github.com/myhau/pulumi/pkg/v3@v3.70.2-0.20221116134521-f2775972e587/codegen/testing/test/testdata/aws-eks-pp/dotnet/aws-eks.cs (about) 1 using System.Collections.Generic; 2 using System.Linq; 3 using System.Text.Json; 4 using System.Threading.Tasks; 5 using Pulumi; 6 using Aws = Pulumi.Aws; 7 8 return await Deployment.RunAsync(async() => 9 { 10 // VPC 11 var eksVpc = new Aws.Ec2.Vpc("eksVpc", new() 12 { 13 CidrBlock = "10.100.0.0/16", 14 InstanceTenancy = "default", 15 EnableDnsHostnames = true, 16 EnableDnsSupport = true, 17 Tags = 18 { 19 { "Name", "pulumi-eks-vpc" }, 20 }, 21 }); 22 23 var eksIgw = new Aws.Ec2.InternetGateway("eksIgw", new() 24 { 25 VpcId = eksVpc.Id, 26 Tags = 27 { 28 { "Name", "pulumi-vpc-ig" }, 29 }, 30 }); 31 32 var eksRouteTable = new Aws.Ec2.RouteTable("eksRouteTable", new() 33 { 34 VpcId = eksVpc.Id, 35 Routes = new[] 36 { 37 new Aws.Ec2.Inputs.RouteTableRouteArgs 38 { 39 CidrBlock = "0.0.0.0/0", 40 GatewayId = eksIgw.Id, 41 }, 42 }, 43 Tags = 44 { 45 { "Name", "pulumi-vpc-rt" }, 46 }, 47 }); 48 49 // Subnets, one for each AZ in a region 50 var zones = await Aws.GetAvailabilityZones.InvokeAsync(); 51 52 var vpcSubnet = new List<Aws.Ec2.Subnet>(); 53 foreach (var range in zones.Names.Select((v, k) => new { Key = k, Value = v })) 54 { 55 vpcSubnet.Add(new Aws.Ec2.Subnet($"vpcSubnet-{range.Key}", new() 56 { 57 AssignIpv6AddressOnCreation = false, 58 VpcId = eksVpc.Id, 59 MapPublicIpOnLaunch = true, 60 CidrBlock = $"10.100.{range.Key}.0/24", 61 AvailabilityZone = range.Value, 62 Tags = 63 { 64 { "Name", $"pulumi-sn-{range.Value}" }, 65 }, 66 })); 67 } 68 var rta = new List<Aws.Ec2.RouteTableAssociation>(); 69 foreach (var range in zones.Names.Select((v, k) => new { Key = k, Value = v })) 70 { 71 rta.Add(new Aws.Ec2.RouteTableAssociation($"rta-{range.Key}", new() 72 { 73 RouteTableId = eksRouteTable.Id, 74 SubnetId = vpcSubnet[range.Key].Id, 75 })); 76 } 77 var subnetIds = vpcSubnet.Select(__item => __item.Id).ToList(); 78 79 var eksSecurityGroup = new Aws.Ec2.SecurityGroup("eksSecurityGroup", new() 80 { 81 VpcId = eksVpc.Id, 82 Description = "Allow all HTTP(s) traffic to EKS Cluster", 83 Tags = 84 { 85 { "Name", "pulumi-cluster-sg" }, 86 }, 87 Ingress = new[] 88 { 89 new Aws.Ec2.Inputs.SecurityGroupIngressArgs 90 { 91 CidrBlocks = new[] 92 { 93 "0.0.0.0/0", 94 }, 95 FromPort = 443, 96 ToPort = 443, 97 Protocol = "tcp", 98 Description = "Allow pods to communicate with the cluster API Server.", 99 }, 100 new Aws.Ec2.Inputs.SecurityGroupIngressArgs 101 { 102 CidrBlocks = new[] 103 { 104 "0.0.0.0/0", 105 }, 106 FromPort = 80, 107 ToPort = 80, 108 Protocol = "tcp", 109 Description = "Allow internet access to pods", 110 }, 111 }, 112 }); 113 114 // EKS Cluster Role 115 var eksRole = new Aws.Iam.Role("eksRole", new() 116 { 117 AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?> 118 { 119 ["Version"] = "2012-10-17", 120 ["Statement"] = new[] 121 { 122 new Dictionary<string, object?> 123 { 124 ["Action"] = "sts:AssumeRole", 125 ["Principal"] = new Dictionary<string, object?> 126 { 127 ["Service"] = "eks.amazonaws.com", 128 }, 129 ["Effect"] = "Allow", 130 ["Sid"] = "", 131 }, 132 }, 133 }), 134 }); 135 136 var servicePolicyAttachment = new Aws.Iam.RolePolicyAttachment("servicePolicyAttachment", new() 137 { 138 Role = eksRole.Id, 139 PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", 140 }); 141 142 var clusterPolicyAttachment = new Aws.Iam.RolePolicyAttachment("clusterPolicyAttachment", new() 143 { 144 Role = eksRole.Id, 145 PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", 146 }); 147 148 // EC2 NodeGroup Role 149 var ec2Role = new Aws.Iam.Role("ec2Role", new() 150 { 151 AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?