Skip to content

paulofponciano/EKS-Istio-Karpenter-ArgoCD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github/workflows
.github/workflows
 
 
argocd
argocd
 
 
istio_addons
istio_addons
 
 
karpenter
karpenter
 
 
prometheus
prometheus
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
argocd.tf
argocd.tf
 
 
aws-auth-config.tf
aws-auth-config.tf
 
 
eks.tf
eks.tf
 
 
eks_addons.tf
eks_addons.tf
 
 
helm_alb_ingress_controller.tf
helm_alb_ingress_controller.tf
 
 
helm_istio.tf
helm_istio.tf
 
 
helm_karpenter.tf
helm_karpenter.tf
 
 
helm_kube_state_metrics.tf
helm_kube_state_metrics.tf
 
 
helm_metrics_server.tf
helm_metrics_server.tf
 
 
helm_prometheus.tf
helm_prometheus.tf
 
 
iam.tf
iam.tf
 
 
kms.tf
kms.tf
 
 
networking.tf
networking.tf
 
 
nlb.tf
nlb.tf
 
 
oidc.tf
oidc.tf
 
 
output.tf
output.tf
 
 
provider.tf
provider.tf
 
 
sg.tf
sg.tf
 
 
variables.tf
variables.tf
 
 
variables.tfvars
variables.tfvars
 
 

Repository files navigation

Terraform AWS Kubernetes

EKS-Baseline-with-Istio-Karpenter-ArgoCD

# ISTIO-INGRESS
# ISTIOD
# ISTIO-BASE
# KUBE-PROMETHEUS-STACK
# ALB INGRESS CONTROLLER
# METRICS SERVER
# EKS ADDONS
# KARPENTER
# ARGOCD

Note

Caso não utilize certificado do ACM, altere o resource "aws_lb_listener" "ingress_443" no arquivo 'nlb.tf' comentando as linhas 38, 39 e 40. Remova o comentário da linha 37. Caso utilize, altere o ARN na linha 39.

ArgoCD ConfigMaps

Note

As alterações nos ConfigMaps do Argo já estão feitas no manifesto 'argocd_install_2_10_5.yaml'. Mantendo essa nota apenas para conhecimento.

  • Adicionar ao ConfigMap (argocd-cmd-params-cm):
kubectl edit cm argocd-cmd-params-cm -n argocd
data:
  server.insecure: 'true'
  • Adicionar ao ConfigMap (argocd-cm):
kubectl edit cm argocd-cm -n argocd
data:
  application.resourceTrackingMethod: annotation
  • Recuperar password ArgoCD:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo

Requirements

Name Version
aws ~> 5.0
helm ~> 2.0
kubectl ~> 1.14
kubernetes ~> 2.0
tls ~> 3.1.0

Providers

Name Version
aws 5.66.0
helm 2.15.0
kubectl 1.14.0
kubernetes 2.32.0
time 0.12.0
tls 3.1.0

Modules

No modules.

