Skip to content

Commit e51384a

Browse files
committed
provision ha proxy with null_resource local-exec provisioner
1 parent 9c9b5c9 commit e51384a

File tree

2 files changed

+50
-3
lines changed

2 files changed

+50
-3
lines changed

terraform/aws/aws-eks-operator/main.tf

Lines changed: 44 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -62,8 +62,6 @@ module "eks" {
6262

6363
eks_managed_node_groups = {
6464
main = {
65-
# Starting on 1.30, AL2023 is the default AMI type for EKS managed node groups
66-
# ami_type = "AL2023_x86_64_STANDARD"
6765
instance_types = [local.node_instance_type]
6866

6967
desired_size = local.desired_size
@@ -75,8 +73,9 @@ module "eks" {
7573
tags = local.aws_tags
7674
}
7775

78-
# Kubernetes namespace for Tailscale operator
7976
resource "kubernetes_namespace_v1" "tailscale_operator" {
77+
provider = kubernetes.this
78+
8079
metadata {
8180
name = local.namespace_name
8281
labels = {
@@ -86,6 +85,8 @@ resource "kubernetes_namespace_v1" "tailscale_operator" {
8685
}
8786

8887
resource "helm_release" "tailscale_operator" {
88+
provider = helm.this
89+
8990
name = local.operator_name
9091
namespace = kubernetes_namespace_v1.tailscale_operator.metadata[0].name
9192

@@ -119,4 +120,44 @@ resource "helm_release" "tailscale_operator" {
119120
value = local.tailscale_oauth_client_secret
120121
},
121122
]
123+
124+
depends_on = [
125+
module.eks,
126+
]
127+
}
128+
129+
resource "null_resource" "kubectl_ha_proxy" {
130+
count = 1 # Change to 0 to destroy. Commenting or removing the resource will not run the destroy provisioners.
131+
triggers = {
132+
region = data.aws_region.current.region
133+
cluster_arn = module.eks.cluster_arn
134+
cluster_name = module.eks.cluster_name
135+
operator_name = helm_release.tailscale_operator.name
136+
}
137+
138+
#
139+
# Create provisioners
140+
#
141+
provisioner "local-exec" {
142+
command = "aws eks update-kubeconfig --region ${self.triggers.region} --name ${self.triggers.cluster_name}"
143+
}
144+
provisioner "local-exec" {
145+
command = "OPERATOR_NAME=${self.triggers.operator_name} envsubst < tailscale-api-server-ha-proxy.yaml | kubectl apply --context=${self.triggers.cluster_arn} -f -"
146+
}
147+
148+
#
149+
# Destroy provisioners
150+
#
151+
provisioner "local-exec" {
152+
when = destroy
153+
command = "aws eks update-kubeconfig --region ${self.triggers.region} --name ${self.triggers.cluster_name}"
154+
}
155+
provisioner "local-exec" {
156+
when = destroy
157+
command = "OPERATOR_NAME=${self.triggers.operator_name} envsubst < tailscale-api-server-ha-proxy.yaml | kubectl delete --context=${self.triggers.cluster_arn} -f -"
158+
}
159+
160+
depends_on = [
161+
helm_release.tailscale_operator,
162+
]
122163
}

terraform/aws/aws-eks-operator/versions.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,15 @@ terraform {
1414
source = "hashicorp/helm"
1515
version = ">= 3.1.1, < 4.0"
1616
}
17+
null = {
18+
source = "hashicorp/null"
19+
version = ">= 3.2.0, < 4.0"
20+
}
1721
}
1822
}
1923

2024
provider "kubernetes" {
25+
alias = "this"
2126
host = module.eks.cluster_endpoint
2227
cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
2328

@@ -29,6 +34,7 @@ provider "kubernetes" {
2934
}
3035

3136
provider "helm" {
37+
alias = "this"
3238
kubernetes = {
3339
host = module.eks.cluster_endpoint
3440
cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)

0 commit comments

Comments
 (0)