eks-cluster 작업

modules/eks-cluster/main.tf

@@ -0,0 +1,15 @@
+resource "aws_eks_cluster" "eks-cluster" {
+  name     = "${var.name}-eks-cluster"
+  role_arn = var.iam_role_arn
+
+  #enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
+
+  vpc_config {
+    security_group_ids = var.sg_list
+    subnet_ids = var.subnet_list
+
+    #노드그룹 통신을 위한 설정
+    endpoint_private_access = true
+    endpoint_public_access  = true
+  }
+}

modules/eks-cluster/outputs.tf

@@ -0,0 +1,7 @@
+output "endpoint" {
+  value = "${aws_eks_cluster.eks-cluster.endpoint}"
+}
+
+output "kubeconfig-certificate-authority-data" {
+  value = "${aws_eks_cluster.eks-cluster.certificate_authority.0.data}"
+}

modules/eks-cluster/valiables.tf

@@ -0,0 +1,14 @@
+variable "name" {
+  type = string
+}
+variable "iam_role_arn" {
+  type = string
+}
+variable "sg_list" {
+  type = list(string)
+
+}
+variable "subnet_list" {
+  type = list(string)
+
+}

modules/eks/main.tf

@@ -1,16 +0,0 @@
-resource "aws_eks_cluster" "demo" {
-  name     = var.cluster-name
-  role_arn = aws_iam_role.demo-cluster.arn
-
-  enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
-
-  vpc_config {
-    security_group_ids = [aws_security_group.demo-cluster.id]
-    subnet_ids = [
-      aws_subnet.VPC_HQ_public_1a.id,
-      aws_subnet.VPC_HQ_public_1c.id
-    ]
-    endpoint_private_access = true
-    endpoint_public_access  = true
-  }
-}

modules/iam/outputs.tf

@@ -1,4 +1,8 @@
 output "iam_name" {
     value = aws_iam_role.iam-role.name
   
+}
+output "iam_arn" {
+    value = aws_iam_role.iam-role.arn
+  
 }

prod-hq/main.tf

@@ -198,7 +198,6 @@ module "eks_sg_ingress_http" {
   security_group_id = module.eks_sg.sg_id
 
   tag_name = each.key
-
 }
 
 module "eks_sg_egress_all" {
@@ -211,7 +210,20 @@ module "eks_sg_egress_all" {
   security_group_id = module.eks_sg.sg_id
 
   tag_name = "egress-all"
+}
 
+module "eks_cluster" {
+  source            = "../modules/eks-cluster"
+  name = local.common_tags.project
+  iam_role_arn = module.eks_cluster_iam.iam_arn
+  sg_list = [module.eks_sg.sg_id]
+  subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음.
+
+  depends_on = [
+    module.eks_cluster_iam,
+    module.eks_sg,
+    module.vpc_hq
+  ]
 }
 # EKS테스트 할때 활성
 # module "ecr" {