|
|
resource "aws_vpc" "cluster-vpc" { cidr_block = "${var.aws_vpc_cidr_block}"
#DNS Related Entries
enable_dns_support = true enable_dns_hostnames = true
tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-vpc" ))}"
}
resource "aws_eip" "cluster-nat-eip" { count = "${length(var.aws_cidr_subnets_public)}" vpc = true}
resource "aws_internet_gateway" "cluster-vpc-internetgw" { vpc_id = "${aws_vpc.cluster-vpc.id}"
tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-internetgw" ))}"
}
resource "aws_subnet" "cluster-vpc-subnets-public" { vpc_id = "${aws_vpc.cluster-vpc.id}" count="${length(var.aws_avail_zones)}" availability_zone = "${element(var.aws_avail_zones, count.index)}" cidr_block = "${element(var.aws_cidr_subnets_public, count.index)}"
tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-public", "kubernetes.io/cluster/${var.aws_cluster_name}", "member" ))}"
}
resource "aws_nat_gateway" "cluster-nat-gateway" { count = "${length(var.aws_cidr_subnets_public)}" allocation_id = "${element(aws_eip.cluster-nat-eip.*.id, count.index)}" subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id, count.index)}"
}
resource "aws_subnet" "cluster-vpc-subnets-private" { vpc_id = "${aws_vpc.cluster-vpc.id}" count="${length(var.aws_avail_zones)}" availability_zone = "${element(var.aws_avail_zones, count.index)}" cidr_block = "${element(var.aws_cidr_subnets_private, count.index)}"
tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-${element(var.aws_avail_zones, count.index)}-private" ))}"
}
#Routing in VPC
#TODO: Do we need two routing tables for each subnet for redundancy or is one enough?
resource "aws_route_table" "kubernetes-public" { vpc_id = "${aws_vpc.cluster-vpc.id}" route { cidr_block = "0.0.0.0/0" gateway_id = "${aws_internet_gateway.cluster-vpc-internetgw.id}" }
tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-routetable-public" ))}"
}
resource "aws_route_table" "kubernetes-private" { count = "${length(var.aws_cidr_subnets_private)}" vpc_id = "${aws_vpc.cluster-vpc.id}" route { cidr_block = "0.0.0.0/0" nat_gateway_id = "${element(aws_nat_gateway.cluster-nat-gateway.*.id, count.index)}" }
tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-routetable-private-${count.index}" ))}"
}
resource "aws_route_table_association" "kubernetes-public" { count = "${length(var.aws_cidr_subnets_public)}" subnet_id = "${element(aws_subnet.cluster-vpc-subnets-public.*.id,count.index)}" route_table_id = "${aws_route_table.kubernetes-public.id}"
}
resource "aws_route_table_association" "kubernetes-private" { count = "${length(var.aws_cidr_subnets_private)}" subnet_id = "${element(aws_subnet.cluster-vpc-subnets-private.*.id,count.index)}" route_table_id = "${element(aws_route_table.kubernetes-private.*.id,count.index)}"
}
#Kubernetes Security Groups
resource "aws_security_group" "kubernetes" { name = "kubernetes-${var.aws_cluster_name}-securitygroup" vpc_id = "${aws_vpc.cluster-vpc.id}"
tags = "${merge(var.default_tags, map( "Name", "kubernetes-${var.aws_cluster_name}-securitygroup" ))}"
}
resource "aws_security_group_rule" "allow-all-ingress" { type = "ingress" from_port = 0 to_port = 65535 protocol = "-1" cidr_blocks= ["${var.aws_vpc_cidr_block}"] security_group_id = "${aws_security_group.kubernetes.id}"}
resource "aws_security_group_rule" "allow-all-egress" { type = "egress" from_port = 0 to_port = 65535 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] security_group_id = "${aws_security_group.kubernetes.id}"}
resource "aws_security_group_rule" "allow-ssh-connections" { type = "ingress" from_port = 22 to_port = 22 protocol = "TCP" cidr_blocks = ["0.0.0.0/0"] security_group_id = "${aws_security_group.kubernetes.id}"}
|