Resources

Name Type
aws_eip.vpc_iep_1 resource
aws_eip.vpc_iep_2 resource
aws_eks_addon.cni resource
aws_eks_addon.coredns resource
aws_eks_addon.csi_driver resource
aws_eks_addon.kubeproxy resource
aws_eks_cluster.eks_cluster resource
aws_eks_node_group.cluster resource
aws_iam_instance_profile.karpenter resource
aws_iam_openid_connect_provider.eks resource
aws_iam_policy.aws_load_balancer_controller_policy resource
aws_iam_policy.csi_driver resource
aws_iam_policy.karpenter_controller resource
aws_iam_policy_attachment.aws_load_balancer_controller_policy resource
aws_iam_policy_attachment.csi_driver resource
aws_iam_role.alb_controller resource
aws_iam_role.argocd_image_updater resource
aws_iam_role.eks_cluster_role resource
aws_iam_role.eks_nodes_roles resource
aws_iam_role.karpenter_controller resource
aws_iam_role_policy_attachment.aws_load_balancer_controller_attach resource
aws_iam_role_policy_attachment.cloudwatch resource
aws_iam_role_policy_attachment.cni resource
aws_iam_role_policy_attachment.csi_default resource
aws_iam_role_policy_attachment.ecr resource
aws_iam_role_policy_attachment.ecr_access_origination resource
aws_iam_role_policy_attachment.eks-cluster-cluster resource
aws_iam_role_policy_attachment.eks-cluster-service resource
aws_iam_role_policy_attachment.node resource
aws_iam_role_policy_attachment.ssm resource
aws_internet_gateway.gw resource
aws_kms_alias.eks resource
aws_kms_key.eks resource
aws_lb.istio_ingress resource
aws_lb_listener.ingress_443 resource
aws_lb_listener.ingress_80 resource
aws_lb_target_group.http resource
aws_lb_target_group.https resource
aws_nat_gateway.nat_az1 resource
aws_nat_gateway.nat_az2 resource
aws_route.nat_access_az1 resource
aws_route.nat_access_az2 resource
aws_route.public_internet_access resource
aws_route_table.igw_route_table resource
aws_route_table.nat_az1 resource
aws_route_table.nat_az2 resource
aws_route_table_association.private_az1 resource
aws_route_table_association.private_az2 resource
aws_route_table_association.public_az1 resource
aws_route_table_association.public_az2 resource
aws_security_group.cluster_nodes_sg resource
aws_security_group.cluster_sg resource
aws_security_group_rule.cluster_ingress_https resource
aws_security_group_rule.nodeport resource
aws_security_group_rule.nodeport_cluster resource
aws_security_group_rule.nodeport_cluster_udp resource
aws_subnet.private_subnet_az1 resource
aws_subnet.private_subnet_az2 resource
aws_subnet.public_subnet_az1 resource
aws_subnet.public_subnet_az2 resource
aws_vpc.cluster_vpc resource
helm_release.alb_ingress_controller resource
helm_release.istio_base resource
helm_release.istio_ingress resource
helm_release.istiod resource
helm_release.karpenter resource
helm_release.metrics_server resource
helm_release.prometheus resource
kubectl_manifest.argocd resource
kubectl_manifest.argocd_gw resource
kubectl_manifest.argocd_ns resource
kubectl_manifest.argocd_virtual_service resource
kubectl_manifest.grafana_gateway resource
kubectl_manifest.grafana_service resource
kubectl_manifest.image_updater resource
kubectl_manifest.istio_target_group_binding_http resource
kubectl_manifest.istio_target_group_binding_https resource
kubectl_manifest.karpenter-nodeclass resource
kubectl_manifest.karpenter-nodepool-default resource
kubernetes_config_map.aws-auth resource
time_sleep.wait_30_seconds_karpenter resource
time_sleep.wait_40_seconds_albcontroller resource
aws_caller_identity.current data source
aws_eks_cluster_auth.default data source
aws_iam_policy_document.argocd_image_updater data source
aws_iam_policy_document.aws_load_balancer_controller_assume_role data source
aws_iam_policy_document.aws_load_balancer_controller_policy data source
aws_iam_policy_document.csi_driver data source
aws_iam_policy_document.eks_cluster_role data source
aws_iam_policy_document.eks_nodes_role data source
aws_iam_policy_document.karpenter_controller_assume_role_policy data source
kubectl_file_documents.argocd data source
kubectl_file_documents.argocd_ns data source
kubectl_file_documents.image_updater data source
tls_certificate.eks data source

Inputs

Name Description Type Default Required
addon_cni_version CNI Version string n/a yes
addon_coredns_version CoreDNS Version string n/a yes
addon_csi_version CSI Version string n/a yes
addon_kubeproxy_version Kubeproxy Version string n/a yes
argocd_virtual_service_host n/a string n/a yes
aws_region n/a string n/a yes
az1 n/a string n/a yes
az2 n/a string n/a yes
cluster_name n/a string n/a yes
desired_size n/a string n/a yes
enable_cross_zone_lb n/a bool n/a yes
enabled_cluster_log_types n/a list(string) n/a yes
endpoint_private_access n/a bool n/a yes
environment n/a string n/a yes
grafana_virtual_service_host n/a string n/a yes
instance_type n/a list(string) n/a yes
k8s_version n/a string n/a yes
karpenter_azs n/a list(any) n/a yes
karpenter_capacity_type n/a list(any) n/a yes
karpenter_instance_class n/a list(any) n/a yes
karpenter_instance_size n/a list(any) n/a yes
max_size n/a string n/a yes
min_size n/a string n/a yes
nlb_ingress_internal n/a bool n/a yes
nlb_ingress_type n/a string n/a yes
private_subnet_az1_cidr Private Subnet CIDR string n/a yes
private_subnet_az2_cidr Private Subnet CIDR string n/a yes
project n/a string n/a yes
proxy_protocol_v2 n/a bool n/a yes
public_subnet_az1_cidr Public Subnet CIDR string n/a yes
public_subnet_az2_cidr Public Subnet CIDR string n/a yes
vpc_cidr VPC CIDR string n/a yes

Outputs

Name Description
cluster_name n/a
istio_ingress_nlb n/a

About

🐳 🐙

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages