add amazon eks cluster plane with storage,network managed nodegroup modules

Author: ramureddy

.gitignore

@@ -0,0 +1,7 @@
+*.tfvars
+*.tfstate
+*.tfstate.backup
+*.terraform
+*tfplan*
+*tfplan
+

Jenkinsfile

@@ -0,0 +1,130 @@
+import groovy.json.JsonOutput
+env.terraform_version = '0.12.2'
+pipeline {
+
+   parameters {
+    choice(name: 'action', choices: 'create\ndestroy', description: 'Create/update or destroy the eks cluster.')
+    string(name: 'aws_region', defaultValue : 'us-west-2', description: "AWS region.")
+    string(name: 'env', defaultValue: 'dev', description: "lab environment")
+    string(name: 'rolename', defaultValue: 'aws-jenkins', description: "default aws role for jenkins")
+    string(name: 'role-account', defaultValue: '534992115889', description: "default aws role account for jenkins")
+    string(name: 'cluster', defaultValue: 'tl-eks-terraform', description: "eks cluster name")
+    string(name: 'cidrblock', defaultValue : '10.123.0.0/16', description: "First 2 octets of vpc network; eg 10.0")
+    string(name: 'cidr_public', defaultValue: '["10.123.1.0/24","10.123.2.0/24"]', description: "cidr block for public subnets")
+    string(name: 'cidr_private', defaultValue: '["10.123.3.0/24","10.123.4.0/24"]', description: "cidr block for private subnets")
+
+
+  }
+
+  options {
+    disableConcurrentBuilds()
+    timeout(time: 1, unit: 'HOURS')
+  }
+
+  agent { label 'master' }
+
+  stages {
+
+    stage('Setup') {
+      steps {
+        script {
+          currentBuild.displayName = "#" + env.BUILD_NUMBER + " " + params.action + params.cluster
+          //plan = params.cluster + '.plan'
+        }
+      }
+    }
+
+    stage('Install dependencies') {
+      steps {
+        sh "sudo yum install wget zip python-pip -y"
+        sh "cd /tmp"
+        sh "curl -o terraform.zip https://releases.hashicorp.com/terraform/'$terraform_version'/terraform_'$terraform_version'_linux_amd64.zip"
+        sh "unzip terraform.zip"
+        sh "sudo mv terraform /usr/bin"
+        sh "rm -rf terraform.zip"
+        sh "terraform version"
+      }
+    }
+
+    stage('Git checkout') {
+       steps {
+         dir('tl-eks-terraform') {
+           git branch: 'master', credentialsId: '', url: 'https://github.nikecom/CIS/tl-eks-terraform.git'
+         }
+       }
+    }
+
+
+    stage('Terraform dev plan') {
+      when {
+        expression { params.action == 'create' && params.env == 'dev' }
+      }
+      steps {
+       dir('tl-eks-terraform/environments/dev') {
+        script {
+          withAWS([profile:${params.env}, region:${params.aws_region}, role:${params.rolename}, roleAccount:${params.role-account}]) {
+
+            sh "terraform init"
+            sh "terraform plan -out tfplan"
+          }
+        }
+       }
+      }
+    }
+
+
+    stage('Terraform prod plan') {
+      when {
+        expression { params.action == 'create' && params.env == 'prod' }
+      }
+      steps {
+        dir('tl-eks-terraform/environments/prod') {
+          script {
+            withAWS([profile:${params.env}, region:${params.aws_region}, role:${params.rolename}, roleAccount:${params.role-account}]) {
+                sh "terraform init"
+                sh "terraform plan -out tfplan"
+            }
+          }
+        }
+      }
+    }
+
+    stage('TF Apply') {
+      when {
+        expression { params.action == 'create' && params.env == 'dev'}
+      }
+      steps {
+       dir('tl-eks-terraform/environments/dev') {
+        script {
+          input "Create/update Terraform stack eks-${params.cluster} in aws?"
+
+          withAWS([profile:${params.env}, region:${params.aws_region}, role:${params.rolename}, roleAccount:${params.role-account}]) {
+            sh "terraform apply -input=false -auto-approve tfplan"
+
+          }
+        }
+       }
+      }
+    }
+
+    stage('TF Destroy') {
+      when {
+        expression { params.action == 'destroy' }
+      }
+      steps {
+       dir('tl-eks-terraform') {
+        script {
+          input "Destroy Terraform stack eks-${params.cluster} in aws?"
+
+          withAWS([profile:${params.env}, region:${params.aws_region}, role:${params.rolename}, roleAccount:${params.role-account}]) {
+            sh "terraform destroy -auto-approve"
+
+          }
+        }
+       }
+      }
+    }
+
+  }
+
+}

