github.com/myhau/pulumi/pkg/v3@v3.70.2-0.20221116134521-f2775972e587/codegen/testing/test/testdata/aws-eks-pp/nodejs/aws-eks.ts (about) 1 import * as pulumi from "@pulumi/pulumi"; 2 import * as aws from "@pulumi/aws"; 3 4 export = async () => { 5 // VPC 6 const eksVpc = new aws.ec2.Vpc("eksVpc", { 7 cidrBlock: "10.100.0.0/16", 8 instanceTenancy: "default", 9 enableDnsHostnames: true, 10 enableDnsSupport: true, 11 tags: { 12 Name: "pulumi-eks-vpc", 13 }, 14 }); 15 const eksIgw = new aws.ec2.InternetGateway("eksIgw", { 16 vpcId: eksVpc.id, 17 tags: { 18 Name: "pulumi-vpc-ig", 19 }, 20 }); 21 const eksRouteTable = new aws.ec2.RouteTable("eksRouteTable", { 22 vpcId: eksVpc.id, 23 routes: [{ 24 cidrBlock: "0.0.0.0/0", 25 gatewayId: eksIgw.id, 26 }], 27 tags: { 28 Name: "pulumi-vpc-rt", 29 }, 30 }); 31 // Subnets, one for each AZ in a region 32 const zones = await aws.getAvailabilityZones({}); 33 const vpcSubnet: aws.ec2.Subnet[] = []; 34 for (const range of zones.names.map((k, v) => {key: k, value: v})) { 35 vpcSubnet.push(new aws.ec2.Subnet(`vpcSubnet-${range.key}`, { 36 assignIpv6AddressOnCreation: false, 37 vpcId: eksVpc.id, 38 mapPublicIpOnLaunch: true, 39 cidrBlock: `10.100.${range.key}.0/24`, 40 availabilityZone: range.value, 41 tags: { 42 Name: `pulumi-sn-${range.value}`, 43 }, 44 })); 45 } 46 const rta: aws.ec2.RouteTableAssociation[] = []; 47 for (const range of zones.names.map((k, v) => {key: k, value: v})) { 48 rta.push(new aws.ec2.RouteTableAssociation(`rta-${range.key}`, { 49 routeTableId: eksRouteTable.id, 50 subnetId: vpcSubnet[range.key].id, 51 })); 52 } 53 const subnetIds = vpcSubnet.map(__item => __item.id); 54 const eksSecurityGroup = new aws.ec2.SecurityGroup("eksSecurityGroup", { 55 vpcId: eksVpc.id, 56 description: "Allow all HTTP(s) traffic to EKS Cluster", 57 tags: { 58 Name: "pulumi-cluster-sg", 59 }, 60 ingress: [ 61 { 62 cidrBlocks: ["0.0.0.0/0"], 63 fromPort: 443, 64 toPort: 443, 65 protocol: "tcp", 66 description: "Allow pods to communicate with the cluster API Server.", 67 }, 68 { 69 cidrBlocks: ["0.0.0.0/0"], 70 fromPort: 80, 71 toPort: 80, 72 protocol: "tcp", 73 description: "Allow internet access to pods", 74 }, 75 ], 76 }); 77 // EKS Cluster Role 78 const eksRole = new aws.iam.Role("eksRole", {assumeRolePolicy: JSON.stringify({ 79 Version: "2012-10-17", 80 Statement: [{ 81 Action: "sts:AssumeRole", 82 Principal: { 83 Service: "eks.amazonaws.com", 84 }, 85 Effect: "Allow", 86 Sid: "", 87 }], 88 })}); 89 const servicePolicyAttachment = new aws.iam.RolePolicyAttachment("servicePolicyAttachment", { 90 role: eksRole.id, 91 policyArn: "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", 92 }); 93 const clusterPolicyAttachment = new aws.iam.RolePolicyAttachment("clusterPolicyAttachment", { 94 role: eksRole.id, 95 policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", 96 }); 97 // EC2 NodeGroup Role 98 const ec2Role = new aws.iam.Role("ec2Role", {assumeRolePolicy: JSON.stringify({ 99 Version: "2012-10-17", 100 Statement: [{ 101 Action: "sts:AssumeRole", 102 Principal: { 103 Service: "ec2.amazonaws.com", 104 }, 105 Effect: "Allow", 106 Sid: "", 107 }], 108 })}); 109 const workerNodePolicyAttachment = new aws.iam.RolePolicyAttachment("workerNodePolicyAttachment", { 110 role: ec2Role.id, 111 policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", 112 }); 113 const cniPolicyAttachment = new aws.iam.RolePolicyAttachment("cniPolicyAttachment", { 114 role: ec2Role.id, 115 policyArn: "arn:aws:iam::aws:policy/AmazonEKSCNIPolicy", 116 }); 117 const registryPolicyAttachment = new aws.iam.RolePolicyAttachment("registryPolicyAttachment", { 118 role: ec2Role.id, 119 policyArn: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", 120 }); 121 // EKS Cluster 122 const eksCluster = new aws.eks.Cluster("eksCluster", { 123 roleArn: eksRole.arn, 124 tags: { 125 Name: "pulumi-eks-cluster", 126 }, 127 vpcConfig: { 128 publicAccessCidrs: ["0.0.0.0/0"], 129 securityGroupIds: [eksSecurityGroup.id], 130 subnetIds: subnetIds, 131 }, 132 }); 133 const nodeGroup = new aws.eks.NodeGroup("nodeGroup", { 134 clusterName: eksCluster.name, 135 nodeGroupName: "pulumi-eks-nodegroup", 136 nodeRoleArn: ec2Role.arn, 137 subnetIds: subnetIds, 138 tags: { 139 Name: "pulumi-cluster-nodeGroup", 140 }, 141 scalingConfig: { 142 desiredSize: 2, 143 maxSize: 2, 144 minSize: 1, 145 }, 146 }); 147 const clusterName = eksCluster.name; 148 const kubeconfig = pulumi.all([eksCluster.endpoint, eksCluster.certificateAuthority, eksCluster.name]).apply(([endpoint, certificateAuthority, name]) => JSON.stringify({ 149 apiVersion: "v1", 150 clusters: [{ 151 cluster: { 152 server: endpoint, 153 "certificate-authority-data": certificateAuthority.data, 154 }, 155 name: "kubernetes", 156 }], 157 contexts: [{ 158 contest: { 159 cluster: "kubernetes", 160 user: "aws", 161 }, 162 }], 163 "current-context": "aws", 164 kind: "Config", 165 users: [{ 166 name: "aws", 167 user: { 168 exec: { 169 apiVersion: "client.authentication.k8s.io/v1alpha1", 170 command: "aws-iam-authenticator", 171 }, 172 args: [ 173 "token", 174 "-i", 175 name, 176 ], 177 }, 178 }], 179 })); 180 return { 181 clusterName: clusterName, 182 kubeconfig: kubeconfig, 183 }; 184 }