alternat
terraform-aws-eks
alternat | terraform-aws-eks | |
---|---|---|
10 | 69 | |
994 | 4,168 | |
1.7% | 1.2% | |
5.8 | 8.7 | |
7 days ago | 12 days ago | |
HCL | HCL | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
alternat
-
Fck-nat: The (f)easible (C)ost (k)onfigurable NAT
This is perfect for preprod environments. I'd probably not deploy in production. There is a better nat instance setup available called alternat [1] which is a little more durable and better for production cases.
[1] https://github.com/1debit/alternat
-
AWS to Begin Charging for Public IPv4 Addresses
We use https://github.com/1debit/alternat in our EKS cluster to save the AWS tax (surcharge for NAT on top of the egress fee)
-
NAT Instances - monitoring and other operational concerns
Unfortunately we've been getting absolutely hammered by NAT gateway pricing, and we've had to switch over to NAT instances. We deployed (alternat)[https://github.com/1debit/alternat] for some OOTB resiliency, but I've never had to manage a group of NAT instances myself at this scale.
-
Painful bill for image pulls from ECR ?
alterNAT is another approach that makes it even easier, and falls back to NAT GW if needed.
-
Important Information about NAT Gateway in your Account emails
As for the alternatives they already exists. Feel free to create more if your like, more the merrier. https://github.com/1debit/alternat
- 1debit/alternat: High availability implementation of AWS NAT instances.
-
Is AWS affordable for small workloads for personal/family/community use?
You can go around NAT gateway costs (not completely) by using alternat: https://github.com/1debit/alternat
-
Setup Fargate on private subnet without NAT
Welcome to hell. I default to public subnets where possible; past that I either bend the knee or use alterNAT.
- High availability implementation of AWS NAT instances
- AlterNAT: High availability cost efficient implementation of AWS NAT instances
terraform-aws-eks
- Feat: Made it clear that we stand with Ukraine
- Need suggestions for managing eks terraform module
-
What's everyone's favorite EKS Terraform module these days?
cloudposse module was popular but most have moved to https://github.com/terraform-aws-modules/terraform-aws-eks also eks blueprints will be moving to this module. use eks blueprints v5
-
The Future of Terraform: ClickOps
That's a very simplistic view. Let's do a small thought exercise. Is this module not infrastructure?
-
Failed to marshal state to json
I think there is an issue with the module eks : https://github.com/terraform-aws-modules/terraform-aws-eks
-
☸️ How to deploy a cost-efficient AWS/EKS Kubernetes cluster using Terraform in 2023
module "eks" { source = "terraform-aws-modules/eks/aws" cluster_name = var.cluster_name cluster_version = var.kubernetes_version cluster_endpoint_private_access = true cluster_endpoint_public_access = true cluster_addons = { coredns = { most_recent = true timeouts = { create = "2m" # default 20m. Times out on first launch while being effectively created } } kube-proxy = { most_recent = true } vpc-cni = { most_recent = true } aws-ebs-csi-driver = { most_recent = true } } vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets # Self managed node groups will not automatically create the aws-auth configmap so we need to create_aws_auth_configmap = true manage_aws_auth_configmap = true aws_auth_users = var.aws_auth_users enable_irsa = true node_security_group_additional_rules = { ingress_self_all = { description = "Node to node all ports/protocols" protocol = "-1" from_port = 0 to_port = 0 type = "ingress" self = true } egress_all = { # by default, only https urls can be reached from inside the cluster description = "Node all egress" protocol = "-1" from_port = 0 to_port = 0 type = "egress" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } } self_managed_node_group_defaults = { # enable discovery of autoscaling groups by cluster-autoscaler autoscaling_group_tags = { "k8s.io/cluster-autoscaler/enabled" : true, "k8s.io/cluster-autoscaler/${var.cluster_name}" : "owned", } # from https://github.com/terraform-aws-modules/terraform-aws-eks/issues/2207#issuecomment-1220679414 # to avoid "waiting for a volume to be created, either by external provisioner "ebs.csi.aws.com" or manually created by system administrator" iam_role_additional_policies = { AmazonEBSCSIDriverPolicy = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy" } } # possible values : https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/node_groups.tf self_managed_node_groups = { default_node_group = { create = false } # fulltime-az-a = { # name = "fulltime-az-a" # subnets = [module.vpc.private_subnets[0]] # instance_type = "t3.medium" # desired_size = 1 # bootstrap_extra_args = "--kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=normal'" # } spot-az-a = { name = "spot-az-a" subnet_ids = [module.vpc.private_subnets[0]] # only one subnet to simplify PV usage # availability_zones = ["${var.region}a"] # conflict with previous option. TODO try subnet_ids=null at creation (because at modification it fails) desired_size = 2 min_size = 1 max_size = 10 bootstrap_extra_args = "--kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot'" use_mixed_instances_policy = true mixed_instances_policy = { instances_distribution = { on_demand_base_capacity = 0 on_demand_percentage_above_base_capacity = 0 spot_allocation_strategy = "lowest-price" # "capacity-optimized" described here : https://aws.amazon.com/blogs/compute/introducing-the-capacity-optimized-allocation-strategy-for-amazon-ec2-spot-instances/ } override = [ { instance_type = "t3.xlarge" weighted_capacity = "1" }, { instance_type = "t3a.xlarge" weighted_capacity = "1" }, ] } } } tags = local.tags }
-
How are most EKS clusters deployed?
If you want somewhat viable setup - I'd go for terraform-aws-modules (Anton did an awesome job), and aws-ia blueprints, especially those multi-tenant ones.
-
I am stuck on learning how to provision K8s in AWS. Security groups? ALB? ACM? R53?
https://github.com/terraform-aws-modules/terraform-aws-eks
-
Deal with external managed resources destruction
I tried using explicit depends_on between my modules but this practise is not recommended since it cause issues during planning.
-
How to Upgrade EKS Cluster and its Nodes via Terraform without disruption?
If you use https://github.com/terraform-aws-modules/terraform-aws-eks it is designed to upgrade the components in the correct order when the cluster version is changed
What are some alternatives?
fck-nat - Feasible cost konfigurable NAT: An AWS NAT Instance AMI
terragrunt-infrastructure-modules-example - A repo used to show examples file/folder structures you can use with Terragrunt and Terraform
terraform-aws-secure-baseline - Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
eksctl - The official CLI for Amazon EKS
typhoon - Minimal and free Kubernetes distribution with Terraform
terraform-aws-cloudwatch - Terraform module to create AWS Cloudwatch resources 🇺🇦
cloudblock - Cloudblock deploys secure ad-blocking and VPN for all devices. Text and video guides included! 6 supported cloud providers, plus Ubuntu and Raspberry Pi. Cloudblock deploys Wireguard VPN, Pi-Hole DNS Ad-blocking, and DNS over HTTPS in a cloud provider - or locally - using Terraform and Ansible.
terraform-aws-eks-blueprints - Configure and deploy complete EKS clusters.
terraform-aws-vpc - Terraform module to create AWS VPC resources 🇺🇦
eks-alb-istio-with-tls - This repository demonstrate how to configure end-to-end encryption on EKS platform using TLS certificate from Amazon Certificate Manager, AWS Application LoadBalancer and Istio as service mesh.
terraform-aws-rds - Terraform module to create AWS RDS resources 🇺🇦
terraform-aws-security-group - This terraform module creates set of Security Group and Security Group Rules resources in various combinations.