feat: fargate profile added

_example/aws_managed_with_fargate/versions.tf

@@ -0,0 +1,11 @@
+# Terraform version
+terraform {
+  required_version = ">= 1.5.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.5.0"
+    }
+  }
+}

_example/complete/example.tf

@@ -244,7 +244,7 @@ module "kms" {
   source  = "clouddrove/kms/aws"
   version = "1.3.0"
 
-  name                = "${local.name}-kms"
+  name                = "${local.name}-kms-nw"
   environment         = "test"
   label_order         = ["environment", "name"]
   enabled             = true
@@ -283,7 +283,6 @@ module "eks" {
   kubernetes_version        = "1.27"
   endpoint_private_access   = true
   endpoint_public_access    = true
-  enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
   oidc_provider_enabled     = true
 
   # Networking
@@ -333,7 +332,7 @@ module "eks" {
     self_managed_critical = {
       name                 = "self_managed_critical"
       min_size             = 1
-      max_size             = 7
+      max_size             = 2
       desired_size         = 1
       bootstrap_extra_args = "--kubelet-extra-args '--max-pods=110'"
       instance_type        = "t3.medium"
@@ -345,7 +344,7 @@ module "eks" {
         market_type = "spot"
       }
       min_size             = 1
-      max_size             = 7
+      max_size             = 2
       desired_size         = 1
       bootstrap_extra_args = "--kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot'"
       instance_type        = "t3.medium"
@@ -356,16 +355,16 @@ module "eks" {
         min_size     = 2
         max_size     = 2 # Retains current max size
         desired_size = 2
-        start_time   = "2023-05-15T19:00:00Z"
-        end_time     = "2023-05-19T19:00:00Z"
+        start_time   = "2023-09-15T19:00:00Z"
+        end_time     = "2023-09-19T19:00:00Z"
         timezone     = "Europe/Amsterdam"
         recurrence   = "0 7 * * 1"
       },
       scale-down = {
         min_size     = 0
         max_size     = 0 # Retains current max size
         desired_size = 0
-        start_time   = "2023-05-12T12:00:00Z"
+        start_time   = "2023-09-12T12:00:00Z"
         end_time     = "2024-03-05T12:00:00Z"
         timezone     = "Europe/Amsterdam"
         recurrence   = "0 7 * * 5"
@@ -374,7 +373,6 @@ module "eks" {
 
   }
 
-
   ################################################################################
   # AWS Managed Node Group
   ################################################################################
@@ -407,7 +405,7 @@ module "eks" {
     critical = {
       name           = "${module.eks.cluster_name}-critical"
       min_size       = 1
-      max_size       = 7
+      max_size       = 2
       desired_size   = 1
       instance_types = ["t3.medium"]
     }
@@ -417,7 +415,7 @@ module "eks" {
       capacity_type = "SPOT"
 
       min_size             = 1
-      max_size             = 7
+      max_size             = 2
       desired_size         = 1
       force_update_version = true
       instance_types       = ["t3.medium"]
@@ -428,10 +426,22 @@ module "eks" {
   addons = [
     {
       addon_name               = "coredns"
-      addon_version            = "v1.10.1-eksbuild.1"
+      addon_version            = "v1.10.1-eksbuild.2"
       resolve_conflicts        = "OVERWRITE"
       service_account_role_arn = "${module.eks.node_group_iam_role_arn}"
-    }
+    },
+    {
+      addon_name               = "kube-proxy"
+      addon_version            = "v1.27.3-eksbuild.2"
+      resolve_conflicts        = "OVERWRITE"
+      service_account_role_arn = "${module.eks.node_group_iam_role_arn}"
+    },
+    {
+      addon_name               = "vpc-cni"
+      addon_version            = "v1.13.4-eksbuild.1"
+      resolve_conflicts        = "OVERWRITE"
+      service_account_role_arn = "${module.eks.node_group_iam_role_arn}"
+    },
   ]
 
