Create EKS node group of instance type Fargate with Terraform

1
votes

With the eksctl cli one can create an EKS cluster of type Fargate which creates nodes of instance type "Fargate".

How can the same be achieved with terraform? The cluster can be created with node groups, but instance type Fargate does not seem to exist (although eksctl creates it like that)

  node_groups = {
    eks_nodes = {
      desired_capacity = 3
      max_capacity     = 3
      min_capaicty     = 3

      instance_type = "Fargate"
    }
  }

Thanks!

1
terraformterraform-provider-awsamazon-eks

1 Answers

2
votes

Have you tried to define a Fargate profile first?

You must define at least one Fargate profile that specifies which pods should use Fargate when they are launched. You also need to create a pod execution role this way the components running on the Fargate infrastructure need to make calls to AWS APIs on your behalf to do things like pull container images from Amazon ECR or route logs to other AWS services.

A terraform code for aws eks fargage looks like the following:

resource "aws_eks_fargate_profile" "default" {
  cluster_name           = var.cluster_name
  fargate_profile_name   = var.fargate_profile_name
  pod_execution_role_arn = join("", aws_iam_role.default.arn)
  subnet_ids             = var.subnet_ids
  tags                   = var.tags

  selector {
    namespace = var.kubernetes_namespace
    labels    = var.kubernetes_labels
  }
}

Make sure you're using the aws_eks_fargate_profile resource to create an eks fargate profile.

A terraform code for fargate pod execution role looks like the following:

data "aws_iam_policy_document" "assume_role" {

  statement {
    effect  = "Allow"
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["eks-fargate-pods.amazonaws.com"]
    }
  }
}

resource "aws_iam_role" "default" {
  name               = var.role_name
  assume_role_policy = join("", data.aws_iam_policy_document.assume_role.json)
  tags               = var.tags
}

resource "aws_iam_role_policy_attachment" "amazon_eks_fargate_pod_execution_role_policy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"
  role       = join("", aws_iam_role.default.name)
}

I suggest you check some awesome examples from awesome communities like Cloudposse.

I'll give you the complete example of fargate profile and eks-node-group, it seems the solution that you need to deploy at this moment.

Pd: Try to read how they made the modules, I think you'll reach your goal quickly.

I hope it may useful for you and other users.