6 files changed, 148 insertions, 0 deletions

diff --git a/org-buetow-eks/eks.tf b/org-buetow-eks/eks.tf
new file mode 100644
index 0000000..6e20366
--- /dev/null
+++ b/org-buetow-eks/eks.tf
@@ -0,0 +1,37 @@
+resource "aws_eks_cluster" "org_buetow_eks" {
+  name     = var.cluster_name
+  role_arn = aws_iam_role.eks_role.arn
+
+  vpc_config {
+    subnet_ids = [
+        data.terraform_remote_state.base.outputs.public_subnet_a_id,
+        data.terraform_remote_state.base.outputs.public_subnet_b_id,
+        data.terraform_remote_state.base.outputs.public_subnet_c_id,
+    ]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.eks-AmazonEKSClusterPolicy,
+    aws_iam_role_policy_attachment.eks-AmazonEKSVPCResourceController
+  ]
+}
+
+resource "aws_eks_node_group" "example" {
+  cluster_name    = aws_eks_cluster.org_buetow_eks.name
+  node_role_arn   = aws_iam_role.eks_nodegroup_role.arn
+  subnet_ids      = [
+        data.terraform_remote_state.base.outputs.public_subnet_a_id,
+        data.terraform_remote_state.base.outputs.public_subnet_b_id,
+        data.terraform_remote_state.base.outputs.public_subnet_c_id,
+  ]
+  scaling_config {
+    desired_size = 2
+    max_size     = 3
+    min_size     = 1
+  }
+  depends_on = [
+    aws_iam_role_policy_attachment.eks-AmazonEKSWorkerNodePolicy,
+    aws_iam_role_policy_attachment.eks-AmazonEC2ContainerRegistryReadOnly,
+    aws_iam_role_policy_attachment.eks-AmazonEKS_CNI_Policy
+  ]
+}
diff --git a/org-buetow-eks/iam.tf b/org-buetow-eks/iam.tf
new file mode 100644
index 0000000..630fe19
--- /dev/null
+++ b/org-buetow-eks/iam.tf
@@ -0,0 +1,58 @@
+resource "aws_iam_role" "eks_role" {
+  name = "eks-cluster-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "eks.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "eks-AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.eks_role.name
+}
+
+resource "aws_iam_role_policy_attachment" "eks-AmazonEKSVPCResourceController" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
+  role       = aws_iam_role.eks_role.name
+}
+
+resource "aws_iam_role" "eks_nodegroup_role" {
+  name = "eks-nodegroup-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "eks-AmazonEKSWorkerNodePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+  role       = aws_iam_role.eks_nodegroup_role.name
+}
+
+resource "aws_iam_role_policy_attachment" "eks-AmazonEC2ContainerRegistryReadOnly" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+  role       = aws_iam_role.eks_nodegroup_role.name
+}
+
+resource "aws_iam_role_policy_attachment" "eks-AmazonEKS_CNI_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  role       = aws_iam_role.eks_nodegroup_role.name
+}
diff --git a/org-buetow-eks/main.tf b/org-buetow-eks/main.tf
new file mode 100644
index 0000000..c854b5c
--- /dev/null
+++ b/org-buetow-eks/main.tf
@@ -0,0 +1,19 @@
+terraform {
+  backend "s3" {
+    bucket = "org-buetow-tfstate"
+    key    = "org-buetow-eks/terraform.tfstate"
+    region = "eu-central-1"
+    encrypt = true
+  }
+}
+
+provider "aws" {
+  region = "eu-central-1"
+}
+
+provider "kubernetes" {
+  host                   = data.aws_eks_cluster.cluster.endpoint
+  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
+  token                  = data.aws_eks_cluster_auth.cluster.token
+}
+
diff --git a/org-buetow-eks/outputs.tf b/org-buetow-eks/outputs.tf
new file mode 100644
index 0000000..3809c82
--- /dev/null
+++ b/org-buetow-eks/outputs.tf
@@ -0,0 +1,12 @@
+output "cluster_id" {
+  value = aws_eks_cluster.org_buetow_eks.id
+}
+
+output "cluster_endpoint" {
+  value = aws_eks_cluster.org_buetow_eks.endpoint
+}
+
+output "cluster_certificate_authority_data" {
+  value = aws_eks_cluster.org_buetow_eks.certificate_authority.0.data
+}
+
diff --git a/org-buetow-eks/remotestates.tf b/org-buetow-eks/remotestates.tf
new file mode 100644
index 0000000..db9b321
--- /dev/null
+++ b/org-buetow-eks/remotestates.tf
@@ -0,0 +1,17 @@
+data "terraform_remote_state" "base" {
+  backend = "s3"
+  config = {
+    bucket = "org-buetow-tfstate"
+    key    = "org-buetow-base/terraform.tfstate"
+    region = "eu-central-1"
+  }
+}
+
+data "terraform_remote_state" "elb" {
+  backend = "s3"
+  config = {
+    bucket = "org-buetow-tfstate"
+    key    = "org-buetow-elb/terraform.tfstate"
+    region = "eu-central-1"
+  }
+}
diff --git a/org-buetow-eks/variables.tf b/org-buetow-eks/variables.tf
new file mode 100644
index 0000000..0ab491f
--- /dev/null
+++ b/org-buetow-eks/variables.tf
@@ -0,0 +1,5 @@
+variable "cluster_name" {
+  description = "The name of the EKS cluster"
+  type        = string
+  default     = "org-buetow-eks"
+}