Better examples, PR template changes, general tidy up (#375)

* adding 3 examples

* removing old example

* updating PR template

* fix this typo

* update after renaming default example

* add missing launch_template_mixed stuff to aws_auth

* fix 2 examples with public subnets

* update changelog for new minor release

Author: max-rocket-internet

.github/PULL_REQUEST_TEMPLATE.md

@@ -6,8 +6,7 @@ Please explain the changes you made here and link to any relevant issues.
 
 ### Checklist
 
-- [ ] `terraform fmt` and `terraform validate` both work from the root and `examples/eks_test_fixture` directories (look in CI for an example)
-- [ ] Tests for the changes have been added and passing (for bug fixes/features)
-- [ ] Test results are pasted in this PR (in lieu of CI)
-- [ ] I've added my change to CHANGELOG.md
-- [ ] Any breaking changes are highlighted above
+- [ ] `terraform fmt` and `terraform validate` both work from the root and `examples/*` directories
+- [ ] CI tests are passing
+- [ ] I've added my change to CHANGELOG.md and highlighted any breaking changes
+- [ ] README.md has been updated after any changes to variables and outputs. See https://github.com/terraform-aws-modules/terraform-aws-eks/#doc-generation

.kitchen.yml

@@ -1,7 +1,7 @@
 ---
 driver:
   name: "terraform"
-  root_module_directory: "examples/eks_test_fixture"
+  root_module_directory: "examples/basic"
 
 provisioner:
   name: "terraform"

.travis.yml

@@ -34,19 +34,15 @@ script:
 - terraform init
 - terraform fmt -check=true
 - terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]" -var "cluster_name=test_cluster"
-# - docker run --rm -v $(pwd):/app/ --workdir=/app/ -t wata727/tflint --error-with-issues
-- cd examples/eks_test_fixture
-- terraform init
-- terraform fmt -check=true
-- terraform validate
-- cd -
+- |
+  for example in $(find examples -maxdepth 1 -mindepth 1 -type d); do
+  cd $example
+  terraform init
+  terraform fmt -check=true
+  terraform validate
+  cd -
+  done
 - terraform -v
-# - bundle exec kitchen test --destroy always
-# deploy:
-#   provider: script
-#   script: ci/deploy.sh
-#   on:
-#     branch: master
 
 notifications:
   email:

CHANGELOG.md

@@ -19,6 +19,15 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 # History
 
+## [[v4.0.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.0...v4.0.1)] - 2019-05-07]
+
+### Changed
+
+- Added 2 new examples, also tidy up basic example (by @max-rocket-internet)
+- Updates to travis, PR template (by @max-rocket-internet)
+- Fix typo in data.tf (by @max-rocket-internet)
+- Add missing launch template items in `aws_auth.tf` (by @max-rocket-internet)
+
 ## [[v4.0.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v4.0.0...v4.0.1)] - 2019-05-07]
 
 ### Changed

README.md

@@ -19,7 +19,7 @@ Read the [AWS docs on EKS to get connected to the k8s dashboard](https://docs.aw
 
