Mirrors/inspec
2
0
Fork 0
mirror of https://github.com/inspec/inspec synced 2024-12-03 18:09:32 +00:00
Code Issues Projects Releases Packages Wiki Activity
inspec/test/integration/aws/default/build/eks.tf

174 lines
4.7 KiB
Terraform
Raw Normal View History

Add aws_eks_cluster resource (#3582) * add aws_eks_cluster Signed-off-by: Timothy van Zadelhoff timothy.inspec@theothersolution.nl * disable ABC check on fetch_from_api Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl> * add status predicates * Change docs for status attribute Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl> * Add integration tests Signed-off-by: Timothy van Zadelhoff <timothy.inspec@theothersolution.nl> * Adjust EKS build code to almost work Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * EKS only uses private subnets - integration tests pass Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Correct AWS Exception class for resource search miss in unit test Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com> * Update unit test to reflect AWS resource-standard miss behavior, returning nil for most properties Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
2018-11-27 21:54:47 +00:00
# Contains resources and outputs related to testing the aws_eks_cluster resources.
#======================================================#
# EKS variables
#======================================================#
variable "eks_map_accounts" {
description = "Additional AWS account numbers to add to the aws-auth configmap."
type = "list"
default = [
"777777777777",
"888888888888",
]
}
variable "eks_map_roles" {
description = "Additional IAM roles to add to the aws-auth configmap."
type = "list"
default = [
{
role_arn = "arn:aws:iam::66666666666:role/role1"
username = "role1"
group = "system:masters"
},
]
}
variable "eks_map_users" {
description = "Additional IAM users to add to the aws-auth configmap."
type = "list"
default = [
{
user_arn = "arn:aws:iam::66666666666:user/user1"
username = "user1"
group = "system:masters"
},
{
user_arn = "arn:aws:iam::66666666666:user/user2"
username = "user2"
group = "system:masters"
},
]
}
#======================================================#
# EKS Cluster
#======================================================#
locals {
cluster_name = "test-eks-inspec-${terraform.env}"
worker_groups = [
{
instance_type = "t2.small"
additional_userdata = "echo foo bar"
subnets = "${join(",", module.eks_vpc.private_subnets)}"
additional_security_group_ids = "${aws_security_group.eks_worker_group_mgmt_one.id},${aws_security_group.eks_worker_group_mgmt_two.id}"
},
]
tags = {
Environment = "test-eks-${terraform.env}"
}
}
resource "aws_security_group" "eks_worker_group_mgmt_one" {
name_prefix = "eks_worker_group_mgmt_one-${terraform.env}"
description = "SG to be applied to all *nix machines"
vpc_id = "${module.eks_vpc.vpc_id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [
"10.0.0.0/8",
]
}
}
resource "aws_security_group" "eks_worker_group_mgmt_two" {
name_prefix = "eks_worker_group_mgmt_two-${terraform.env}"
vpc_id = "${module.eks_vpc.vpc_id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [
"192.168.0.0/16",
]
}
}
resource "aws_security_group" "eks_all_worker_mgmt" {
name_prefix = "eks_all_worker_management-${terraform.env}"
vpc_id = "${module.eks_vpc.vpc_id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16",
]
}
}
module "eks_vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "1.14.0"
name = "eks-test-vpc"
cidr = "10.0.0.0/16"
azs = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}", "${data.aws_availability_zones.available.names[2]}"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = []
enable_nat_gateway = false
tags = "${merge(local.tags, map("kubernetes.io/cluster/${local.cluster_name}", "shared"))}"
}
output "eks_vpc_id" {
value = "${module.eks_vpc.vpc_id}"
}
output "eks_vpc_subnets" {
value = "${module.eks_vpc.private_subnets}"
}
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "1.6.0"
cluster_name = "${local.cluster_name}"
subnets = ["${module.eks_vpc.private_subnets}"]
tags = "${local.tags}"
vpc_id = "${module.eks_vpc.vpc_id}"
worker_groups = "${local.worker_groups}"
worker_group_count = "1"
worker_additional_security_group_ids = ["${aws_security_group.eks_all_worker_mgmt.id}"]
map_roles = "${var.eks_map_roles}"
map_users = "${var.eks_map_users}"
map_accounts = "${var.eks_map_accounts}"
manage_aws_auth = false
}
output "eks_cluster_id" {
value = "${module.eks.cluster_id}"
}
output "eks_cluster_name" {
value = "${module.eks.cluster_id}"
}
output "eks_cluster_security_group_id" {
value = "${module.eks.cluster_security_group_id}"
}
output "eks_worker_security_group_id" {
value = "${module.eks.worker_security_group_id}"
}
output "eks_cluster_endpoint" {
value = "${module.eks.cluster_endpoint}"
}
output "eks_cluster_certificate" {
value = "${module.eks.cluster_certificate_authority_data}"
}
Reference in a new issue Copy permalink