Better examples, PR template changes, general tidy up (#375)

* adding 3 examples

* removing old example

* updating PR template

* fix this typo

* update after renaming default example

* add missing launch_template_mixed stuff to aws_auth

* fix 2 examples with public subnets

* update changelog for new minor release

.github/PULL_REQUEST_TEMPLATE.md

@@ -6,8 +6,7 @@ Please explain the changes you made here and link to any relevant issues.
 
 ### Checklist
 
-- [ ] `terraform fmt` and `terraform validate` both work from the root and `examples/eks_test_fixture` directories (look in CI for an example)
-- [ ] Tests for the changes have been added and passing (for bug fixes/features)
-- [ ] Test results are pasted in this PR (in lieu of CI)
-- [ ] I've added my change to CHANGELOG.md
-- [ ] Any breaking changes are highlighted above
+- [ ] `terraform fmt` and `terraform validate` both work from the root and `examples/*` directories
+- [ ] CI tests are passing
+- [ ] I've added my change to CHANGELOG.md and highlighted any breaking changes
+- [ ] README.md has been updated after any changes to variables and outputs. See https://github.com/terraform-aws-modules/terraform-aws-eks/#doc-generation

.kitchen.yml

@@ -1,7 +1,7 @@
 ---
 driver:
  name: "terraform"
- root_module_directory: "examples/eks_test_fixture"
+ root_module_directory: "examples/basic"
 
 provisioner:
  name: "terraform"

.travis.yml

@@ -34,19 +34,15 @@ script:
 - terraform init
 - terraform fmt -check=true
 - terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]" -var "cluster_name=test_cluster"
-# - docker run --rm -v $(pwd):/app/ --workdir=/app/ -t wata727/tflint --error-with-issues
-- cd examples/eks_test_fixture
-- terraform init
-- terraform fmt -check=true
-- terraform validate
-- cd -
+- |
+ for example in $(find examples -maxdepth 1 -mindepth 1 -type d); do
+ cd $example
+ terraform init
+ terraform fmt -check=true
+ terraform validate
+ cd -
+ done
 - terraform -v
-# - bundle exec kitchen test --destroy always
-# deploy:
-# provider: script
-# script: ci/deploy.sh
-# on:
-# branch: master
 
 notifications:
  email:

CHANGELOG.md

@@ -19,6 +19,15 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 # History
 
+## [[v4.0.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.0...v4.0.1)] - 2019-05-07]
+
+### Changed
+
+- Added 2 new examples, also tidy up basic example (by @max-rocket-internet)
+- Updates to travis, PR template (by @max-rocket-internet)
+- Fix typo in data.tf (by @max-rocket-internet)
+- Add missing launch template items in `aws_auth.tf` (by @max-rocket-internet)
+
 ## [[v4.0.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.0...v4.0.1)] - 2019-05-07]
 
 ### Changed

README.md

@@ -19,7 +19,7 @@ Read the [AWS docs on EKS to get connected to the k8s dashboard](https://docs.aw
 
