gooddata-cn-on-eks

Full stack with GoodData CN in AWS

Deploys VPC, EKS with addons, Ingress controller, Pulsar, Gooddata CN and monitoring.

What you need before start

• AWS Account with sufficient access
• Existing DNS domain registered in Route53

What you get

• VPC with several subnets (for EKS, Elasticache, Aurora)
• EKS with OIDC, addons and infrastructure helm charts:
  • Cluster Autoscaler
  • ExternalDNS
  • AWS Loadbalancer Controller
  • Ingress NGINX controller
  • EKS addons for VPC CNI, EBS CSI, coredns, kube-proxy
  • Metrics server
  • Kube-prometheus-stack (Prometheus, Grafana, Alertmanager)
• Network Loadbalancer (NLB) with wildcard SSL certificate for your DNS zone provisioned by AWS ACM
• Wildcard DNS record for your DNS zone pointing to this NLB
• Apache Pulsar and GoodData CN installed
• Basic set of Grafana dashboards for monitoring Kubernetes, Pulsar, and GoodData CN

Minimal example

module "gooddata-cn" {
    source = "github.com/mouchar/gooddata-cn-tools//gooddata-cn-on-eks?ref=master"

    dns_domain = "example.com"
    license_key = "key/eyJwc ... enter your key here ... hrWDQ=="
}

Installation

# terraform init
# terraform apply

Teardown

terraform destroy

Note: Destroy command doesn't work well yet; Resource dependencies are not correctly set up and it may happen you end up with resources that can't be removed. Typically, EKS node group tends to be deleted sooner than helm charts, leaving orphan resources in AWS account and in terraform state file. These issues will be addressed in future. Until fixed, you may try to destroy your stack with -target, or with repeated runs of terraform destroy.

Requirements

Name	Version
terraform	>= 1.0.0
aws	~> 5.0
helm	~> 2.10
kubectl	~> 1.14
kubernetes	>= 2.20

Providers

Name	Version
aws	5.9.0
helm	2.10.1
kubernetes	2.22.0
local	2.4.0
null	3.2.1
random	3.5.1
template	2.2.0
time	0.9.1

Modules

Name	Source	Version
eks	terraform-aws-modules/eks/aws	~> 19.15
eks_addons	aws-ia/eks-blueprints-addons/aws	~> 1.1
iam_eks_role_gooddata	terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks	~> 5.28.0
ingress_nginx	aws-ia/eks-blueprints-addon/aws	1.1.1
kube_prometheus_stack	aws-ia/eks-blueprints-addon/aws	1.1.1
postgres	terraform-aws-modules/rds-aurora/aws	~> 8.3
vpc	terraform-aws-modules/vpc/aws	~> 5.0

Inputs

Name	Description	Type	Default	Required
admin_roles	List of IAM role names that will be granted admin access to cluster	list(string)	[]	no
auth_hostname	Short hostname of Dex IdP	string	"auth"	no
cluster_instance_types	Set of instance types associated with the EKS Node Group	list(string)	[ "c6a.2xlarge" ]	no
cluster_name	cluster name, must conform to DNS label limitations (RFC-1035)	string	""	no
cluster_version	EKS Cluster Kubernetes version	string	"1.26"	no
dns_domain	Route53 Domain where all DNS records will be created	string	n/a	yes
elasticache_node_type	cache.* node type to be deployed. Must support Redis replication group.	string	"cache.t4g.medium"	no
enable_ingress_nginx	Install Ingress-Nginx	bool	true	no
enable_kube_prometheus_stack	Install Prometheus and Grafana	bool	true	no
gooddata_cn_helm_chart	You can also pass helm chart package filename	string	"gooddata-cn"	no
gooddata_cn_version	GoodData CN Helm chart version	string	"2.4.0"	no
grafana_password	Admin password to Grafana	string	"AdminGrafana"	no
kube_prometheus_stack_version	Prometheus Helm chart version	string	"48.1.2"	no
kubernetes_version	Version of Kubernetes cluster to deploy	string	"1.26"	no
license_key	GoodData CN License	string	n/a	yes
location	AWS Region where the services will be deployed.	string	"us-east-2"	no
pulsar_version	Pulsar Helm chart version	string	"3.0.0"	no
rds_instance_class	db.* instance class to be deployed. Must support aurora-postgresql engine.	string	"db.t4g.medium"	no
registry_hostname	Hostname of private container registry	string	"registry.example.com"	no
registry_password	Password used to access private registry	string	"dummypass"	no
registry_username	Username used to access private registry	string	"dummyuser"	no
repository_prefix	Path to GoodData CN images	string	"gooddata"	no
s3_bucket_prefix	Path prefix in S3 buckets where caches and exports will be stored	string	""	no
tags	Tags to be added to resources	map(string)	{}	no

Outputs

Name	Description
certiticate_arn	ARN of issued wildcard ACM Certificate
cluster_name	Name of EKS cluster
configure_kubectl	Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig
elasticache_resource	aws_elasticache_replication_group resource created by this module.
kubeconfig_path	Full path to generated kubeconfig file
module_eks	Exposed module used to create EKS. Refer to docs for available outputs.
module_eks_addons	Exposed module used to create EKS plugins. Refer to docs for available outputs.
module_postgres	Exposed module used to create Aurora RDS. Refer to docs for available outputs.
module_vpc	Exposed module used to create VPC. Refer to docs for available outputs.