Example: Using multiple Terraform modules to deploy an EKS cluster to an AWS network
xxxxxxxxxx
#####
# All required local variables for AWS recipe
locals {
# AWS profile name to deploy infrastructure
tf_var_aws_profile = "testprofile"
# AWS region to deploy infrastructure
# https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
tf_var_region = "us-west-2"
# AWS availability zones to be used within the region
# https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html
tf_var_availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
# Given name to be used across the Terraform file for creating required resources
tf_var_name = "testpoc"
# CIDR range to be used for allocating node pool within VPC
tf_var_vpc_primary_cidr = "10.146.0.0/16"
# VPC subnet CIDRs to be used for internal VPC purposes for each availability zone
tf_var_private_subnet_cidrs = [cidrsubnet(local.tf_var_vpc_primary_cidr, 4, 0), cidrsubnet(local.tf_var_vpc_primary_cidr, 4, 1), cidrsubnet(local.tf_var_vpc_primary_cidr, 4, 2)]
# VPC subnet CIDRs accisible externally for each availability zone
tf_var_public_subnet_cidrs = [cidrsubnet(local.tf_var_vpc_primary_cidr, 4, 3), cidrsubnet(local.tf_var_vpc_primary_cidr, 4, 4), cidrsubnet(local.tf_var_vpc_primary_cidr, 4, 5)]
# VPC subnet CIDRs to associate with route tables containing pod network traffic for each availability zone
tf_var_pod_subnet_cidrs = ["100.64.0.0/16", "100.65.0.0/16", "100.66.0.0/16"]
# Domain name which is accibles via route 53 to create subdomains under for Thought Machine Vault services access
tf_var_domain_name = "domainname.com"
# Subnets granted access to Kafka
tf_var_subnets_kafka_access = ["10.0.0.0/8"]
# Minimum number of nodes
tf_var_default_nodepool_min_size = "10"
# Minimum number of nodes
tf_var_default_nodepool_max_size = "20"
# The public SSH key to be added to bastion host
tf_var_bastion_ssh_pub_key = "ssh-rsa thesshkeyhash x@y.z"
# List of CIDRs to allow access to bastion host
tf_var_bastion_cidr_blocks = ["x.x.x.x/x"]
# PostgreSQL version to be used in RDS
tf_var_postgres_version = "11.12"
# AWS RDS Database family name
tf_var_db_family = "postgres11"
# RDS backup retention period (in days)
tf_var_backup_retention_period = "7"
# Allocated storage in GiB
tf_var_allocated_storage = "20"
# Upper limit of storage when scaled in GiB
tf_var_max_allocated_storage = "50"
# Time frame in UTC to perform backups (hh:mm-hh:mm)
tf_var_backup_window = "04:46-05:16"
# Time frame to perform maintenance (ddd:hh:mm-ddd:hh:mm)
tf_var_maintenance_window = "Sat:00:00-Sat:03:00"
# Database parameters to be added to parameter group
tf_var_parameter = [
{
"name" = "log_statement"
"value" = "ddl"
apply_method = "pending-reboot"
},
{
"name" = "log_min_duration_statement"
"value" = "4000"
apply_method = "pending-reboot"
},
{
name = "rds.logical_replication"
value = "1"
apply_method = "pending-reboot"
},
{
name = "max_wal_senders"
value = "15"
apply_method = "pending-reboot"
},
{
name = "max_replication_slots"
value = "15"
apply_method = "pending-reboot"
},
{
name = "rds.force_ssl"
value = "1"
apply_method = "pending-reboot"
},
{
name = "timezone"
value = "UTC"
apply_method = "pending-reboot"
},
]
# EKS version
tf_var_k8s_version = "1.19"
# Node AMI name available in the region
tf_var_node_ami_name = "amazon-eks-node-1.19-v20211008"
# Bastion AMI name (should be Ubuntu variant)
tf_var_bastion_ami_name = "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20210323"
# List of CIDRs that allow access to the EKS control plane
tf_var_control_plane_access_cidrs = ["x.x.x.x/x"]
}