README.md

@@ -0,0 +1,84 @@
+# tl-eks-terraform
+Resources required for deployment of tl accounts on EKS using terraform IAC
+
+**Requirement**
+--------------------------
+terraform v0.12, python-pydot, python-pydot-ng and graphviz for resource graph visualization
+
+AWS provider version auto installed from terrafrom init and set to versoon "~2.0"
+
+
+**Usage**
+-----------------------------------
+
+Use aws configure to load your api access keys to default  credentials file at "~/.aws/credentials"
+
+Create 2 profiles dev and prod and use the same for aws credentials as well.
+
+terraform variables will be defaulted to region=us-west-2 and profile=dev if not specified during the terraform plan
+
+
+terraform validate
+
+terraform init
+
+terraform plan -out=tfplan
+
+terraform apply tfplan
+
+terraform destroy -auto-approve
+
+
+**Resource graph**
+--------------------------------
+Resource graph of the terraform plan. Use graphviz to analyze it
+
+sudo apt install -y python-pydot python-pydot-ng graphviz
+
+terraform graph | dot -Tsvg > images/resource-graph.svg
+
+![](images/resource-graph.svg)
+
+
+**Output**
+-----------------------------------------------------
+
+Apply complete! Resources: 33 added, 0 changed, 0 destroyed.
+
+The state of your infrastructure has been saved to the path
+below. This state is required to modify and destroy your
+infrastructure, so keep it safe. To inspect the complete state
+use the `terraform show` command.
+
+State path: terraform.tfstate
+
+
+tl-dev-terraform-IGW = igw-031d081a7b416705c
+
+tl-dev-terraform-dynamodb_name = tl-eks-dev-terraformstate
+
+tl-dev-terraform-eks-clusterSecuritygroup = tf-tl-eks-cluster
+
+tl-dev-terraform-eks-endpoint = https://B19BF0FE0520390101CA88F1981AE46C.gr7.us-west-2.eks.amazonaws.com
+
+tl-dev-terraform-eks-kubeconfig-cert-authority-data = LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01EVXhPREEyTkRFek1sb1hEVE13TURVeE5qQTJOREV6TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0R2CjlBT1I5V1Byb2NZb29iWjg4c0Q3dUFBOVZ2UkhrOGoxbmIrWFJSMjI5SXZ1eUdVUFE2SmJaN0pxQTRsc0QrMkcKVHJTeDBpTlBQcUxSeDdjYjRKSEtCZ2YrRkhGNUM2cXQzRWV4dGsrTHZScERrTGdHZktlOGVhc0ZEK2pKdXNTQgpuS0lOYlJkUmZJWUx1SnJhU3BLTjlocEpDbDJHR0RqSndiUGRSZkplVEh1TEwvQXZaNWJibW0vVDFLZUR0Z0lkCnRQQWNhN242OVI1NCtVcmJFVFMzTnMxYk5jYWcxc1NuNWFCZW8wY3R3UFRDOE5JUjI0RkdWV09DVFpGWWdoN1EKWVBldmoyWGNNVUxRZnRYWXRKVFppQ1g4dEE1MC85bEVCcFVVYmx4SVY4VVhjZTRtWUdISklSbHorUCtUZFpySgp2NU0zcXZldWUvQmZTRk1qcHJNQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHbEZFeXBFVXVjVkIyV0ludTNCUHdGT2VQbUQKTXFDQ2N2ZkMvSnB0MlhFWmJrcTlGYVRSS1dEOUpwOURjVWcrUVEwK0NrTUxzbDg0eHpQTi82dUN1UlY3SGMwZwo4QUJ2bWxsYUtvcklKV1Mwemg5cDFCazJqa09Sb284eTRBTjRsYjJKMkVid1lpS3pyb2VqalhDNlFJeDlWL1FuCnlPOVlUdWJ6b1VvWFZIMGVqMnBzcWN4dmdabHlmVFlndlJmMEttbC9YZ3dKQ3BYZ2R3aGUxMllBcVhKT0JLYVQKdURFNUoyeFFTcGIzV1EvK2xEQkZqQXc5bkJpclNBU25kUWxQWXhhQzc5NncyTHg5bVUrdE4zY2VLWTFoWWxJUwpqcVBEYk05TGtKdndTYWxzeWE1VUxnd3FXbVpqSTQzekJ6VjVRZXRPalZRVW1qUTh1SVhIR0hjZHF6Yz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+
+tl-dev-terraform-eks-workernodesecuritygroup = tf-tl-eks-nodegroup
+
+tl-dev-terraform-natGW = 52.34.227.104
+
+tl-dev-terraform-privatesubnets = [
+  "subnet-0d0ee7cf55ed1253d",
+  "subnet-0e5f335c6d4a3b851",
+]
+
+tl-dev-terraform-publicsubnets = [
+  "subnet-0dc6ef0e3d1a6d783",
+  "subnet-0888f3492d5c91bef",
+]
+
+tl-dev-terraform-vpc = vpc-05ad72d1d7c3608ab
+
+tl-dev-terraformbucket_name = arn:aws:s3:::tl-eks-dev-terraformstate
+
+

