id, data.aws_subnet.private-c.id
	]
	vpc_id = data.aws_vpc.prod.id
	cluster_endpoint_private_access = true
	cluster_endpoint_public_access = true
	enable_irsa = true

	cluster_addons = {
	coredns = {
	resolve_conflicts = "OVERWRITE"
	addon_version = "v1.8.4-eksbuild.1"
	}
	kube-proxy = {
	resolve_conflicts = "OVERWRITE"
	addon_version = "v1.21.2-eksbuild.2"
	}
	vpc-cni = {
	resolve_conflicts = "OVERWRITE"
	addon_version = "v1.10.1-eksbuild.1"
	service_account_role_arn = module.vpc_cni_irsa.iam_role_arn
	}
	}


	eks_managed_node_groups = {
	spot0 = {
	name = "spot0-${local.cluster_name}"
	min_size = 1
	max_size = 3
	desired_size = 1

	instance_types = ["m6i.large"]
	capacity_type = "SPOT"

	iam_role_additional_policies = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]

	tags = merge(local.tags, {
	"k8s.io/cluster-autoscaler/${local.cluster_name}" = "owned"
	"k8s.io/cluster-autoscaler/enabled" = "TRUE"
	})
	}

	spot1 = {
	name = "spot1-${local.cluster_name}"
	min_size = 1
	max_size = 3
	desired_size = 1

	instance_types = ["m6a.large"]
	capacity_type = "SPOT"

	iam_role_additional_policies = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]

	tags = merge(local.tags, {
	"k8s.io/cluster-autoscaler/${local.cluster_name}" = "owned"
	"k8s.io/cluster-autoscaler/enabled" = "TRUE"
	})
	}

	}
	}

	module "vpc_cni_irsa" {
	source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"

	role_name = "kubernetes-vpc_cni-${local.cluster_name}"
	attach_vpc_cni_policy = true
	vpc_cni_enable_ipv4 = true

	oidc_providers = {
	main = {
	provider_arn = module.eks.oidc_provider_arn
	namespace_service_accounts = ["kube-system:aws-node"]
	}
	}

	}