From 2281b27e7a97611688277774a062923efa3c663d Mon Sep 17 00:00:00 2001
From: Seong-dong <darkquiz@naver.com>
Date: Thu, 29 Dec 2022 00:52:17 +0900
Subject: [PATCH] =?UTF-8?q?eks=20=EA=B5=AC=EC=B6=95=20=EC=99=84=EB=A3=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 modules/eks-cluster/outputs.tf      |  6 ++++-
 modules/eks-node-group/main.tf      | 12 ++++++++++
 modules/eks-node-group/outputs.tf   |  0
 modules/eks-node-group/variables.tf | 21 ++++++++++++++++++
 modules/iam/eks-cluster.json.tftpl  | 14 ------------
 prod-hq/main.tf                     | 34 ++++++++++++++++++++++++-----
 6 files changed, 67 insertions(+), 20 deletions(-)
 create mode 100644 modules/eks-node-group/main.tf
 create mode 100644 modules/eks-node-group/outputs.tf
 create mode 100644 modules/eks-node-group/variables.tf
 delete mode 100644 modules/iam/eks-cluster.json.tftpl

diff --git a/modules/eks-cluster/outputs.tf b/modules/eks-cluster/outputs.tf
index 6eb05cf..c6b8840 100644
--- a/modules/eks-cluster/outputs.tf
+++ b/modules/eks-cluster/outputs.tf
@@ -4,4 +4,8 @@ output "endpoint" {
 
 output "kubeconfig-certificate-authority-data" {
   value = "${aws_eks_cluster.eks-cluster.certificate_authority.0.data}"
-}
\ No newline at end of file
+}
+
+output "cluster_name" {
+  value = aws_eks_cluster.eks-cluster.name
+}
diff --git a/modules/eks-node-group/main.tf b/modules/eks-node-group/main.tf
new file mode 100644
index 0000000..f8845f2
--- /dev/null
+++ b/modules/eks-node-group/main.tf
@@ -0,0 +1,12 @@
+resource "aws_eks_node_group" "eks-ng" {
+  cluster_name    = var.cluster_name
+  node_group_name = var.node_group_name
+  node_role_arn   = var.iam_role_arn
+  subnet_ids      = var.subnet_list
+
+  scaling_config {
+    desired_size = var.desired_size
+    max_size     = var.max_size
+    min_size     = var.min_size
+  }
+}
\ No newline at end of file
diff --git a/modules/eks-node-group/outputs.tf b/modules/eks-node-group/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/modules/eks-node-group/variables.tf b/modules/eks-node-group/variables.tf
new file mode 100644
index 0000000..54bca98
--- /dev/null
+++ b/modules/eks-node-group/variables.tf
@@ -0,0 +1,21 @@
+variable "node_group_name" {
+  type = string
+}
+variable "cluster_name" {
+  type = string
+}
+variable "iam_role_arn" {
+  type = string
+}
+variable "subnet_list" {
+  type = list(string)
+}
+variable "desired_size" {
+  type = number
+}
+variable "max_size" {
+  type = number
+}
+variable "min_size" {
+  type = number
+}
diff --git a/modules/iam/eks-cluster.json.tftpl b/modules/iam/eks-cluster.json.tftpl
deleted file mode 100644
index 730b545..0000000
--- a/modules/iam/eks-cluster.json.tftpl
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-    "Version" : "2012-10-17",
-    "Statement" : [
-      {
-        "Effect" : "Allow",
-        "Principal" : {
-          "Service" : [
-            "eks.amazonaws.com"
-          ]
-        },
-        "Action" : "sts:AssumeRole"
-      }
-    ]
-  }
\ No newline at end of file
diff --git a/prod-hq/main.tf b/prod-hq/main.tf
index f4e4caa..d47a3d8 100644
--- a/prod-hq/main.tf
+++ b/prod-hq/main.tf
@@ -29,6 +29,12 @@ locals {
   tcp_protocol  = "tcp"
   icmp_protocol = "icmp"
   all_ips       = ["0.0.0.0/0"]
+
+  node_group_scaling_config = {
+    desired_size = 2
+    max_size     = 4
+    min_size     = 1
+  }
 }
 
 // GET 계정정보
@@ -51,7 +57,7 @@ data "aws_iam_policy_document" "eks_node_group_role" {
 
     principals {
       type        = "Service"
-      identifiers = ["eks-nodegroup.amazonaws.com"]
+      identifiers = ["ec2.amazonaws.com"]
     }
   }
 }
@@ -213,11 +219,11 @@ module "eks_sg_egress_all" {
 }
 
 module "eks_cluster" {
-  source            = "../modules/eks-cluster"
-  name = local.common_tags.project
+  source       = "../modules/eks-cluster"
+  name         = local.common_tags.project
   iam_role_arn = module.eks_cluster_iam.iam_arn
-  sg_list = [module.eks_sg.sg_id]
-  subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음.
+  sg_list      = [module.eks_sg.sg_id]
+  subnet_list  = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음.
 
   depends_on = [
     module.eks_cluster_iam,
@@ -225,6 +231,24 @@ module "eks_cluster" {
     module.vpc_hq
   ]
 }
+
+module "eks_node_group" {
+  source          = "../modules/eks-node-group"
+  node_group_name = "${local.common_tags.project}-ng"
+  cluster_name    = module.eks_cluster.cluster_name
+  # iam_role_arn    = module.eks_nodegroup_iam.iam_arn
+  iam_role_arn = "arn:aws:iam::448559955338:role/eks-nodegroup-test"
+  subnet_list     = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음.
+
+  desired_size = local.node_group_scaling_config.desired_size
+  max_size     = local.node_group_scaling_config.max_size
+  min_size     = local.node_group_scaling_config.min_size
+
+  depends_on = [
+    module.eks_nodegroup_iam,
+    module.eks_cluster,
+  ]
+}
 # EKS테스트 할때 활성
 # module "ecr" {
 #     source = "../modules/ecr"