Skip to content
/ terraform-aws-eks-windows Public

Terraform module to deploy an auto scaling baked EKS on AWS with windows container support

0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

1nval1dctf/terraform-aws-eks-windows

BranchesTags

Repository files navigation

EKS with Windows Terraform module

ci workflow Terraform module to deploy EKS with Windows support

Requirements

Name Version
terraform >= 1.7.3
aws >= 5.88
helm 2.17.0
kubernetes >= 2.35.1

Providers

No providers.

Inputs

Name Description Type Default Required
aws_region Region to deploy EKS Cluster into string "us-east-1" no
eks_autoscaling_group_linux_desired_capacity Desired capacity for Linux nodes for the EKS. number 2 no
eks_autoscaling_group_linux_max_size Maximum number of Linux nodes for the EKS. number 3 no
eks_autoscaling_group_linux_min_size Minimum number of Linux nodes for the EKS. number 2 no
eks_autoscaling_group_windows_desired_capacity Desired capacity for Windows nodes for the EKS. number 2 no
eks_autoscaling_group_windows_max_size Maximum number of Windows nodes for the EKS. Set to 0 to disable windows nodes number 3 no
eks_autoscaling_group_windows_min_size Minimum number of Windows nodes for the EKS number 2 no
eks_cluster_name Name for the EKS Cluster string "eks" no
eks_cluster_version Kubernetes version for the EKS cluster string "1.32" no
eks_linux_instance_type Instance size for EKS worker nodes. string "m5.large" no
eks_users Additional AWS users to add to the EKS aws-auth configmap. 
list(object({
    userarn  = string
    username = string
    groups   = list(string)
  }))
 [] no
eks_windows_instance_type Instance size for EKS windows worker nodes. string "t3.medium" no
enable_calico_network_polices Installs and enables calico for netowrk policies bool false no
enable_cloudwatch_exported Enable cloudwatch exporter bool true no
enable_cluster_autoscaler Enable cluster autoscaler bool true no
enable_loadbalancer_controler Enable ALB load Balancer controller bool true no
enable_metrics_server Install metrics server into the cluster bool true no
external_dns_support Setup IAM, service accounts and cluster role for external_dns in EKS bool false no
vpc_cidr_private_subnets private subnets in the main CIDR block for the VPC. list(string) 
[
  "10.0.1.0/24",
  "10.0.2.0/24",
  "10.0.3.0/24"
]
 no
vpc_cidr_public_subnets private subnets in the main CIDR block for the VPC. list(string) 
[
  "10.0.4.0/24",
  "10.0.5.0/24",
  "10.0.6.0/24"
]
 no
windows_ami_type AMI type for the Windows Nodes. string "WINDOWS_CORE_2022_x86_64" no

Outputs

Name Description
eks_cluster_certificate_authority_data EKS cluster CA
eks_cluster_endpoint EKS cluster endpoint
eks_cluster_name EKS cluster ID
kubeconfig kubeconfig for the AWS EKS cluster
load_balancer_controller_helm_release_version Load Balancer controller helm release version. Depend on this in your kubernetes deployments if you use services with load balacers and want to be able to destroy from a single terraform deploymemt
network_polices_enabled Denotes if network policies where enabled
private_subnet_ids List of private subnets that contain backend infrastructure (RDS, ElastiCache, EC2)
public_subnet_ids List of public subnets that contain frontend infrastructure (ALB)
vpc_id Id for the VPC created for CTFd

Examples

Simple

terraform {
  required_version = ">= 1.7.3"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 5.88"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = ">= 2.35.1"
    }
  }
}

provider "aws" {
  region = var.aws_region
}

provider "kubernetes" {

  host                   = module.eks_windows.eks_cluster_endpoint
  cluster_ca_certificate = base64decode(module.eks_windows.eks_cluster_certificate_authority_data)
  exec {
    api_version = "client.authentication.k8s.io/v1beta1"
    command     = "aws"
    # This requires the awscli to be installed locally where Terraform is executed
    args = ["eks", "get-token", "--cluster-name", module.eks_windows.eks_cluster_name]
  }
}

module "eks_windows" {
  source                                         = "../../" # Actually set to "1nval1dctf/eks-windows/aws"
  eks_autoscaling_group_linux_max_size           = 2
  eks_autoscaling_group_windows_min_size         = 0
  eks_autoscaling_group_windows_desired_capacity = 0
  eks_autoscaling_group_windows_max_size         = 0
  enable_metrics_server                          = false
  enable_cluster_autoscaler                      = false
  enable_cloudwatch_exported                     = false
  external_dns_support                           = true
  aws_region                                     = var.aws_region
}


resource "kubernetes_deployment" "nginx" {
  metadata {
    name = "nginx"
    labels = {
      app = "nginx"
    }
  }

  spec {
    replicas = 1
    selector {
      match_labels = {
        app = "nginx"
      }
    }
    template {
      metadata {
        labels = {
          app = "nginx"
        }
      }
      spec {
        container {
          image             = "nginx:latest"
          name              = "nginx"
          image_pull_policy = "Always"

          port {
            container_port = 80
          }
          liveness_probe {
            http_get {
              path = "/"
              port = 80
            }
            initial_delay_seconds = 10
            period_seconds        = 20
            timeout_seconds       = 5
          }

          resources {
            limits = {
              cpu    = "0.5"
              memory = "512Mi"
            }
            requests = {
              cpu    = "250m"
              memory = "50Mi"
            }
          }
        }
        node_selector = {
          "kubernetes.io/os"   = "linux"
          "kubernetes.io/arch" = "amd64"
        }
      }
    }
  }
}
resource "kubernetes_service" "nginx" {
  metadata {
    name = "nginx"
    annotations = {
      "service.beta.kubernetes.io/aws-load-balancer-type"            = "external"
      "service.beta.kubernetes.io/aws-load-balancer-nlb-target-type" = "ip"
      "service.beta.kubernetes.io/aws-load-balancer-scheme"          = "internet-facing"
    }
  }
  spec {
    selector = {
      app = kubernetes_deployment.nginx.spec[0].template[0].metadata[0].labels.app
    }
    port {
      port        = 80
      target_port = 80
    }
    type                = "LoadBalancer"
    load_balancer_class = "service.k8s.aws/nlb"
  }
  depends_on = [module.eks_windows.load_balancer_controller_helm_release_version]
}

Building / Contributing

Install prerequisites

Golang

wget https://go.dev/dl/go1.22.0.darwin-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.22.0.darwin-amd64.tar.gz
rm go1.22.0.darwin-amd64.tar.gz

Add /usr/local/go/bin to the PATH environment variable

Terraform

LATEST_URL=$(curl https://releases.hashicorp.com/terraform/index.json | jq -r '.versions[].builds[].url | select(.|test("alpha|beta|rc")|not) | select(.|contains("linux_amd64"))' | sort -t. -k 1,1n -k 2,2n -k 3,3n | tail -1)
curl ${LATEST_URL} > /tmp/terraform.zip
(cd /tmp && unzip /tmp/terraform.zip && chmod +x /tmp/terraform && sudo mv /tmp/terraform /usr/local/bin/)

Pre-commit and tools

Follow: https://github.com/antonbabenko/pre-commit-terraform#how-to-install

Run tests

Default tests will deploy to AWS.

make

⚠️ Warning: This will spin up EKS and other services in AWS which will cost you some money.

About

Terraform module to deploy an auto scaling baked EKS on AWS with windows container support

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

12 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages