init

opzkit · Sep 17, 2021 · 9601cb0 · 9601cb0
1 parent 293e8b9
commit 9601cb0
Show file tree

Hide file tree

Showing 4 changed files with 173 additions and 0 deletions.
diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,7 @@
+locals {
+  public_cidrs = length(var.private_subnet_zones) > 0 ? tomap({ for i, zone in var.private_subnet_zones : zone => cidrsubnet(var.vpc_cidr, 3, i) }) : tomap({ for i, zone in var.public_subnet_zones : zone => cidrsubnet(var.vpc_cidr, 3, i) })
+
+  private_cidrs = tomap({
+    for i, zone in var.private_subnet_zones : zone => cidrsubnet(var.vpc_cidr, 3, length(var.private_subnet_zones) + i)
+  })
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,108 @@
+resource "aws_vpc" "vpc" {
+  cidr_block           = var.vpc_cidr
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+  tags = {
+    "Name" = var.name
+  }
+}
+
+resource "aws_vpc_dhcp_options" "vpc" {
+  domain_name = "${var.region}.compute.internal"
+  domain_name_servers = [
+  "AmazonProvidedDNS"]
+  tags = {
+    "Name" = var.name
+  }
+}
+
+resource "aws_vpc_dhcp_options_association" "vpc" {
+  dhcp_options_id = aws_vpc_dhcp_options.vpc.id
+  vpc_id          = aws_vpc.vpc.id
+}
+
+resource "aws_eip" "elastic_ips" {
+  for_each = local.private_cidrs
+  tags = {
+    "Name" = "${var.region}${each.key}.${var.name}"
+  }
+  vpc = true
+}
+
+resource "aws_subnet" "private" {
+  for_each          = local.private_cidrs
+  availability_zone = "${var.region}${each.key}"
+  cidr_block        = each.value
+  vpc_id            = aws_vpc.vpc.id
+  tags = {
+    "Name"                            = "${var.region}${each.key}.${var.name}"
+    "SubnetType"                      = "Private"
+    "kubernetes.io/role/internal-elb" = "1"
+  }
+}
+
+resource "aws_subnet" "public" {
+  for_each          = local.public_cidrs
+  availability_zone = "${var.region}${each.key}"
+  cidr_block        = each.value
+  vpc_id            = aws_vpc.vpc.id
+  tags = {
+    "Name"                   = "public-${var.region}${each.key}.${var.name}"
+    "SubnetType"             = "Utility"
+    "kubernetes.io/role/elb" = "1"
+  }
+}
+
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.vpc.id
+}
+
+resource "aws_nat_gateway" "nat_gw" {
+  for_each      = aws_subnet.public
+  allocation_id = aws_eip.elastic_ips[each.key].id
+  subnet_id     = each.value.id
+  tags = {
+    "Name" = "${var.region}${each.key}.${var.name}"
+  }
+}
+
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.vpc.id
+  tags = {
+    "Name" = var.name
+  }
+}
+
+resource "aws_route_table" "private" {
+  for_each = aws_subnet.private
+  vpc_id   = aws_vpc.vpc.id
+  tags = {
+    "Name" = "private-${var.region}${each.key}.${var.name}"
+  }
+}
+
+resource "aws_route_table_association" "private" {
+  for_each       = aws_subnet.private
+  subnet_id      = each.value.id
+  route_table_id = aws_route_table.private[each.key].id
+}
+
+resource "aws_route_table_association" "utility" {
+  for_each       = aws_subnet.public
+  subnet_id      = each.value.id
+  route_table_id = aws_route_table.public.id
+}
+
+resource "aws_route" "igw_route_private" {
+  count                  = length(local.private_cidrs) > 0 ? 1 : 0
+  route_table_id         = aws_route_table.public.id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.igw.id
+}
+
+resource "aws_route" "route_private" {
+  for_each               = aws_nat_gateway.nat_gw
+  route_table_id         = aws_route_table.private[each.key].id
+  nat_gateway_id         = aws_nat_gateway.nat_gw[each.key].id
+  destination_cidr_block = "0.0.0.0/0"
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,15 @@
+output "vpc_id" {
+  value = aws_vpc.vpc.id
+}
+
+output "private_subnets" {
+  value = tomap({
+    for k, v in aws_subnet.private : k => v.id
+  })
+}
+
+output "public_subnets" {
+  value = tomap({
+    for k, v in aws_subnet.public : k => v.id
+  })
+}
diff --git a/vars.tf b/vars.tf
@@ -0,0 +1,43 @@
+variable "name" {
+  type        = string
+  description = "Name of the created VPC"
+}
+
+variable "region" {
+  type        = string
+  description = "Name of AWS region to use for cluster"
+}
+
+variable "vpc_cidr" {
+  type        = string
+  default     = "172.20.0.0/16"
+  description = "CIDR range for the VPC?"
+  validation {
+    condition     = cidrsubnet(var.vpc_cidr, 3, 5) != ""
+    error_message = "A larger CIDR range must be provided."
+  }
+}
+
+variable "public_subnet_zones" {
+  type        = list(string)
+  default     = ["a", "b", "c"]
+  description = "The public subnet group zones. If private_subnet_zones is set the values from that variable will be used instead and these ignored"
+  validation {
+    condition     = length(var.public_subnet_zones) <= 3
+    error_message = "No more than 3 public zones can be provided."
+  }
+  validation {
+    condition     = length(var.public_subnet_zones) > 0
+    error_message = "At least one public zone must be provided."
+  }
+}
+
+variable "private_subnet_zones" {
+  type        = list(string)
+  default     = []
+  description = "The private subnet group zones"
+  validation {
+    condition     = length(var.private_subnet_zones) <= 3
+    error_message = "No more than 3 private zones can be provided."
+  }
+}