<aside>
/*----- eks cluster -----*/
resource "aws_eks_cluster" "mb_eks_cluster" {
name = "mb_eks_cluster"
role_arn = var.eks_cluster_role
version = "1.32"
vpc_config {
subnet_ids = var.eks_private_subnet_ids
}
access_config { //config 파일 생성
authentication_mode = "API_AND_CONFIG_MAP"
bootstrap_cluster_creator_admin_permissions = true
}
}
/*--------------------------*/
/*----- eks worker node -----*/
resource "aws_eks_node_group" "mb_eks_node_group" {
cluster_name = aws_eks_cluster.mb_eks_cluster.name
node_role_arn = var.eks_workernode_role_arn
subnet_ids = var.eks_private_subnet_ids
scaling_config {
desired_size = 1
max_size = 3
min_size = 1
}
ami_type = "AL2_x86_64"
disk_size = "30"
instance_types = ["t3.medium"]
}
/*------------------------------*/
resource "terraform_data" "update_kubeconfig" {
provisioner "local-exec" {
command = "aws eks update-kubeconfig --region ap-northeast-2 --name ${aws_eks_cluster.mb_eks_cluster.name}"
}
depends_on = [aws_eks_cluster.mb_eks_cluster]
}
</aside>
Role
<aside>
resource "aws_iam_role" "alb_ingress_sa_role" {
name = var.role-alc_role_name
assume_role_policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::047719624346:oidc-provider/${var.role-alc-oidc_without_https}"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"${var.role-alc-oidc_without_https}:aud": "sts.amazonaws.com", #인증 요청 대상
"${var.role-alc-oidc_without_https}:sub": "system:serviceaccount:${var.role-alc-namespace}:${var.role-alc-sa_name}"
}
}
}
]
})
}
resource "aws_iam_policy" "iam_policy-aws-loadbalancer-controller" {
name = "AWSLoadBalancerControllerIAMPolicy"
policy = file("AWSLoadBalancerControllerIAMPolicy.json")
}
resource "aws_iam_role_policy_attachment" "alb_ingress_policy_attach" {
policy_arn = aws_iam_policy.iam_policy-aws-loadbalancer-controller.arn
role = aws_iam_role.alb_ingress_sa_role.name
depends_on = [aws_iam_policy.iam_policy-aws-loadbalancer-controller, aws_iam_role.alb_ingress_sa_role]
}
</aside>