 ## Usage example
 
-A full example leveraging other community modules is contained in the [examples/eks_test_fixture directory](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks_test_fixture). Here's the gist of using it via the Terraform registry:
+A full example leveraging other community modules is contained in the [examples/basic directory](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/basic). Here's the gist of using it via the Terraform registry:
 
 ```hcl
 module "my-cluster" {
@@ -89,11 +89,6 @@ Report issues/questions/feature requests on in the [issues](https://github.com/t
 
 Full contributing [guidelines are covered here](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/CONTRIBUTING.md).
 
-## IAM Permissions
-
-Testing and using this repo requires a minimum set of IAM permissions. Test permissions
-are listed in the [eks_test_fixture README](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks_test_fixture/README.md).
-
 ## Change log
 
 The [changelog](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/CHANGELOG.md) captures all important release notes.
@@ -133,11 +128,11 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | manage\_aws\_auth | Whether to apply the aws-auth configmap file. | string | `"true"` | no |
 | manage\_cluster\_iam\_resources | Whether to let the module manage cluster IAM resources. If set to false, cluster_iam_role_name must be specified. | string | `"true"` | no |
 | manage\_worker\_iam\_resources | Whether to let the module manage worker IAM resources. If set to false, iam_instance_profile_name must be specified for workers. | string | `"true"` | no |
-| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no |
+| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no |
 | map\_accounts\_count | The count of accounts in the map_accounts list. | string | `"0"` | no |
-| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no |
+| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no |
 | map\_roles\_count | The count of roles in the map_roles list. | string | `"0"` | no |
-| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no |
+| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no |
 | map\_users\_count | The count of roles in the map_users list. | string | `"0"` | no |
 | permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | string | `""` | no |
 | subnets | A list of subnets to place the EKS cluster and workers within. | list | n/a | yes |

aws_auth.tf

@@ -33,6 +33,15 @@ EOS
 
 data "aws_caller_identity" "current" {}
 
+data "template_file" "launch_template_mixed_worker_role_arns" {
+ count = "${var.worker_group_launch_template_mixed_count}"
+ template = "${file("${path.module}/templates/worker-role.tpl")}"
+
+ vars {
+ worker_role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${element(coalescelist(aws_iam_instance_profile.workers_launch_template_mixed.*.role, data.aws_iam_instance_profile.custom_worker_group_launch_template_mixed_iam_instance_profile.*.role_name), count.index)}"
+ }
+}
+
 data "template_file" "launch_template_worker_role_arns" {
  count = "${var.worker_group_launch_template_count}"
  template = "${file("${path.module}/templates/worker-role.tpl")}"
@@ -55,7 +64,7 @@ data "template_file" "config_map_aws_auth" {
  template = "${file("${path.module}/templates/config-map-aws-auth.yaml.tpl")}"
 
  vars {
- worker_role_arn = "${join("", distinct(concat(data.template_file.launch_template_worker_role_arns.*.rendered, data.template_file.worker_role_arns.*.rendered)))}"
+ worker_role_arn = "${join("", distinct(concat(data.template_file.launch_template_worker_role_arns.*.rendered, data.template_file.worker_role_arns.*.rendered, data.template_file.launch_template_mixed_worker_role_arns.*.rendered)))}"
  map_users = "${join("", data.template_file.map_users.*.rendered)}"
  map_roles = "${join("", data.template_file.map_roles.*.rendered)}"
  map_accounts = "${join("", data.template_file.map_accounts.*.rendered)}"

data.tf

@@ -109,10 +109,10 @@ data "template_file" "workers_launch_template_mixed" {
  cluster_name = "${aws_eks_cluster.this.name}"
  endpoint = "${aws_eks_cluster.this.endpoint}"
  cluster_auth_base64 = "${aws_eks_cluster.this.certificate_authority.0.data}"
- pre_userdata = "${lookup(var.worker_groups_launch_template[count.index], "pre_userdata", local.workers_group_defaults["pre_userdata"])}"
- additional_userdata = "${lookup(var.worker_groups_launch_template[count.index], "additional_userdata", local.workers_group_defaults["additional_userdata"])}"
- bootstrap_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "bootstrap_extra_args", local.workers_group_defaults["bootstrap_extra_args"])}"
- kubelet_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "kubelet_extra_args", local.workers_group_defaults["kubelet_extra_args"])}"
+ pre_userdata = "${lookup(var.worker_groups_launch_template_mixed[count.index], "pre_userdata", local.workers_group_defaults["pre_userdata"])}"
+ additional_userdata = "${lookup(var.worker_groups_launch_template_mixed[count.index], "additional_userdata", local.workers_group_defaults["additional_userdata"])}"