 ## Usage example
 
-A full example leveraging other community modules is contained in the [examples/eks_test_fixture directory](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks_test_fixture). Here's the gist of using it via the Terraform registry:
+A full example leveraging other community modules is contained in the [examples/basic directory](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/basic). Here's the gist of using it via the Terraform registry:
 
 ```hcl
 module "my-cluster" {
@@ -89,11 +89,6 @@ Report issues/questions/feature requests on in the [issues](https://github.com/t
 
 Full contributing [guidelines are covered here](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/CONTRIBUTING.md).
 
-## IAM Permissions
-
-Testing and using this repo requires a minimum set of IAM permissions. Test permissions
-are listed in the [eks_test_fixture README](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks_test_fixture/README.md).
-
 ## Change log
 
 The [changelog](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/CHANGELOG.md) captures all important release notes.
@@ -133,11 +128,11 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | manage\_aws\_auth | Whether to apply the aws-auth configmap file. | string | `"true"` | no |
 | manage\_cluster\_iam\_resources | Whether to let the module manage cluster IAM resources. If set to false, cluster_iam_role_name must be specified. | string | `"true"` | no |
 | manage\_worker\_iam\_resources | Whether to let the module manage worker IAM resources. If set to false, iam_instance_profile_name must be specified for workers. | string | `"true"` | no |
-| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no |
+| map\_accounts | Additional AWS account numbers to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no |
 | map\_accounts\_count | The count of accounts in the map_accounts list. | string | `"0"` | no |
-| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no |
+| map\_roles | Additional IAM roles to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no |
 | map\_roles\_count | The count of roles in the map_roles list. | string | `"0"` | no |
-| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/eks_test_fixture/variables.tf for example format. | list | `[]` | no |
+| map\_users | Additional IAM users to add to the aws-auth configmap. See examples/basic/variables.tf for example format. | list | `[]` | no |
 | map\_users\_count | The count of roles in the map_users list. | string | `"0"` | no |
 | permissions\_boundary | If provided, all IAM roles will be created with this permissions boundary attached. | string | `""` | no |
 | subnets | A list of subnets to place the EKS cluster and workers within. | list | n/a | yes |

aws_auth.tf

@@ -33,6 +33,15 @@ EOS
 
 data "aws_caller_identity" "current" {}
 
+data "template_file" "launch_template_mixed_worker_role_arns" {
+  count    = "${var.worker_group_launch_template_mixed_count}"
+  template = "${file("${path.module}/templates/worker-role.tpl")}"
+
+  vars {
+    worker_role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/${element(coalescelist(aws_iam_instance_profile.workers_launch_template_mixed.*.role, data.aws_iam_instance_profile.custom_worker_group_launch_template_mixed_iam_instance_profile.*.role_name), count.index)}"
+  }
+}
+
 data "template_file" "launch_template_worker_role_arns" {
   count    = "${var.worker_group_launch_template_count}"
   template = "${file("${path.module}/templates/worker-role.tpl")}"
@@ -55,7 +64,7 @@ data "template_file" "config_map_aws_auth" {
   template = "${file("${path.module}/templates/config-map-aws-auth.yaml.tpl")}"
 
   vars {
-    worker_role_arn = "${join("", distinct(concat(data.template_file.launch_template_worker_role_arns.*.rendered, data.template_file.worker_role_arns.*.rendered)))}"
+    worker_role_arn = "${join("", distinct(concat(data.template_file.launch_template_worker_role_arns.*.rendered, data.template_file.worker_role_arns.*.rendered, data.template_file.launch_template_mixed_worker_role_arns.*.rendered)))}"
     map_users       = "${join("", data.template_file.map_users.*.rendered)}"
     map_roles       = "${join("", data.template_file.map_roles.*.rendered)}"
     map_accounts    = "${join("", data.template_file.map_accounts.*.rendered)}"

data.tf

@@ -109,10 +109,10 @@ data "template_file" "workers_launch_template_mixed" {
     cluster_name         = "${aws_eks_cluster.this.name}"
     endpoint             = "${aws_eks_cluster.this.endpoint}"
     cluster_auth_base64  = "${aws_eks_cluster.this.certificate_authority.0.data}"
-    pre_userdata         = "${lookup(var.worker_groups_launch_template[count.index], "pre_userdata", local.workers_group_defaults["pre_userdata"])}"
-    additional_userdata  = "${lookup(var.worker_groups_launch_template[count.index], "additional_userdata", local.workers_group_defaults["additional_userdata"])}"
-    bootstrap_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "bootstrap_extra_args", local.workers_group_defaults["bootstrap_extra_args"])}"
-    kubelet_extra_args   = "${lookup(var.worker_groups_launch_template[count.index], "kubelet_extra_args", local.workers_group_defaults["kubelet_extra_args"])}"
+    pre_userdata         = "${lookup(var.worker_groups_launch_template_mixed[count.index], "pre_userdata", local.workers_group_defaults["pre_userdata"])}"
+    additional_userdata  = "${lookup(var.worker_groups_launch_template_mixed[count.index], "additional_userdata", local.workers_group_defaults["additional_userdata"])}"
+    bootstrap_extra_args = "${lookup(var.worker_groups_launch_template_mixed[count.index], "bootstrap_extra_args", local.workers_group_defaults["bootstrap_extra_args"])}"
+    kubelet_extra_args   = "${lookup(var.worker_groups_launch_template_mixed[count.index], "kubelet_extra_args", local.workers_group_defaults["kubelet_extra_args"])}"
