Terraform it up. Creates a VPC, EKS (with spot), and configures an ACM on a load balancer for a domain that should already exist in Route53. This makes use of wildcard dns, so all your Kong services in the gateway should be something.domain.com.
Also included: some post-terraform Kube manifests in ./post-manifests to add observability and mTLS.
This project's code is not supported by Kong, Inc., (me) Hart Hoover, or anyone else.
Assumes a Kong enterprise license.json file in ./gateway and ./mesh - you'll need two licenses (one for Gateway and one for Mesh)
You'll need a domain that exists in Route53.
| Name | Version |
|---|---|
| aws | 3.55.0 |
| helm | 2.2.0 |
| kubernetes | 2.4.1 |
| Name | Source | Version |
|---|---|---|
| eks-cluster | terraform-aws-modules/eks/aws | 17.1.0 |
| vpc | terraform-aws-modules/vpc/aws | n/a |
| Name | Type |
|---|---|
| aws_acm_certificate.eks_domain_cert | resource |
| aws_acm_certificate_validation.eks_domain_cert_validation | resource |
| aws_autoscaling_policy.eks_autoscaling_policy | resource |
| aws_eip.nat_gw_elastic_ip | resource |
| aws_iam_openid_connect_provider.cluster | resource |
| aws_route53_record.domain | resource |
| aws_route53_record.kong_wildcard | resource |
| helm_release.kong_gateway | resource |
| helm_release.kong_mesh | resource |
| helm_release.spot_termination_handler | resource |
| kubernetes_namespace.kong | resource |
| kubernetes_namespace.kong-mesh-system | resource |
| kubernetes_secret.kong-enterprise-license | resource |
| kubernetes_secret.kong-enterprise-superuser-password | resource |
| kubernetes_secret.kong-mesh-license | resource |
| aws_availability_zones.available | data source |
| aws_eks_cluster.cluster | data source |
| aws_eks_cluster_auth.cluster | data source |
| aws_route53_zone.eks_domain | data source |
| kubernetes_service.kong_gateway | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_tags | Tags to apply to every resource | map(string) |
{ |
no |
| asg_instance_types | List of EC2 instance machine types to be used in EKS. | list(string) |
[ |
no |
| autoscaling_average_cpu | Average CPU threshold to autoscale EKS EC2 instances. | number |
60 |
no |
| autoscaling_maximum_size_by_az | Maximum number of EC2 instances to autoscale our EKS cluster on each AZ. | number |
4 |
no |
| autoscaling_minimum_size_by_az | Minimum number of EC2 instances to autoscale our EKS cluster on each AZ. | number |
2 |
no |
| aws_profile | AWS profile to use from local AWS credentials file | string |
"default" |
no |
| cluster_name | Name of the EKS Cluster | string |
"dev" |
no |
| dns_base_domain | DNS Zone name to be used for EKS Ingress. | string |
n/a | yes |
| kong_gateway_chart_name | Ingress Gateway Helm chart name. | string |
"https://github.com/Kong/charts/releases/download/kong-2.6.3/kong-2.6.3.tgz" |
no |
| kong_gateway_release_name | Ingress Gateway Helm chart name. | string |
"kong" |
no |
| kong_mesh_chart_name | Kong Mesh Helm chart name. | string |
"kong-mesh" |
no |
| kong_mesh_chart_repo | Kong Mesh Helm repository name. | string |
"https://kong.github.io/kong-mesh-charts" |
no |
| kong_mesh_release_name | Kong Mesh Helm release name. | string |
"kong-mesh" |
no |
| kong_superuser_password | Initial SuperAdmin Password for Kong. | string |
n/a | yes |
| name_prefix | Prefix to be used on each infrastructure object created in AWS. | string |
n/a | yes |
| region | AWS region | string |
"us-west-2" |
no |
| spot_termination_handler_chart_name | EKS Spot termination handler Helm chart name. | string |
"aws-node-termination-handler" |
no |
| spot_termination_handler_chart_namespace | Kubernetes namespace to deploy EKS Spot termination handler Helm chart. | string |
"kube-system" |
no |
| spot_termination_handler_chart_repo | EKS Spot termination handler Helm repository name. | string |
"https://aws.github.io/eks-charts" |
no |
| spot_termination_handler_chart_version | EKS Spot termination handler Helm chart version. | string |
"0.16.0" |
no |
| subnet_prefix_extension | CIDR block bits extension to calculate CIDR blocks of each subnetwork. | number |
4 |
no |
| vpc_cidr | Base CIDR block to be used in our VPC. | string |
"10.120.0.0/16" |
no |
| zone_offset | CIDR block bits extension offset to calculate Public subnets, avoiding collisions with Private subnets. | number |
8 |
no |
| Name | Description |
|---|---|
| cluster_endpoint | Endpoint for EKS control plane. |
| cluster_id | EKS cluster ID. |
| cluster_security_group_id | Security group ids attached to the cluster control plane. |
| config_map_aws_auth | A kubernetes configuration to authenticate to this EKS cluster. |
| kong_domain | Access Kong Proxy |
| kubectl_config | kubectl config as generated by the module. |
| region | AWS region |