__main__.py: add vpc example code

2023-03-20 18:11:03 +08:00 · 2023-03-20 18:11:03 +08:00 · 89295d76a7
commit 89295d76a7
parent b734bc27fe
1 changed files with 116 additions and 0 deletions
--- a/aws/main.py
+++ b/aws/main.py
@ -2,9 +2,125 @@

 import pulumi
 from pulumi_aws import s3
+from pulumi_aws import ec2, get_availability_zones
+
+stack_name = pulumi.get_stack()
+project_name = pulumi.get_project()
+
+config = pulumi.Config('aws')
+
+vpc = ec2.Vpc(resource_name=f"eks-{project_name}-{stack_name}",
+              cidr_block="10.100.0.0/16",
+              enable_dns_support=True,
+              enable_dns_hostnames=True,
+              instance_tenancy='default',
+              tags={"Project": project_name,
+                    "Stack": stack_name})
+
+
+if config.get('azs'):
+    azs = config.get_object('azs')
+else:
+    azs = get_availability_zones(state="available").names
+
+igw = ec2.InternetGateway(resource_name=f'vpc-ig-{project_name}-{stack_name}',
+                          vpc_id=vpc.id,
+                          tags={"Project": project_name,
+                                "Stack": stack_name})
+
+route_table = ec2.RouteTable(resource_name=f'vpc-route-table-{project_name}-{stack_name}',
+                             vpc_id=vpc.id,
+                             routes=[ec2.RouteTableRouteArgs(
+                                 cidr_block='0.0.0.0/0',
+                                 gateway_id=igw.id)],
+                             tags={"Project": project_name,
+                                   "Stack": stack_name})
+
+# Use availability zones defined in the configuration file if available
+if config.get('azs'):
+    azs = config.get_object('azs')
+else:
+    azs = get_availability_zones(state="available").names
+
+public_subnets = []
+private_subnets = []
+
+# If you wanted to double the number of subnets because you have few
+# availability zones, you can redefine the variable below to something
+# like: list(itertools.chain(azs, azs)) which would just repeat the
+# same list of AZs twice. The iteration logic will pick it up for
+# subnet creation and create unique names.
+azs_for_subnets = list(azs)
+
+if len(azs) <= 0:
+    raise ValueError("There are no usable availability zones")
+if len(azs) == 1:
+    pulumi.log.warn("There is only a single usable availability zone")
+elif len(azs) == 2:
+    pulumi.log.warn("There are only two usable availability zones")
+
+for i, az in enumerate(azs_for_subnets):
+    if not isinstance(az, str):
+        raise f'availability zone specified [{i}] is not a valid string value: [{az}]'
+    if az.strip() == "":
+        raise f'availability zone specified [{i}] is an empty string'
+
+    public_subnet_addr = i
+    resource_name = f'{az}-k8s-public-{project_name}-{stack_name}-{i}'
+    subnet = ec2.Subnet(resource_name=resource_name,
+                        availability_zone=az,
+                        vpc_id=vpc.id,
+                        cidr_block=f"10.100.{public_subnet_addr}.0/24",
+                        map_public_ip_on_launch=True,
+                        tags={"Project": project_name,
+                              "Stack": stack_name,
+                              "kubernetes.io/role/elb": "1"})
+    ec2.RouteTableAssociation(f"route-table-assoc-public-{az}-{i}",
+                              route_table_id=route_table.id,
+                              subnet_id=subnet.id)
+    public_subnets.append(subnet)
+
+for i, az in enumerate(azs_for_subnets):
+    private_subnet_addr = (i + 1) * 16
+    resource_name = f"{az}-k8s-private-{project_name}-{stack_name}-{i}"
+    subnet = ec2.Subnet(resource_name=resource_name,
+                        availability_zone=az,
+                        vpc_id=vpc.id,
+                        cidr_block=f"10.100.{private_subnet_addr}.0/20",
+                        tags={"Project": project_name,
+                              "Stack": stack_name,
+                              "kubernetes.io/role/internal-elb": "1"},
+                        map_public_ip_on_launch=False)
+    ec2.RouteTableAssociation(resource_name=f"route-table-assoc-private-{az}-{project_name}-{stack_name}-{i}",
+                              route_table_id=route_table.id,
+                              subnet_id=subnet.id)
+    private_subnets.append(subnet)
+
+eks_security_group = ec2.SecurityGroup(resource_name=f'eks-cluster-sg-{project_name}-{stack_name}',
+                                       vpc_id=vpc.id,
+                                       description="Allow all HTTP(s) traffic to EKS Cluster",
+                                       tags={"Project": project_name,
+                                             "Stack": stack_name},
+                                       ingress=[
+                                           ec2.SecurityGroupIngressArgs(
+                                               cidr_blocks=['0.0.0.0/0'],
+                                               from_port=443,
+                                               to_port=443,
+                                               protocol='tcp',
+                                               description='Allow pods to communicate with the cluster API Server.'),
+                                           ec2.SecurityGroupIngressArgs(
+                                               cidr_blocks=['0.0.0.0/0'],
+                                               from_port=80,
+                                               to_port=80,
+                                               protocol='tcp',
+                                               description='Allow internet access to pods')])
+
+

 # Create an AWS resource (S3 Bucket)
 bucket = s3.Bucket('my-bucket')

 # Export the name of the bucket
 pulumi.export('bucket_name', bucket.id)
+pulumi.export("azs", azs)
+pulumi.export("vpc", vpc)