   }
 }
 

examples/README.md

@@ -0,0 +1,7 @@
+# Examples
+
+These serve a few purposes:
+
+1.  Shows developers how to use the module in a straightforward way as integrated with other terraform community supported modules.
+2.  Serves as the test infrastructure for CI on the project.
+3.  Provides a simple way to play with the Kubernetes cluster you create.

examples/eks_test_fixture/main.tf renamed to examples/basic/main.tf

@@ -15,71 +15,6 @@ data "aws_availability_zones" "available" {}
 
 locals {
   cluster_name = "test-eks-${random_string.suffix.result}"
-
-  # the commented out worker group list below shows an example of how to define
-  # multiple worker groups of differing configurations
-  # worker_groups = [
-  #   {
-  #     asg_desired_capacity = 2
-  #     asg_max_size = 10
-  #     asg_min_size = 2
-  #     instance_type = "m4.xlarge"
-  #     name = "worker_group_a"
-  #     additional_userdata = "echo foo bar"
-  #     subnets = "${join(",", module.vpc.private_subnets)}"
-  #   },
-  #   {
-  #     asg_desired_capacity = 1
-  #     asg_max_size = 5
-  #     asg_min_size = 1
-  #     instance_type = "m4.2xlarge"
-  #     name = "worker_group_b"
-  #     additional_userdata = "echo foo bar"
-  #     subnets = "${join(",", module.vpc.private_subnets)}"
-  #   },
-  # ]
-
-
-  # the commented out worker group tags below shows an example of how to define
-  # custom tags for the worker groups ASG
-  # worker_group_tags = {
-  #   worker_group_a = [
-  #     {
-  #       key                 = "k8s.io/cluster-autoscaler/node-template/taint/nvidia.com/gpu"
-  #       value               = "gpu:NoSchedule"
-  #       propagate_at_launch = true
-  #     },
-  #   ],
-  #   worker_group_b = [
-  #     {
-  #       key                 = "k8s.io/cluster-autoscaler/node-template/taint/nvidia.com/gpu"
-  #       value               = "gpu:NoSchedule"
-  #       propagate_at_launch = true
-  #     },
-  #   ],
-  # }
-
-  worker_groups = [
-    {
-      instance_type        = "t2.small"
-      additional_userdata  = "echo foo bar"
-      asg_desired_capacity = 2
-    },
-  ]
-  worker_groups_launch_template = [
-    {
-      instance_type                 = "t2.small"
-      additional_userdata           = "echo foo bar"
-      additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}"
-      asg_desired_capacity          = 2
-    },
-  ]
-  tags = {
-    Environment = "test"
-    GithubRepo  = "terraform-aws-eks"
-    GithubOrg   = "terraform-aws-modules"
-    Workspace   = "${terraform.workspace}"
-  }
 }
 
 resource "random_string" "suffix" {
@@ -89,7 +24,6 @@ resource "random_string" "suffix" {
 
 resource "aws_security_group" "worker_group_mgmt_one" {
   name_prefix = "worker_group_mgmt_one"
-  description = "SG to be applied to all *nix machines"
   vpc_id      = "${module.vpc.vpc_id}"
 
   ingress {
@@ -140,24 +74,57 @@ module "vpc" {
   version            = "1.60.0"
   name               = "test-vpc"
   cidr               = "10.0.0.0/16"
-  azs                = ["${data.aws_availability_zones.available.names[0]}", "${data.aws_availability_zones.available.names[1]}", "${data.aws_availability_zones.available.names[2]}"]
+  azs                = ["${data.aws_availability_zones.available.names}"]
   private_subnets    = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
   public_subnets     = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
   enable_nat_gateway = true
   single_nat_gateway = true
-  tags               = "${merge(local.tags, map("kubernetes.io/cluster/${local.cluster_name}", "shared"))}"
+
+  tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+  }
+
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+  }
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${local.cluster_name}" = "shared"
+    "kubernetes.io/role/internal-elb"             = "true"
+  }
 }
 
 module "eks" {
-  source                               = "../.."
-  cluster_name                         = "${local.cluster_name}"
-  subnets                              = ["${module.vpc.private_subnets}"]
-  tags                                 = "${local.tags}"
-  vpc_id                               = "${module.vpc.vpc_id}"
-  worker_groups                        = "${local.worker_groups}"
-  worker_groups_launch_template        = "${local.worker_groups_launch_template}"
-  worker_group_count                   = 1
-  worker_group_launch_template_count   = 1
+  source       = "../.."
+  cluster_name = "${local.cluster_name}"
+  subnets      = ["${module.vpc.private_subnets}"]
+
+  tags = {
+    Environment = "test"
+    GithubRepo  = "terraform-aws-eks"
+    GithubOrg   = "terraform-aws-modules"
+  }
+
+  vpc_id             = "${module.vpc.vpc_id}"
+  worker_group_count = 2
+
+  worker_groups = [
+    {
+      name                          = "worker-group-1"
+      instance_type                 = "t2.small"
+      additional_userdata           = "echo foo bar"
+      asg_desired_capacity          = 2
+      additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id}"
+    },
+    {
+      name                          = "worker-group-2"
+      instance_type                 = "t2.medium"
+      additional_userdata           = "echo foo bar"
+      additional_security_group_ids = "${aws_security_group.worker_group_mgmt_two.id}"
+      asg_desired_capacity          = 1
+    },
+  ]
+
   worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"]
   map_roles                            = "${var.map_roles}"
   map_roles_count                      = "${var.map_roles_count}"

examples/eks_test_fixture/outputs.tf renamed to examples/basic/outputs.tf

@@ -14,7 +14,7 @@ output "kubectl_config" {
 }
 
 output "config_map_aws_auth" {
-  description = ""
+  description = "A kubernetes configuration to authenticate to this EKS cluster."
   value       = "${module.eks.config_map_aws_auth}"
 }