-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathec2.tf
185 lines (163 loc) · 5.72 KB
/
ec2.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# ec2.tf
# # # # # # # # # # # Task_2 code start # # # # # # # # # #
# # Create a Bastion Host instance for secure access to private subnets
# resource "aws_instance" "bastion_host" {
# ami = var.ec2_ami_k3s
# instance_type = var.ec2_instance_bastion
# subnet_id = aws_subnet.public[0].id
# vpc_security_group_ids = [
# aws_security_group.allow_ssh.id,
# aws_security_group.allow_icmp.id
# ]
# key_name = aws_key_pair.my_key.key_name
# tags = {
# Name = "Bastion Host"
# }
# }
# # Create a Dummy Host instance in Private nerwork to test connection from Bastion host
# resource "aws_instance" "dummy_host" {
# ami = var.ec2_ami_k3s
# instance_type = var.ec2_instance_bastion
# subnet_id = aws_subnet.private[0].id
# vpc_security_group_ids = [
# aws_security_group.allow_ssh.id,
# aws_security_group.allow_icmp.id
# ]
# key_name = aws_key_pair.my_key.key_name
# tags = {
# Name = "Dummy Host"
# }
# }
# # # # # # # # # # # Task_2 code end # # # # # # # # # #
# # # # # # # # # # # Task_3 code start # # # # # # # # # #
# # Create a Bastion Host instance for secure access to private subnets
# resource "aws_instance" "bastion_host" {
# ami = var.ec2_ami_k3s
# instance_type = var.ec2_instance_bastion
# subnet_id = aws_subnet.public[0].id
# vpc_security_group_ids = [
# aws_security_group.allow_ssh.id,
# aws_security_group.allow_icmp.id,
# aws_security_group.allow_k3s.id
# ]
# key_name = aws_key_pair.my_key.key_name
# tags = {
# Name = "Bastion Node"
# }
# }
# # Create a K3S Server Node ec2 instance in Private nerwork
# resource "aws_instance" "server_node" {
# ami = var.ec2_ami_k3s
# instance_type = var.ec2_instance_k3s
# subnet_id = aws_subnet.private[0].id
# vpc_security_group_ids = [
# aws_security_group.allow_ssh.id,
# aws_security_group.allow_icmp.id,
# aws_security_group.allow_k3s.id,
# aws_security_group.allow_http.id,
# aws_security_group.allow_https.id
# ]
# key_name = aws_key_pair.my_key.key_name
# tags = {
# Name = "K3S Server node"
# }
# # This installs k3s server node
# user_data = <<-EOF
# #!/bin/bash
# curl -sfL https://get.k3s.io/ | INSTALL_K3S_EXEC="server" sh -s - --token ${var.k3s_token}
# EOF
# }
# # Create a K3S Agent Node ec2 instance in Private nerwork
# resource "aws_instance" "agent_node_1" {
# ami = var.ec2_ami_k3s
# instance_type = var.ec2_instance_k3s
# subnet_id = aws_subnet.private[1].id
# vpc_security_group_ids = [
# aws_security_group.allow_ssh.id,
# aws_security_group.allow_icmp.id,
# aws_security_group.allow_k3s.id,
# aws_security_group.allow_http.id,
# aws_security_group.allow_https.id
# ]
# key_name = aws_key_pair.my_key.key_name
# tags = {
# Name = "K3S Agent node 1 - test"
# }
# # This installs k3s agent node and joins it to a server node
# user_data = <<-EOF
# #!/bin/bash
# curl -sfL https://get.k3s.io/ | INSTALL_K3S_EXEC="agent" K3S_URL=https://${aws_instance.server_node.private_ip}:6443/ K3S_TOKEN=${var.k3s_token} sh -s -
# EOF
# depends_on = [aws_instance.server_node]
# }
# # # # # # # # # # # Task_3 code end # # # # # # # # # #
# # # # # # # # # # # Task_4 code start # # # # # # # # # #
# Create a Bastion Host instance for secure access to private subnets
resource "aws_instance" "bastion_host" {
ami = var.ec2_ami_ubuntu
instance_type = var.ec2_instance_bastion
subnet_id = aws_subnet.public[0].id
vpc_security_group_ids = [
aws_security_group.allow_ssh.id,
aws_security_group.allow_icmp.id,
aws_security_group.allow_k3s.id,
aws_security_group.allow_web.id
]
key_name = aws_key_pair.my_key.key_name
tags = {
Name = "Bastion Node"
}
}
# Create a K3S Server Node ec2 instance in Private nerwork
resource "aws_instance" "server_node" {
ami = var.ec2_ami_k3s
instance_type = var.ec2_instance_k3s
subnet_id = aws_subnet.private[0].id
vpc_security_group_ids = [
aws_security_group.allow_ssh.id,
aws_security_group.allow_icmp.id,
aws_security_group.allow_k3s.id,
aws_security_group.allow_web.id
]
key_name = aws_key_pair.my_key.key_name
# Specify the fixed private IP address
private_ip = var.server_node_fixed_private_ip
tags = {
Name = "K3S Server node"
}
# This installs K3S server node and Helm
user_data = <<-EOF
#!/bin/bash
# Install K3S
curl -sfL https://get.k3s.io/ | INSTALL_K3S_EXEC="server" sh -s - --token ${var.k3s_token}
# Install Helm
curl -sfL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | sh -s -
# fix Jenkins pod start problem
sudo mkdir -p /data/jenkins-volume
sudo chown -R 1000:1000 /data/jenkins-volume
EOF
}
# # Create a K3S Agent Node ec2 instance in Private nerwork. Uncomment it, if you want to create an agent node.
# resource "aws_instance" "agent_node_1" {
# ami = var.ec2_ami_k3s
# instance_type = var.ec2_instance_k3s
# subnet_id = aws_subnet.private[1].id
# vpc_security_group_ids = [
# aws_security_group.allow_ssh.id,
# aws_security_group.allow_icmp.id,
# aws_security_group.allow_k3s.id,
# aws_security_group.allow_http.id,
# aws_security_group.allow_https.id
# ]
# key_name = aws_key_pair.my_key.key_name
# tags = {
# Name = "K3S Agent node 1 - test"
# }
# # This installs k3s agent node and joins it to a server node
# user_data = <<-EOF
# #!/bin/bash
# curl -sfL https://get.k3s.io/ | INSTALL_K3S_EXEC="agent" K3S_URL=https://${aws_instance.server_node.private_ip}:6443/ K3S_TOKEN=${var.k3s_token} sh -s -
# EOF
# depends_on = [aws_instance.server_node]
# }
# # # # # # # # # # # Task_4 code end # # # # # # # # # #