Skip to content

Commit

Permalink
Merge pull request #16 from ShibraAmin/main
Browse files Browse the repository at this point in the history
Added support for fargate profile
  • Loading branch information
RohitSquareops authored Dec 13, 2023
2 parents 675e8a6 + e243a0c commit 1792bb3
Show file tree
Hide file tree
Showing 9 changed files with 205 additions and 0 deletions.
13 changes: 13 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,19 @@ module "managed_node_group_production" {
}
}
module "farget_profle" {
source = "squareops/eks/aws//modules/fargate-profile"
depends_on = [module.vpc, module.eks]
profile_name = "app"
subnet_ids = [module.vpc.private_subnets[0]]
environment = "prod"
cluster_name = module.eks.cluster_name
namespace = ""
labels = {
"App-Services" = "fargate"
}
}
```
Refer [examples](https://github.com/squareops/terraform-aws-eks/tree/main/examples/complete) for more details.

Expand Down
1 change: 1 addition & 0 deletions examples/complete-ipv6/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ This directory contains a complete example that demonstrates the usage of the Te
| <a name="module_vpc"></a> [vpc](#module\_vpc) | squareops/vpc/aws | n/a |
| <a name="module_eks"></a> [eks](#module\_eks) | squareops/eks/aws | n/a |
| <a name="module_managed_node_group_production"></a> [managed\_node\_group\_production](#module\_managed\_node\_group\_production) | squareops/eks/aws//modules/managed-nodegroup | n/a |
| <a name="module_farget_profle"></a> [farget\_profle](#module\_farget\_profle) | squareops/eks/aws//modules/fargate-profile | n/a |

## Resources

Expand Down
13 changes: 13 additions & 0 deletions examples/complete-ipv6/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -175,3 +175,16 @@ module "managed_node_group_production" {
tags = local.additional_aws_tags
ipv6_enabled = local.ipv6_enabled
}

module "farget_profle" {
source = "squareops/eks/aws//modules/fargate-profile"
depends_on = [module.vpc, module.eks]
profile_name = "app"
subnet_ids = [module.vpc.private_subnets[0]]
environment = local.environment
cluster_name = module.eks.cluster_name
namespace = ""
labels = {
"App-Services" = "fargate"
}
}
1 change: 1 addition & 0 deletions examples/complete/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ This directory contains a complete example that demonstrates the usage of the Te
| <a name="module_vpc"></a> [vpc](#module\_vpc) | squareops/vpc/aws | n/a |
| <a name="module_eks"></a> [eks](#module\_eks) | squareops/eks/aws | n/a |
| <a name="module_managed_node_group_production"></a> [managed\_node\_group\_production](#module\_managed\_node\_group\_production) | squareops/eks/aws//modules/managed-nodegroup | n/a |
| <a name="module_farget_profle"></a> [farget\_profle](#module\_farget\_profle) | squareops/eks/aws//modules/fargate-profile | n/a |

## Resources

Expand Down
13 changes: 13 additions & 0 deletions examples/complete/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -167,3 +167,16 @@ module "managed_node_group_production" {
}
tags = local.additional_aws_tags
}

module "farget_profle" {
source = "squareops/eks/aws//modules/fargate-profile"
depends_on = [module.vpc, module.eks]
profile_name = "app"
subnet_ids = [module.vpc.private_subnets[0]]
environment = local.environment
cluster_name = module.eks.cluster_name
namespace = ""
labels = {
"App-Services" = "fargate"
}
}
49 changes: 49 additions & 0 deletions modules/fargate-profile/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# fargate-profile

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements

No requirements.

## Providers

| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |

## Modules

No modules.

