github.com/myhau/pulumi/pkg/v3@v3.70.2-0.20221116134521-f2775972e587/codegen/testing/test/testdata/aws-eks-pp/python/aws-eks.py (about) 1 import pulumi 2 import json 3 import pulumi_aws as aws 4 5 # VPC 6 eks_vpc = aws.ec2.Vpc("eksVpc", 7 cidr_block="10.100.0.0/16", 8 instance_tenancy="default", 9 enable_dns_hostnames=True, 10 enable_dns_support=True, 11 tags={ 12 "Name": "pulumi-eks-vpc", 13 }) 14 eks_igw = aws.ec2.InternetGateway("eksIgw", 15 vpc_id=eks_vpc.id, 16 tags={ 17 "Name": "pulumi-vpc-ig", 18 }) 19 eks_route_table = aws.ec2.RouteTable("eksRouteTable", 20 vpc_id=eks_vpc.id, 21 routes=[aws.ec2.RouteTableRouteArgs( 22 cidr_block="0.0.0.0/0", 23 gateway_id=eks_igw.id, 24 )], 25 tags={ 26 "Name": "pulumi-vpc-rt", 27 }) 28 # Subnets, one for each AZ in a region 29 zones = aws.get_availability_zones() 30 vpc_subnet = [] 31 for range in [{"key": k, "value": v} for [k, v] in enumerate(zones.names)]: 32 vpc_subnet.append(aws.ec2.Subnet(f"vpcSubnet-{range['key']}", 33 assign_ipv6_address_on_creation=False, 34 vpc_id=eks_vpc.id, 35 map_public_ip_on_launch=True, 36 cidr_block=f"10.100.{range['key']}.0/24", 37 availability_zone=range["value"], 38 tags={ 39 "Name": f"pulumi-sn-{range['value']}", 40 })) 41 rta = [] 42 for range in [{"key": k, "value": v} for [k, v] in enumerate(zones.names)]: 43 rta.append(aws.ec2.RouteTableAssociation(f"rta-{range['key']}", 44 route_table_id=eks_route_table.id, 45 subnet_id=vpc_subnet[range["key"]].id)) 46 subnet_ids = [__item.id for __item in vpc_subnet] 47 eks_security_group = aws.ec2.SecurityGroup("eksSecurityGroup", 48 vpc_id=eks_vpc.id, 49 description="Allow all HTTP(s) traffic to EKS Cluster", 50 tags={ 51 "Name": "pulumi-cluster-sg", 52 }, 53 ingress=[ 54 aws.ec2.SecurityGroupIngressArgs( 55 cidr_blocks=["0.0.0.0/0"], 56 from_port=443, 57 to_port=443, 58 protocol="tcp", 59 description="Allow pods to communicate with the cluster API Server.", 60 ), 61 aws.ec2.SecurityGroupIngressArgs( 62 cidr_blocks=["0.0.0.0/0"], 63 from_port=80, 64 to_port=80, 65 protocol="tcp", 66 description="Allow internet access to pods", 67 ), 68 ]) 69 # EKS Cluster Role 70 eks_role = aws.iam.Role("eksRole", assume_role_policy=json.dumps({ 71 "Version": "2012-10-17", 72 "Statement": [{ 73 "Action": "sts:AssumeRole", 74 "Principal": { 75 "Service": "eks.amazonaws.com", 76 }, 77 "Effect": "Allow", 78 "Sid": "", 79 }], 80 })) 81 service_policy_attachment = aws.iam.RolePolicyAttachment("servicePolicyAttachment", 82 role=eks_role.id, 83 policy_arn="arn:aws:iam::aws:policy/AmazonEKSServicePolicy") 84 cluster_policy_attachment = aws.iam.RolePolicyAttachment("clusterPolicyAttachment", 85 role=eks_role.id, 86 policy_arn="arn:aws:iam::aws:policy/AmazonEKSClusterPolicy") 87 # EC2 NodeGroup Role 88 ec2_role = aws.iam.Role("ec2Role", assume_role_policy=json.dumps({ 89 "Version": "2012-10-17", 90 "Statement": [{ 91 "Action": "sts:AssumeRole", 92 "Principal": { 93 "Service": "ec2.amazonaws.com", 94 }, 95 "Effect": "Allow", 96 "Sid": "", 97 }], 98 })) 99 worker_node_policy_attachment = aws.iam.RolePolicyAttachment("workerNodePolicyAttachment", 100 role=ec2_role.id, 101 policy_arn="arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy") 102 cni_policy_attachment = aws.iam.RolePolicyAttachment("cniPolicyAttachment", 103 role=ec2_role.id, 104 policy_arn="arn:aws:iam::aws:policy/AmazonEKSCNIPolicy") 105 registry_policy_attachment = aws.iam.RolePolicyAttachment("registryPolicyAttachment", 106 role=ec2_role.id, 107 policy_arn="arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly") 108 # EKS Cluster 109 eks_cluster = aws.eks.Cluster("eksCluster", 110 role_arn=eks_role.arn, 111 tags={ 112 "Name": "pulumi-eks-cluster", 113 }, 114 vpc_config=aws.eks.ClusterVpcConfigArgs( 115 public_access_cidrs=["0.0.0.0/0"], 116 security_group_ids=[eks_security_group.id], 117 subnet_ids=subnet_ids, 118 )) 119 node_group = aws.eks.NodeGroup("nodeGroup", 120 cluster_name=eks_cluster.name, 121 node_group_name="pulumi-eks-nodegroup", 122 node_role_arn=ec2_role.arn, 123 subnet_ids=subnet_ids, 124 tags={ 125 "Name": "pulumi-cluster-nodeGroup", 126 }, 127 scaling_config=aws.eks.NodeGroupScalingConfigArgs( 128 desired_size=2, 129 max_size=2, 130 min_size=1, 131 )) 132 pulumi.export("clusterName", eks_cluster.name) 133 pulumi.export("kubeconfig", pulumi.Output.all(eks_cluster.endpoint, eks_cluster.certificate_authority, eks_cluster.name).apply(lambda endpoint, certificate_authority, name: json.dumps({ 134 "apiVersion": "v1", 135 "clusters": [{ 136 "cluster": { 137 "server": endpoint, 138 "certificate-authority-data": certificate_authority.data, 139 }, 140 "name": "kubernetes", 141 }], 142 "contexts": [{ 143 "contest": { 144 "cluster": "kubernetes", 145 "user": "aws", 146 }, 147 }], 148 "current-context": "aws", 149 "kind": "Config", 150 "users": [{ 151 "name": "aws", 152 "user": { 153 "exec": { 154 "apiVersion": "client.authentication.k8s.io/v1alpha1", 155 "command": "aws-iam-authenticator", 156 }, 157 "args": [ 158 "token", 159 "-i", 160 name, 161 ], 162 }, 163 }], 164 })))