+ bootstrap_extra_args = "${lookup(var.worker_groups_launch_template_mixed[count.index], "bootstrap_extra_args", local.workers_group_defaults["bootstrap_extra_args"])}"
+ kubelet_extra_args = "${lookup(var.worker_groups_launch_template_mixed[count.index], "kubelet_extra_args", local.workers_group_defaults["kubelet_extra_args"])}"
  }
 }
 

examples/README.md

@@ -0,0 +1,7 @@
+# Examples
+
+These serve a few purposes:
+
+1. Shows developers how to use the module in a straightforward way as integrated with other terraform community supported modules.
+2. Serves as the test infrastructure for CI on the project.
+3. Provides a simple way to play with the Kubernetes cluster you create.

examples/eks_test_fixture/main.tf → examples/basic/main.tf

@@ -15,71 +15,6 @@ data "aws_availability_zones" "available" {}
 
 locals {
  cluster_name = "test-eks-${random_string.suffix.result}"
-
- # the commented out worker group list below shows an example of how to define
- # multiple worker groups of differing configurations
- # worker_groups = [
- # {
- # asg_desired_capacity = 2
- # asg_max_size = 10
- # asg_min_size = 2
- # instance_type = "m4.xlarge"
- # name = "worker_group_a"
- # additional_userdata = "echo foo bar"
- # subnets = "${join(",", module.vpc.private_subnets)}"
- # },
- # {
- # asg_desired_capacity = 1
- # asg_max_size = 5
- # asg_min_size = 1
- # instance_type = "m4.2xlarge"
- # name = "worker_group_b"
- # additional_userdata = "echo foo bar"
- # subnets = "${join(",", module.vpc.private_subnets)}"
- # },
- # ]
-
-
- # the commented out worker group tags below shows an example of how to define
- # custom tags for the worker groups ASG
- # worker_group_tags = {
- # worker_group_a = [
- # {
- # key = "k8s.io/cluster-autoscaler/node-template/taint/nvidia.com/gpu"
- # value = "gpu:NoSchedule"
- # propagate_at_launch = true
- # },
- # ],
- # worker_group_b = [
- # {
- # key = "k8s.io/cluster-autoscaler/node-template/taint/nvidia.com/gpu"
- # value = "gpu:NoSchedule"
- # propagate_at_launch = true
- # },
- # ],
- # }
-
- worker_groups = [
- {
- instance_type = "t2.small"
- additional_userdata = "echo foo bar"
- asg_desired_capacity = 2
- },
- ]
- worker_groups_launch_template = [
- {
- instance_type = "t2.small"
- additional_userdata = "echo foo bar"
- additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}"
- asg_desired_capacity = 2
- },
- ]
- tags = {
- Environment = "test"
- GithubRepo = "terraform-aws-eks"
- GithubOrg = "terraform-aws-modules"
- Workspace = "${terraform.workspace}"
- }
 }
 
 resource "random_string" "suffix" {
@@ -89,7 +24,6 @@ resource "random_string" "suffix" {
 
 resource "aws_security_group" "worker_group_mgmt_one" {
  name_prefix = "worker_group_mgmt_one"
- description = "SG to be applied to all *nix machines"
  vpc_id = "${module.vpc.vpc_id}"
 
  ingress {
@@ -140,24 +74,57 @@ module "vpc" {
  version = "1.60.0"
  name = "test-vpc"
  cidr = "10.0.0.0/16"
- azs = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}", "${data.aws_availability_zones.available.names[2]}"]
+ azs = ["${data.aws_availability_zones.available.names}"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  public_subnets = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
  enable_nat_gateway = true
  single_nat_gateway = true
- tags = "${merge(local.tags, map("kubernetes.io/cluster/${local.cluster_name}", "shared"))}"
+
+ tags = {
+ "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+ }
+
+ public_subnet_tags = {
+ "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+ }
+
+ private_subnet_tags = {
+ "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+ "kubernetes.io/role/internal-elb" = "true"
+ }
 }
 
 module "eks" {
- source = "../.."
- cluster_name = "${local.cluster_name}"
- subnets = ["${module.vpc.private_subnets}"]
- tags = "${local.tags}"
- vpc_id = "${module.vpc.vpc_id}"
- worker_groups = "${local.worker_groups}"
- worker_groups_launch_template = "${local.worker_groups_launch_template}"
- worker_group_count = 1
- worker_group_launch_template_count = 1
+ source = "../.."
+ cluster_name = "${local.cluster_name}"
+ subnets = ["${module.vpc.private_subnets}"]
+
+ tags = {
+ Environment = "test"
+ GithubRepo = "terraform-aws-eks"
+ GithubOrg = "terraform-aws-modules"
+ }
+
+ vpc_id = "${module.vpc.vpc_id}"
+ worker_group_count = 2
+
+ worker_groups = [
+ {
+ name = "worker-group-1"
+ instance_type = "t2.small"
+ additional_userdata = "echo foo bar"
+ asg_desired_capacity = 2
+ additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id}"
+ },
+ {
+ name = "worker-group-2"
+ instance_type = "t2.medium"
+ additional_userdata = "echo foo bar"
+ additional_security_group_ids = "${aws_security_group.worker_group_mgmt_two.id}"
+ asg_desired_capacity = 1
+ },
+ ]
+
  worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"]
  map_roles = "${var.map_roles}"
  map_roles_count = "${var.map_roles_count}"

examples/eks_test_fixture/outputs.tf → examples/basic/outputs.tf

@@ -14,7 +14,7 @@ output "kubectl_config" {
 }
 
 output "config_map_aws_auth" {
- description = ""
+ description = "A kubernetes configuration to authenticate to this EKS cluster."
  value = "${module.eks.config_map_aws_auth}"
 }