################################################## EKS######################

1. #################################################
2. # EKS
3. #################################################
4.  
5. module "eks" {
6. source = "StayWell/eks/aws"
7. version = "0.1.2"
8. env = "${var.env}"
9. tags = "${local.tags}"
10. vpc_id = "${data.aws_vpc.core.id}"
11. private_subnet_ids = ["${data.aws_subnet_ids.private.ids}"]
12. public_subnet_ids = ["${data.aws_subnet_ids.public.ids}"]
13. kubernetes_version = "${var.kubernetes_version}"
14. linux_disk_size = "${var.linux_disk_size}"
15. linux_node_count = "${var.linux_node_count}"
16. linux_target_group_arns = ["${module.target.target_group_arn}", "${aws_lb_target_group.jnlp.arn}"]
17. linux_ami_name = "amazon-eks-node-1.11-v20190109"
18. }
19.  
20. output "worker_config_map" {
21. value = "${module.eks.worker_config_map}"
22. }
23.  
24. output "kubeconfig" {
25. value = "${module.eks.kubeconfig}"
26. }
27.  
28. #################################################
29. # Jenkins
30. #################################################
31.  
32. module "jenkins" {
33. source = "StayWell/jenkins/kubernetes"
34. version = "0.2.0"
35. identifier = "${var.host}"
36. jenkins_volume_id = "${module.ebs.volume_id}"
37. volume_availability_zone = "${data.aws_availability_zones.this.names[1]}"
38. jenkins_volume_size = "${var.jenkins_volume_size}"
39. web_node_port = "${var.web_node_port}"
40. jnlp_node_port = "${var.jnlp_node_port}"
41. jenkins_version = "${var.jenkins_version}"
42. }
43.  
44. #################################################
45. # Jenkins Data
46. #################################################
47.  
48. data "aws_availability_zones" "this" {}
49.  
50. module "ebs" {
51. source = "StayWell/resilient-ebs/aws"
52. version = "0.1.0"
53. env = "${var.env}"
54. availability_zone = "${data.aws_availability_zones.this.names[1]}"
55. size = "${var.jenkins_volume_size}"
56. tags = "${local.tags}"
57. }
58.  
59. #################################################
60. # Load Balancer
61. #################################################
62.  
63. data "aws_acm_certificate" "this" {
64. domain = "*.${var.domain}"
65. statuses = ["ISSUED"]
66. most_recent = true
67. }
68.  
69. module "alb" {
70. source = "StayWell/alb/aws"
71. version = "0.1.0"
72. env = "${var.env}"
73. tags = "${local.tags}"
74. vpc_id = "${data.aws_vpc.core.id}"
75. subnet_ids = ["${data.aws_subnet_ids.public.ids}"]
76. certificate_arn = "${data.aws_acm_certificate.this.arn}"
77. }
78.  
79. #################################################
80. # Web Target
81. #################################################
82.  
83. data "aws_route53_zone" "this" {
84. name = "${var.domain}."
85. }
86.  
87. module "target" {
88. source = "StayWell/alb-target/aws"
89. version = "0.1.1"
90. env = "${var.env}"
91. tags = "${local.tags}"
92. vpc_id = "${data.aws_vpc.core.id}"
93. listener_arn = "${module.alb.listener_arn}"
94. lb_dns_name = "${module.alb.lb_dns_name}"
95. lb_zone_id = "${module.alb.lb_zone_id}"
96. host = "${var.host}"
97. domain = "${var.domain}"
98. route53_zone_id = "${data.aws_route53_zone.this.zone_id}"
99. port = "${var.web_node_port}"
100. health_check_path = "${var.web_health_check_path}"
101. }
102.  
103. resource "aws_security_group_rule" "worker_ingress_alb_web" {
104. description = "ALB"
105. type = "ingress"
106. from_port = "${var.web_node_port}"
107. to_port = "${var.web_node_port}"
108. protocol = "tcp"
109. security_group_id = "${module.eks.worker_sg_id}"
110. source_security_group_id = "${module.alb.sg_id}"
111. }
112.  
113. resource "aws_security_group_rule" "alb_egress_worker_web" {
114. description = "EKS workers"
115. type = "egress"
116. from_port = "${var.web_node_port}"
117. to_port = "${var.web_node_port}"
118. protocol = "tcp"
119. security_group_id = "${module.alb.sg_id}"
120. source_security_group_id = "${module.eks.worker_sg_id}"
121. }
122.  
123. #################################################
124. # JNLP Target
125. #################################################
126.  
127. resource "aws_lb_listener" "jnlp" {
128. load_balancer_arn = "${module.alb.lb_arn}"
129. port = "${var.jnlp_port}"
130. protocol = "HTTP"
131.  
132. default_action {
133. type = "forward"
134. target_group_arn = "${aws_lb_target_group.jnlp.arn}"
135. }
136. }
137.  
138. resource "aws_security_group_rule" "jnlp" {
139. description = "internet"
140. type = "ingress"
141. from_port = "${var.jnlp_port}"
142. to_port = "${var.jnlp_port}"
143. protocol = "tcp"
144. security_group_id = "${module.alb.sg_id}"
145. cidr_blocks = ["0.0.0.0/0"]
146. }
147.  
148. resource "aws_lb_target_group" "jnlp" {
149. port = "${var.jnlp_node_port}"
150. protocol = "HTTP"
151. vpc_id = "${data.aws_vpc.core.id}"
152. target_type = "instance"
153. tags = "${merge(map("Name", "${var.env}-jnlp"), local.tags)}"
154.  
155. health_check {
156. path = "/"
157. }
158. }
159.  
160. resource "aws_security_group_rule" "worker_ingress_alb_jnlp" {
161. description = "ALB"
162. type = "ingress"
163. from_port = "${var.jnlp_port}"
164. to_port = "${var.jnlp_port}"
165. protocol = "tcp"
166. security_group_id = "${module.eks.worker_sg_id}"
167. source_security_group_id = "${module.alb.sg_id}"
168. }
169.  
170. resource "aws_security_group_rule" "alb_egress_worker_jnlp" {
171. description = "EKS workers"
172. type = "egress"
173. from_port = "${var.jnlp_port}"
174. to_port = "${var.jnlp_port}"
175. protocol = "tcp"
176. security_group_id = "${module.alb.sg_id}"
177. source_security_group_id = "${module.eks.worker_sg_id}"
178. }