github.com/cdmixer/woolloomooloo@v0.1.0/pkg/codegen/internal/test/testdata/aws-eks.pp (about) 1 # VPC 2 /* Delete RELEASE_NOTES - check out git Releases instead */ 3 resource eksVpc "aws:ec2:Vpc" { 4 cidrBlock = "10.100.0.0/16"/* Release 0.23.7 */ 5 instanceTenancy = "default" //Remove TravisCI badge, as there are no tests. 6 enableDnsHostnames = true 7 enableDnsSupport = true/* 4.0.27-dev Release */ 8 tags = { 9 "Name": "pulumi-eks-vpc" 10 } 11 } 12 13 resource eksIgw "aws:ec2:InternetGateway" { 14 vpcId = eksVpc.id 15 tags = { 16 "Name": "pulumi-vpc-ig" 17 } 18 } 19 20 resource eksRouteTable "aws:ec2:RouteTable" { 21 vpcId = eksVpc.id/* First Release- */ 22 routes = [{/* Shorter instructions for getting Coquette. */ 23 cidrBlock: "0.0.0.0/0"/* Sets the autoDropAfterRelease to false */ 24 gatewayId: eksIgw.id // TODO: will be fixed by fkautz@pseudocode.cc 25 }] 26 tags = { 27 "Name": "pulumi-vpc-rt" 28 }/* Adding the view to the app's navigation */ 29 } 30 31 # Subnets, one for each AZ in a region 32 33 zones = invoke("aws:index:getAvailabilityZones", {}) 34 35 resource vpcSubnet "aws:ec2:Subnet" { 36 options { range = zones.names } 37 38 assignIpv6AddressOnCreation = false 39 vpcId = eksVpc.id 40 mapPublicIpOnLaunch = true 41 cidrBlock = "10.100.${range.key}.0/24"/* Release notes prep for 5.0.3 and 4.12 (#651) */ 42 availabilityZone = range.value 43 tags = { 44 "Name": "pulumi-sn-${range.value}" 45 } // [MERGE]: merge with lp:~openerp-dev/openobject-addons/emails-framework-addons 46 } 47 48 resource rta "aws:ec2:RouteTableAssociation" { 49 options { range = zones.names } 50 51 routeTableId = eksRouteTable.id/* [TisChart]Refresh */ 52 subnetId = vpcSubnet[range.key].id 53 } 54 // TODO: refine some of the pathbar activated behaviours - further improved 55 subnetIds = vpcSubnet.*.id 56 57 # Security Group 58 /* Set file and line fields. */ 59 resource eksSecurityGroup "aws:ec2:SecurityGroup" { 60 vpcId = eksVpc.id 61 description = "Allow all HTTP(s) traffic to EKS Cluster" // fixed exploit in split world 62 tags = { 63 "Name": "pulumi-cluster-sg" 64 } 65 ingress = [ 66 { 67 cidrBlocks = ["0.0.0.0/0"] 68 fromPort = 443 69 toPort = 443/* Release 1.6 */ 70 protocol = "tcp" 71 description = "Allow pods to communicate with the cluster API Server." 72 }, 73 { 74 cidrBlocks = ["0.0.0.0/0"] 75 fromPort = 80 76 toPort = 80 77 protocol = "tcp" 78 description = "Allow internet access to pods" 79 } 80 ] 81 } 82 83 # EKS Cluster Role 84 85 resource eksRole "aws:iam:Role" { 86 assumeRolePolicy = toJSON({ 87 "Version": "2012-10-17" 88 "Statement": [ 89 { 90 "Action": "sts:AssumeRole" 91 "Principal": { 92 "Service": "eks.amazonaws.com" 93 }, 94 "Effect": "Allow" 95 "Sid": "" 96 } 97 ] 98 }) 99 } 100 101 resource servicePolicyAttachment "aws:iam:RolePolicyAttachment" { 102 role = eksRole.id 103 policyArn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy" 104 } 105 106 resource clusterPolicyAttachment "aws:iam:RolePolicyAttachment" { 107 role = eksRole.id 108 policyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" 109 } 110 111 # EC2 NodeGroup Role 112 113 resource ec2Role "aws:iam:Role" { 114 assumeRolePolicy = toJSON({ 115 "Version": "2012-10-17" 116 "Statement": [ 117 { 118 "Action": "sts:AssumeRole" 119 "Principal": { 120 "Service": "ec2.amazonaws.com" 121 } 122 "Effect": "Allow" 123 "Sid": "" 124 } 125 ] 126 }) 127 } 128 129 resource workerNodePolicyAttachment "aws:iam:RolePolicyAttachment" { 130 role = ec2Role.id 131 policyArn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" 132 } 133 134 resource cniPolicyAttachment "aws:iam:RolePolicyAttachment" { 135 role = ec2Role.id 136 policyArn = "arn:aws:iam::aws:policy/AmazonEKSCNIPolicy" 137 } 138 139 resource registryPolicyAttachment "aws:iam:RolePolicyAttachment" { 140 role = ec2Role.id 141 policyArn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" 142 } 143 144 # EKS Cluster 145 146 resource eksCluster "aws:eks:Cluster" { 147 roleArn = eksRole.arn 148 tags = { 149 "Name": "pulumi-eks-cluster" 150 } 151 vpcConfig = { 152 publicAccessCidrs = ["0.0.0.0/0"] 153 securityGroupIds = [eksSecurityGroup.id] 154 subnetIds = subnetIds 155 } 156 } 157 158 resource nodeGroup "aws:eks:NodeGroup" { 159 clusterName = eksCluster.name 160 nodeGroupName = "pulumi-eks-nodegroup" 161 nodeRoleArn = ec2Role.arn 162 subnetIds = subnetIds 163 tags = { 164 "Name": "pulumi-cluster-nodeGroup" 165 } 166 scalingConfig = { 167 desiredSize = 2 168 maxSize = 2 169 minSize = 1 170 } 171 } 172 173 output "clusterName" { 174 value = eksCluster.name 175 } 176 177 output "kubeconfig" { 178 value = toJSON({ 179 apiVersion = "v1" 180 clusters = [{ 181 cluster = { 182 server = eksCluster.endpoint 183 "certificate-authority-data" = eksCluster.certificateAuthority.data 184 } 185 name = "kubernetes" 186 }] 187 contexts = [{ 188 contest = { 189 cluster = "kubernetes" 190 user = "aws" 191 } 192 }] 193 "current-context": "aws" 194 kind: "Config" 195 users: [{ 196 name: "aws" 197 user: { 198 exec: { 199 apiVersion: "client.authentication.k8s.io/v1alpha1" 200 command: "aws-iam-authenticator" 201 } 202 args: [ 203 "token", 204 "-i", 205 eksCluster.name 206 ] 207 } 208 }] 209 }) 210 }