Terraform it up. Creates a VPC, EKS (with spot), and configures an ACM on a load balancer for a domain that should already exist in Route53. This makes use of wildcard dns, so all your Kong services in the gateway should be something.domain.com
.
Also included: some post-terraform Kube manifests in ./post-manifests
to add observability and mTLS.
This project's code is not supported by Kong, Inc., (me) Hart Hoover, or anyone else.
Assumes a Kong enterprise license.json
file in ./gateway
and ./mesh
- you'll need two licenses (one for Gateway and one for Mesh)
You'll need a domain that exists in Route53.
Name | Version |
---|---|
aws | 3.55.0 |
helm | 2.2.0 |
kubernetes | 2.4.1 |
Name | Source | Version |
---|---|---|
eks-cluster | terraform-aws-modules/eks/aws | 17.1.0 |
vpc | terraform-aws-modules/vpc/aws | n/a |
Name | Type |
---|---|
aws_acm_certificate.eks_domain_cert | resource |
aws_acm_certificate_validation.eks_domain_cert_validation | resource |
aws_autoscaling_policy.eks_autoscaling_policy | resource |
aws_eip.nat_gw_elastic_ip | resource |
aws_iam_openid_connect_provider.cluster | resource |
aws_route53_record.domain | resource |
aws_route53_record.kong_wildcard | resource |
helm_release.kong_gateway | resource |
helm_release.kong_mesh | resource |
helm_release.spot_termination_handler | resource |
kubernetes_namespace.kong | resource |
kubernetes_namespace.kong-mesh-system | resource |
kubernetes_secret.kong-enterprise-license | resource |
kubernetes_secret.kong-enterprise-superuser-password | resource |
kubernetes_secret.kong-mesh-license | resource |
aws_availability_zones.available | data source |
aws_eks_cluster.cluster | data source |
aws_eks_cluster_auth.cluster | data source |
aws_route53_zone.eks_domain | data source |
kubernetes_service.kong_gateway | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
additional_tags | Tags to apply to every resource | map(string) |
{ |
no |
asg_instance_types | List of EC2 instance machine types to be used in EKS. | list(string) |
[ |
no |
autoscaling_average_cpu | Average CPU threshold to autoscale EKS EC2 instances. | number |
60 |
no |
autoscaling_maximum_size_by_az | Maximum number of EC2 instances to autoscale our EKS cluster on each AZ. | number |
4 |
no |
autoscaling_minimum_size_by_az | Minimum number of EC2 instances to autoscale our EKS cluster on each AZ. | number |
2 |
no |
aws_profile | AWS profile to use from local AWS credentials file | string |
"default" |
no |
cluster_name | Name of the EKS Cluster | string |
"dev" |
no |
dns_base_domain | DNS Zone name to be used for EKS Ingress. | string |
n/a | yes |
kong_gateway_chart_name | Ingress Gateway Helm chart name. | string |
"https://github.com/Kong/charts/releases/download/kong-2.6.3/kong-2.6.3.tgz" |
no |
kong_gateway_release_name | Ingress Gateway Helm chart name. | string |
"kong" |
no |
kong_mesh_chart_name | Kong Mesh Helm chart name. | string |
"kong-mesh" |
no |
kong_mesh_chart_repo | Kong Mesh Helm repository name. | string |
"https://kong.github.io/kong-mesh-charts" |
no |
kong_mesh_release_name | Kong Mesh Helm release name. | string |
"kong-mesh" |
no |
kong_superuser_password | Initial SuperAdmin Password for Kong. | string |
n/a | yes |
name_prefix | Prefix to be used on each infrastructure object created in AWS. | string |
n/a | yes |
region | AWS region | string |
"us-west-2" |
no |
spot_termination_handler_chart_name | EKS Spot termination handler Helm chart name. | string |
"aws-node-termination-handler" |
no |
spot_termination_handler_chart_namespace | Kubernetes namespace to deploy EKS Spot termination handler Helm chart. | string |
"kube-system" |
no |
spot_termination_handler_chart_repo | EKS Spot termination handler Helm repository name. | string |
"https://aws.github.io/eks-charts" |
no |
spot_termination_handler_chart_version | EKS Spot termination handler Helm chart version. | string |
"0.16.0" |
no |
subnet_prefix_extension | CIDR block bits extension to calculate CIDR blocks of each subnetwork. | number |
4 |
no |
vpc_cidr | Base CIDR block to be used in our VPC. | string |
"10.120.0.0/16" |
no |
zone_offset | CIDR block bits extension offset to calculate Public subnets, avoiding collisions with Private subnets. | number |
8 |
no |
Name | Description |
---|---|
cluster_endpoint | Endpoint for EKS control plane. |
cluster_id | EKS cluster ID. |
cluster_security_group_id | Security group ids attached to the cluster control plane. |
config_map_aws_auth | A kubernetes configuration to authenticate to this EKS cluster. |
kong_domain | Access Kong Proxy |
kubectl_config | kubectl config as generated by the module. |
region | AWS region |