   apply_config_map_aws_auth = true
@@ -448,16 +458,16 @@ module "eks" {
       min_size     = 2
       max_size     = 2 # Retains current max size
       desired_size = 2
-      start_time   = "2023-05-15T19:00:00Z"
-      end_time     = "2023-05-19T19:00:00Z"
+      start_time   = "2023-09-15T19:00:00Z"
+      end_time     = "2023-09-19T19:00:00Z"
       timezone     = "Europe/Amsterdam"
       recurrence   = "0 7 * * 1"
     },
     scale-down = {
       min_size     = 0
       max_size     = 0 # Retains current max size
       desired_size = 0
-      start_time   = "2023-05-12T12:00:00Z"
+      start_time   = "2023-09-12T12:00:00Z"
       end_time     = "2024-03-05T12:00:00Z"
       timezone     = "Europe/Amsterdam"
       recurrence   = "0 7 * * 5"

fargate_profile.tf

@@ -0,0 +1,13 @@
+module "fargate" {
+    source = "./node_group/fargate_profile"
+
+    name = var.name
+    environment = var.environment
+    label_order = var.label_order
+    enabled =var.enabled
+    fargate_enabled = var.fargate_enabled
+    cluster_name    = join("", aws_eks_cluster.default.*.name)
+    fargate_profiles = var.fargate_profiles
+    subnet_ids = var.subnet_ids
+
+}

iam.tf

@@ -81,6 +81,13 @@ resource "aws_iam_role_policy_attachment" "amazon_eks_cni_policy" {
   role       = join("", aws_iam_role.node_groups.*.name)
 }
 
+resource "aws_iam_role_policy_attachment" "additional" {
+  for_each = { for k, v in var.iam_role_additional_policies : k => v if var.enabled }
+
+  policy_arn = each.value
+  role       = join("", aws_iam_role.node_groups.*.name)
+}
+
 #Module      : IAM ROLE POLICY ATTACHMENT EC2 CONTAINER REGISTRY READ ONLY
 #Description : Attaches a Managed IAM Policy to an IAM role.
 resource "aws_iam_role_policy_attachment" "amazon_ec2_container_registry_read_only" {

main.tf

@@ -106,8 +106,8 @@ resource "aws_eks_addon" "cluster" {
   addon_name                  = each.key
   addon_version               = lookup(each.value, "addon_version", null)
   resolve_conflicts_on_create = lookup(each.value, "resolve_conflicts", null)
+  resolve_conflicts_on_update = lookup(each.value, "resolve_conflicts", null)
   service_account_role_arn    = lookup(each.value, "service_account_role_arn", null)
 
   tags = module.labels.tags
 }
-

node_group/fargate_profile/fargate.tf

@@ -0,0 +1,72 @@
+terraform {
+  required_providers {
+    aws = {
+      source                = "hashicorp/aws"
+      version               = ">= 3.1.15"
+    }
+  }
+}
+
+#Module      : label
+#Description : Terraform module to create consistent naming for multiple names.
+module "labels" {
+  source  = "clouddrove/labels/aws"
+  version = "1.3.0"
+
+  name        = var.name
+  environment = var.environment
+  managedby   = var.managedby
+  delimiter   = var.delimiter
+  attributes  = compact(concat(var.attributes, ["fargate"]))
+  label_order = var.label_order
+}
+
+
+#Module      : IAM ROLE
+#Description : Provides an IAM role.
+resource "aws_iam_role" "fargate_role" {
+  count    = var.enabled && var.fargate_enabled ? 1 : 0
+
+  name               = format("%s-fargate-role", module.labels.id)
+  assume_role_policy = join("", data.aws_iam_policy_document.aws_eks_fargate_policy.*.json)
+  tags               = module.labels.tags
+}
+
+resource "aws_iam_role_policy_attachment" "amazon_eks_fargate_pod_execution_role_policy" {
+  count    = var.enabled && var.fargate_enabled ? 1 : 0
+
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"
+  role       = join("", aws_iam_role.fargate_role.*.name)
+}
+
+#Module      : EKS Fargate
+#Descirption : Enabling fargate for AWS EKS
+resource "aws_eks_fargate_profile" "default" {
+  for_each = var.enabled && var.fargate_enabled ? var.fargate_profiles : {}
+
+  cluster_name           = var.cluster_name
+  fargate_profile_name   = format("%s-%s", module.labels.id, each.value.addon_name )
+  pod_execution_role_arn = aws_iam_role.fargate_role[0].arn
+  subnet_ids             = var.subnet_ids
+  tags                   = module.labels.tags
+
+  selector {
+    namespace = lookup(each.value, "namespace", "default")
+    labels    = lookup(each.value, "labels", null )
+  }
+}
+
+# AWS EKS Fargate policy
+data "aws_iam_policy_document" "aws_eks_fargate_policy" {
+  count = var.enabled && var.fargate_enabled ? 1 : 0
+
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["eks-fargate-pods.amazonaws.com"]
+    }
+  }
+}