> 152 { 153 ["Version"] = "2012-10-17", 154 ["Statement"] = new[] 155 { 156 new Dictionary<string, object?> 157 { 158 ["Action"] = "sts:AssumeRole", 159 ["Principal"] = new Dictionary<string, object?> 160 { 161 ["Service"] = "ec2.amazonaws.com", 162 }, 163 ["Effect"] = "Allow", 164 ["Sid"] = "", 165 }, 166 }, 167 }), 168 }); 169 170 var workerNodePolicyAttachment = new Aws.Iam.RolePolicyAttachment("workerNodePolicyAttachment", new() 171 { 172 Role = ec2Role.Id, 173 PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", 174 }); 175 176 var cniPolicyAttachment = new Aws.Iam.RolePolicyAttachment("cniPolicyAttachment", new() 177 { 178 Role = ec2Role.Id, 179 PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSCNIPolicy", 180 }); 181 182 var registryPolicyAttachment = new Aws.Iam.RolePolicyAttachment("registryPolicyAttachment", new() 183 { 184 Role = ec2Role.Id, 185 PolicyArn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", 186 }); 187 188 // EKS Cluster 189 var eksCluster = new Aws.Eks.Cluster("eksCluster", new() 190 { 191 RoleArn = eksRole.Arn, 192 Tags = 193 { 194 { "Name", "pulumi-eks-cluster" }, 195 }, 196 VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs 197 { 198 PublicAccessCidrs = new[] 199 { 200 "0.0.0.0/0", 201 }, 202 SecurityGroupIds = new[] 203 { 204 eksSecurityGroup.Id, 205 }, 206 SubnetIds = subnetIds, 207 }, 208 }); 209 210 var nodeGroup = new Aws.Eks.NodeGroup("nodeGroup", new() 211 { 212 ClusterName = eksCluster.Name, 213 NodeGroupName = "pulumi-eks-nodegroup", 214 NodeRoleArn = ec2Role.Arn, 215 SubnetIds = subnetIds, 216 Tags = 217 { 218 { "Name", "pulumi-cluster-nodeGroup" }, 219 }, 220 ScalingConfig = new Aws.Eks.Inputs.NodeGroupScalingConfigArgs 221 { 222 DesiredSize = 2, 223 MaxSize = 2, 224 MinSize = 1, 225 }, 226 }); 227 228 return new Dictionary<string, object?> 229 { 230 ["clusterName"] = eksCluster.Name, 231 ["kubeconfig"] = Output.Tuple(eksCluster.Endpoint, eksCluster.CertificateAuthority, eksCluster.Name).Apply(values => 232 { 233 var endpoint = values.Item1; 234 var certificateAuthority = values.Item2; 235 var name = values.Item3; 236 return JsonSerializer.Serialize(new Dictionary<string, object?> 237 { 238 ["apiVersion"] = "v1", 239 ["clusters"] = new[] 240 { 241 new Dictionary<string, object?> 242 { 243 ["cluster"] = new Dictionary<string, object?> 244 { 245 ["server"] = endpoint, 246 ["certificate-authority-data"] = certificateAuthority.Data, 247 }, 248 ["name"] = "kubernetes", 249 }, 250 }, 251 ["contexts"] = new[] 252 { 253 new Dictionary<string, object?> 254 { 255 ["contest"] = new Dictionary<string, object?> 256 { 257 ["cluster"] = "kubernetes", 258 ["user"] = "aws", 259 }, 260 }, 261 }, 262 ["current-context"] = "aws", 263 ["kind"] = "Config", 264 ["users"] = new[] 265 { 266 new Dictionary<string, object?> 267 { 268 ["name"] = "aws", 269 ["user"] = new Dictionary<string, object?> 270 { 271 ["exec"] = new Dictionary<string, object?> 272 { 273 ["apiVersion"] = "client.authentication.k8s.io/v1alpha1", 274 ["command"] = "aws-iam-authenticator", 275 }, 276 ["args"] = new[] 277 { 278 "token", 279 "-i", 280 name, 281 }, 282 }, 283 }, 284 }, 285 }); 286 }), 287 }; 288 }); 289