mirrors
/
pulumi
mirror of https://github.com/pulumi/pulumi.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
pulumi/tests/testdata/codegen/aws-eks-pp/go/aws-eks.go

289 lines
8.1 KiB
Go
Raw Permalink Blame History

package main
import (
"encoding/json"
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/eks"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// VPC
eksVpc, err := ec2.NewVpc(ctx, "eksVpc", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.100.0.0/16"),
InstanceTenancy: pulumi.String("default"),
EnableDnsHostnames: pulumi.Bool(true),
EnableDnsSupport: pulumi.Bool(true),
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-eks-vpc"),
},
})
if err != nil {
return err
}
eksIgw, err := ec2.NewInternetGateway(ctx, "eksIgw", &ec2.InternetGatewayArgs{
VpcId: eksVpc.ID(),
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-vpc-ig"),
},
})
if err != nil {
return err
}
eksRouteTable, err := ec2.NewRouteTable(ctx, "eksRouteTable", &ec2.RouteTableArgs{
VpcId: eksVpc.ID(),
Routes: ec2.RouteTableRouteArray{
&ec2.RouteTableRouteArgs{
CidrBlock: pulumi.String("0.0.0.0/0"),
GatewayId: eksIgw.ID(),
},
},
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-vpc-rt"),
},
})
if err != nil {
return err
}
zones, err := aws.GetAvailabilityZones(ctx, &aws.GetAvailabilityZonesArgs{}, nil)
if err != nil {
return err
}
var vpcSubnet []*ec2.Subnet
for key0, val0 := range zones.Names {
__res, err := ec2.NewSubnet(ctx, fmt.Sprintf("vpcSubnet-%v", key0), &ec2.SubnetArgs{
AssignIpv6AddressOnCreation: pulumi.Bool(false),
VpcId: eksVpc.ID(),
MapPublicIpOnLaunch: pulumi.Bool(true),
CidrBlock: pulumi.Sprintf("10.100.%v.0/24", key0),
AvailabilityZone: pulumi.String(val0),
Tags: pulumi.StringMap{
"Name": pulumi.Sprintf("pulumi-sn-%v", val0),
},
})
if err != nil {
return err
}
vpcSubnet = append(vpcSubnet, __res)
}
var rta []*ec2.RouteTableAssociation
for key0, _ := range zones.Names {
__res, err := ec2.NewRouteTableAssociation(ctx, fmt.Sprintf("rta-%v", key0), &ec2.RouteTableAssociationArgs{
RouteTableId: eksRouteTable.ID(),
SubnetId: vpcSubnet[key0].ID(),
})
if err != nil {
return err
}
rta = append(rta, __res)
}
var splat0 pulumi.StringArray
for _, val0 := range vpcSubnet {
splat0 = append(splat0, val0.ID())
}
subnetIds := splat0
eksSecurityGroup, err := ec2.NewSecurityGroup(ctx, "eksSecurityGroup", &ec2.SecurityGroupArgs{
VpcId: eksVpc.ID(),
Description: pulumi.String("Allow all HTTP(s) traffic to EKS Cluster"),
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-cluster-sg"),
},
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
CidrBlocks: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
Protocol: pulumi.String("tcp"),
Description: pulumi.String("Allow pods to communicate with the cluster API Server."),
},
&ec2.SecurityGroupIngressArgs{
CidrBlocks: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
FromPort: pulumi.Int(80),
ToPort: pulumi.Int(80),
Protocol: pulumi.String("tcp"),
Description: pulumi.String("Allow internet access to pods"),
},
},
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": "sts:AssumeRole",
"Principal": map[string]interface{}{
"Service": "eks.amazonaws.com",
},
"Effect": "Allow",
"Sid": "",
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
eksRole, err := iam.NewRole(ctx, "eksRole", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(json0),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "servicePolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: eksRole.ID(),
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSServicePolicy"),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "clusterPolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: eksRole.ID(),
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"),
})
if err != nil {
return err
}
tmpJSON1, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": "sts:AssumeRole",
"Principal": map[string]interface{}{
"Service": "ec2.amazonaws.com",
},
"Effect": "Allow",
"Sid": "",
},
},
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
ec2Role, err := iam.NewRole(ctx, "ec2Role", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(json1),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "workerNodePolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: ec2Role.ID(),
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "cniPolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: ec2Role.ID(),
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSCNIPolicy"),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "registryPolicyAttachment", &iam.RolePolicyAttachmentArgs{
Role: ec2Role.ID(),
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"),
})
if err != nil {
return err
}
eksCluster, err := eks.NewCluster(ctx, "eksCluster", &eks.ClusterArgs{
RoleArn: eksRole.Arn,
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-eks-cluster"),
},
VpcConfig: &eks.ClusterVpcConfigArgs{
PublicAccessCidrs: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
SecurityGroupIds: pulumi.StringArray{
eksSecurityGroup.ID(),
},
SubnetIds: subnetIds,
},
})
if err != nil {
return err
}
_, err = eks.NewNodeGroup(ctx, "nodeGroup", &eks.NodeGroupArgs{
ClusterName: eksCluster.Name,
NodeGroupName: pulumi.String("pulumi-eks-nodegroup"),
NodeRoleArn: ec2Role.Arn,
SubnetIds: subnetIds,
Tags: pulumi.StringMap{
"Name": pulumi.String("pulumi-cluster-nodeGroup"),
},
ScalingConfig: &eks.NodeGroupScalingConfigArgs{
DesiredSize: pulumi.Int(2),
MaxSize: pulumi.Int(2),
MinSize: pulumi.Int(1),
},
})
if err != nil {
return err
}
ctx.Export("clusterName", eksCluster.Name)
ctx.Export("kubeconfig", pulumi.All(eksCluster.Endpoint, eksCluster.CertificateAuthority, eksCluster.Name).ApplyT(func(_args []interface{}) (string, error) {
endpoint := _args[0].(string)
certificateAuthority := _args[1].(eks.ClusterCertificateAuthority)
name := _args[2].(string)
var _zero string
tmpJSON2, err := json.Marshal(map[string]interface{}{
"apiVersion": "v1",
"clusters": []map[string]interface{}{
map[string]interface{}{
"cluster": map[string]interface{}{
"server": endpoint,
"certificate-authority-data": certificateAuthority.Data,
},
"name": "kubernetes",
},
},
"contexts": []map[string]interface{}{
map[string]interface{}{
"contest": map[string]interface{}{
"cluster": "kubernetes",
"user": "aws",
},
},
},
"current-context": "aws",
"kind": "Config",
"users": []map[string]interface{}{
map[string]interface{}{
"name": "aws",
"user": map[string]interface{}{
"exec": map[string]interface{}{
"apiVersion": "client.authentication.k8s.io/v1alpha1",
"command": "aws-iam-authenticator",
},
"args": []string{
"token",
"-i",
name,
},
},
},
},
})
if err != nil {
return _zero, err
}
json2 := string(tmpJSON2)
return json2, nil
}).(pulumi.StringOutput))
return nil
})
}
Reference in New Issue View Git Blame Copy Permalink