## Resources

| Name | Type |
|------|------|
| [aws_eks_fargate_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_fargate_profile) | resource |
| [aws_iam_role.eks_fargate_pod](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.eks_fargate_pod](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_policy_document.eks_fargate_pod_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_environment"></a> [environment](#input\_environment) | The environment name | `string` | n/a | yes |
| <a name="input_profile_name"></a> [profile\_name](#input\_profile\_name) | The profile name | `string` | n/a | yes |
| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster. | `string` | `""` | no |
| <a name="input_iam_path"></a> [iam\_path](#input\_iam\_path) | IAM roles will be created on this path. | `string` | `"/"` | no |
| <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | If provided, all IAM roles will be created with this permissions boundary attached. | `string` | `null` | no |
| <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | A list of subnets for the EKS Fargate profile. | `list(string)` | `[]` | no |
| <a name="input_namespace"></a> [namespace](#input\_namespace) | The Kubernetes namespace for the Fargate profile | `string` | n/a | yes |
| <a name="input_labels"></a> [labels](#input\_labels) | The Kubernetes labels for the Fargate profile | `map(string)` | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| <a name="output_fargate_profile_ids"></a> [fargate\_profile\_ids](#output\_fargate\_profile\_ids) | EKS Cluster name and EKS Fargate Profile names separated by a colon (:). |
| <a name="output_fargate_profile_arns"></a> [fargate\_profile\_arns](#output\_fargate\_profile\_arns) | Amazon Resource Name (ARN) of the EKS Fargate Profile. |
| <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | IAM role name for EKS Fargate pods |
| <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | IAM role ARN for EKS Fargate pods |
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
45 changes: 45 additions & 0 deletions modules/fargate-profile/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
data "aws_partition" "current" {}

data "aws_iam_policy_document" "eks_fargate_pod_assume_role" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]

principals {
type = "Service"
identifiers = ["eks-fargate-pods.amazonaws.com"]
}
}
}

resource "aws_iam_role" "eks_fargate_pod" {
name_prefix = format("%s-%s-%s", var.environment, var.profile_name, "fargate")
assume_role_policy = data.aws_iam_policy_document.eks_fargate_pod_assume_role.json
permissions_boundary = var.permissions_boundary
tags = {
Name = format("%s-%s-%s", var.environment, var.profile_name, "fargate")
Environment = var.environment
}
path = var.iam_path
}

resource "aws_iam_role_policy_attachment" "eks_fargate_pod" {
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"
role = aws_iam_role.eks_fargate_pod.name
}

resource "aws_eks_fargate_profile" "this" {
cluster_name = var.cluster_name
fargate_profile_name = format("%s-%s-%s", var.environment, var.profile_name, "fargate")
pod_execution_role_arn = aws_iam_role.eks_fargate_pod.arn
subnet_ids = var.subnet_ids
selector {
namespace = var.namespace
labels = var.labels
}

tags = {
Name = format("%s-%s-%s", var.environment, var.profile_name, "fargate")
Environment = var.environment
}
}
27 changes: 27 additions & 0 deletions modules/fargate-profile/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
output "fargate_profile_ids" {
description = "EKS Cluster name and EKS Fargate Profile names separated by a colon (:)."
value = aws_eks_fargate_profile.this.id
}

output "fargate_profile_arns" {
description = "Amazon Resource Name (ARN) of the EKS Fargate Profile."
value = aws_eks_fargate_profile.this.arn
}

output "iam_role_name" {
description = "IAM role name for EKS Fargate pods"
value = aws_iam_role.eks_fargate_pod.name
}

output "iam_role_arn" {
description = "IAM role ARN for EKS Fargate pods"
value = aws_iam_role.eks_fargate_pod.arn
}

# output "aws_auth_roles" {
# description = "Roles for use in aws-auth ConfigMap"
# value = [
# worker_role_arn = aws_iam_role.eks_fargate_pod.arn,
# platform = "fargate"
# ]
# }
43 changes: 43 additions & 0 deletions modules/fargate-profile/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
variable "environment" {
description = "The environment name"
type = string
}

variable "profile_name" {
description = "The profile name"
type = string
}

variable "cluster_name" {
description = "Name of the EKS cluster."
type = string
default = ""
}

variable "iam_path" {
description = "IAM roles will be created on this path."
type = string
default = "/"
}

variable "permissions_boundary" {
description = "If provided, all IAM roles will be created with this permissions boundary attached."
type = string
default = null
}

variable "subnet_ids" {
description = "A list of subnets for the EKS Fargate profile."
type = list(string)
default = []
}

variable "namespace" {
description = "The Kubernetes namespace for the Fargate profile"
type = string
}

variable "labels" {
description = "The Kubernetes labels for the Fargate profile"
type = map(string)
}

0 comments on commit 1792bb3

Please sign in to comment.