environments/dev/main.tf

@@ -0,0 +1,62 @@
+##################################################################
+#-------Author: Ramu Reddy --------------------------------
+#-------Terraform main config file for provider, backend and eks---
+####################################################################
+
+provider "aws" {
+  region                  = var.aws_region
+  shared_credentials_file = "~/.aws/credentials"
+  /*assume_role {
+    role_arn              = "arn:aws:iam::var.role-account:role/var.rolename"
+  }*/
+  profile                 = var.env
+  version                 = "~> 2.0"
+}
+
+
+terraform {
+  backend "s3" {
+      shared_credentials_file = "~/.aws/credentials"
+      profile                 = "dev"
+      //role_arn                = "arn:aws:iam::var.role-account:role/var.rolename"
+      bucket                  = "tl-eks-dev-terraformstate"
+      key                     = "dev/backup-state/terraform.tfstate"
+      region                  = "us-west-2"
+      dynamodb_table          = "tl-eks-dev-terraformstate"
+      encrypt                 = true
+  }
+}
+
+
+
+module "storage" {
+  source = "../../modules/storage"
+}
+
+
+module "networking" {
+  source       = "../../modules/networking"
+  cidrblock    = var.cidrblock
+  cidr_public  = var.cidr_public
+  cidr_private = var.cidr_private
+  cluster-name = var.eks-clustername
+}
+
+
+module "securitygroups" {
+  source  = "../../modules/securitygroups"
+  vpc_id  = module.networking.vpc-id
+}
+
+
+module "eks" {
+  source                      = "../../modules/eks"
+  cluster-name                = var.eks-clustername
+  pub-subnet-ids              = module.networking.public_subnet
+  private-subnet-ids          = module.networking.private_subnet
+  tf-tl-eks-cluster-sg        = module.securitygroups.tf-tl-eks-clustersecuritygroup-id
+  kubernetes-version          = var.eks-kubernetes-version
+  nodegroupname               = var.node-group-name
+  instance-type               = var.instancetype
+  ami-type                    = var.amitype
+}

environments/dev/outputs.tf

@@ -0,0 +1,54 @@
+###############################################################
+#------------------Author: Ramu Reddy -----------------
+#------------------output terraform resources-----------------
+################################################################
+
+output "tl-dev-terraformbucket_name" {
+  value       = module.storage.tl-dev-terraformbucket
+  description = "The tl eks terraform state bucket"
+}
+
+output "tl-dev-terraform-dynamodb_name" {
+  value       = module.storage.tl-dev-terraform-dynamodb
+  description = "The tl eks terraform dynamodb table for locking state"
+}
+
+output "tl-dev-terraform-vpc" {
+  value       = module.networking.vpc-id
+  description = "The tl eks terraform vpc ID"
+}
+
+output "tl-dev-terraform-publicsubnets" {
+  value       = module.networking.public_subnet
+  description = "tl dev eks public subnets"
+}
+
+output "tl-dev-terraform-privatesubnets" {
+  value       = module.networking.private_subnet
+  description = "tl dev eks private subnets"
+}
+
+output "tl-dev-terraform-IGW" {
+  value       = module.networking.igw-id
+  description = "tl eks terraform Internet gateway"
+}
+
+output "tl-dev-terraform-natGW" {
+  value       = module.networking.nat-gw
+  description = "tl eks terraform nat gateway"
+}
+
+output "tl-dev-terraform-eks-clusterSecuritygroup" {
+  value = module.securitygroups.tf-tl-eks-clustersecuritygroup
+}
+
+output "tl-dev-terraform-eks-workernodesecuritygroup" {
+  value = module.securitygroups.tf-tl-eks-workernodesecuritygroup
+}
+
+output "tl-dev-terraform-eks-endpoint" {
+  value = module.eks.tf-tl-eks-endpoint
+}
+output "tl-dev-terraform-eks-kubeconfig-cert-authority-data" {
+  value = module.eks.tf-tl-eks-kubeconfig-certificate-authority-data
+}