node_group/fargate_profile/variables.tf

@@ -0,0 +1,72 @@
+#Module      : LABEL
+#Description : Terraform label module variables.
+variable "name" {
+  type        = string
+  default     = ""
+  description = "Name  (e.g. `app` or `cluster`)."
+}
+
+variable "environment" {
+  type        = string
+  default     = ""
+  description = "Environment (e.g. `prod`, `dev`, `staging`)."
+}
+
+variable "label_order" {
+  type        = list(any)
+  default     = []
+  description = "Label order, e.g. `name`,`application`."
+}
+
+variable "attributes" {
+  type        = list(any)
+  default     = []
+  description = "Additional attributes (e.g. `1`)."
+}
+
+variable "tags" {
+  type        = map(any)
+  default     = {}
+  description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
+}
+
+variable "managedby" {
+  type        = string
+  default     = "hello@clouddorve.com"
+  description = "ManagedBy, eg 'pps'."
+}
+
+variable "delimiter" {
+  type        = string
+  default     = "-"
+  description = "Delimiter to be used between `organization`, `environment`, `name` and `attributes`."
+}
+
+variable "enabled" {
+  type        = bool
+  default     = true
+  description = "Whether to create the resources. Set to `false` to prevent the module from creating any resources."
+}
+
+variable "fargate_enabled" {
+  type        = bool
+  default     = false
+  description = "Whether fargate profile is enabled or not"
+}
+
+variable "fargate_profiles" {
+  type        = map(any)
+  default     = {}
+  description = "The number of Fargate Profiles that would be created."
+}
+
+variable "cluster_name" {
+  type        = string
+  default     = ""
+  description = "The name of the EKS cluster."
+}
+
+variable "subnet_ids" {
+  type        = list(string)
+  description = "A list of subnet IDs to launch resources in."
+}

variables.tf

@@ -58,7 +58,7 @@ variable "cluster_encryption_config_resources" {
 
 variable "enabled_cluster_log_types" {
   type        = list(string)
-  default     = []
+  default     = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
   description = "A list of the desired control plane logging to enable. For more information, see https://docs.aws.amazon.com/en_us/eks/latest/userguide/control-plane-logs.html. Possible values [`api`, `audit`, `authenticator`, `controllerManager`, `scheduler`]."
 }
 
@@ -76,7 +76,7 @@ variable "kubernetes_version" {
 
 variable "oidc_provider_enabled" {
   type        = bool
-  default     = false
+  default     = true
   description = "Create an IAM OIDC identity provider for the cluster, then you can create IAM roles to associate with a service account in the cluster, instead of using kiam or kube2iam. For more information, see https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html"
 }
 variable "eks_additional_security_group_ids" {
@@ -90,12 +90,7 @@ variable "nodes_additional_security_group_ids" {
   description = "EKS additional node group ids"
 }
 variable "addons" {
-  type = list(object({
-    addon_name               = string
-    addon_version            = string
-    resolve_conflicts        = string
-    service_account_role_arn = string
-  }))
+  type        = any
   default     = []
   description = "Manages [`aws_eks_addon`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_addon) resources."
 }
@@ -163,6 +158,12 @@ variable "permissions_boundary" {
   description = "If provided, all IAM roles will be created with this permissions boundary attached."
 }
 
+variable "iam_role_additional_policies" {
+  description = "Additional policies to be added to the IAM role"
+  type        = map(string)
+  default     = {}
+}
+
 #---------------------------------------------------------Security_Group------------------------------------------------
 variable "allowed_security_groups" {
   type        = list(string)
@@ -308,4 +309,18 @@ variable "schedules" {
   description = "Map of autoscaling group schedule to create"
   type        = map(any)
   default     = {}
+}
+
+##fargate profile
+
+variable "fargate_enabled" {
+  type        = bool
+  default     = false
+  description = "Whether fargate profile is enabled or not"
+}
+
+variable "fargate_profiles" {
+  type        = map(any)
+  default     = {}
+  description = "The number of Fargate Profiles that would be created."
 }