This module creates all required AWS and nOps resources to integrate EKS clusters into the platform to onboard the Compute Copilot product successfully.
- Creation of an IAM role per cluster in a region or targeted clusters
- Terraform v1.0+
- AWS CLI configured with appropriate permissions
- nOps API key
In order to create the necessary resources to onboard Compute Copilot into all your EKS clusters in a region use the following snippet:
terraform {
required_providers {
nops = {
source = "nops-io/nops"
}
aws = {
source = "hashicorp/aws"
}
}
}
provider "nops" {
nops_api_key = "XXXX.XXXXXX"
}
module "cc_onboarding" {
source ="nops-io/nops-compute-copilot-onboarding/aws"
role_name = "nops_integration_role"
}This will create the following resources:
- S3 bucket to export cluster data
- IAM roles for each cluster for the Compute Copilot agent to communicate with the nOps platform
- IAM role for nOps to get exported data from the S3 bucket
- IAM user if no OIDC provider has been setup for the cluster
If the user wants to only onboard a list of clusters, then it's possible to supply their names as inputs. The module will only create resources for those clusters only.
terraform {
required_providers {
nops = {
source = "nops-io/nops"
}
aws = {
source = "hashicorp/aws"
}
}
}
provider "nops" {
nops_api_key = "XXXX.XXXXXX"
}
module "cc_onboarding" {
source ="nops-io/nops-compute-copilot-onboarding/aws"
role_name = "nops_integration_role"
cluster_names = ["cluster_name", "additional_cluster_name"]
}Should the user want to onboard clusters in different regions, then this module will create the S3 bucket on one region. In order to deploy this module
on additional regions, set the variable create_bucket as false. The agent in the additional regions will use the bucket created in the original region.
terraform {
required_providers {
nops = {
source = "nops-io/nops"
}
aws = {
source = "hashicorp/aws"
}
}
}
provider "nops" {
nops_api_key = "XXXX.XXXXXX"
}
module "cc_onboarding" {
source ="nops-io/nops-compute-copilot-onboarding/aws"
role_name = "nops_integration_role"
create_bucket = false
}This module includes a submodule to deploy the Compute Copilot helm chart into your EKS clusters using Terraform.
module "cc_helm_deployment" {
source = "nops-io/nops-compute-copilot-onboarding/aws//modules/helm"
cluster_name = local.eks_cluster_name
datadog_api_key = "xxxxxx"
karpenops_cluster_id = "xxxxx"
nops_api_token = "xxx.xxxxxx"
s3_bucket_name = "nops-container-cost-account_id"
}In order to set additional values in the configuration, do the following:
module "cc_helm_deployment" {
source = "nops-io/nops-compute-copilot-onboarding/aws//modules/helm"
cluster_name = local.eks_cluster_name
datadog_api_key = "xxxxxx"
karpenops_cluster_id = "xxxxx"
nops_api_token = "xxx.xxxxxx"
s3_bucket_name = "nops-container-cost-account_id"
extra_set = {
storage_class = {
name = "prometheus.server.persistentVolume.storageClass"
value = "gp2"
type = "string"
}
enable_vpa = {
name = "containerRightsizing.enabled"
value = "true"
type = "string"
}
}
}| Name | Version |
|---|---|
| terraform | >= 1.2 |
| aws | ~> 5.0 |
| nops | ~> 0.1.0 |
| Name | Version |
|---|---|
| aws | ~> 5.0 |
| nops | ~> 0.1.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_role.nops_ccost_role | resource |
| aws_iam_role.nops_cross_account_role | resource |
| aws_iam_role_policy.nops_ccost_policy | resource |
| aws_iam_role_policy.nops_cross_account_policy | resource |
| aws_iam_role_policy.nops_read_policy | resource |
| aws_iam_user.iam_user | resource |
| aws_iam_user_policy.attach_policy_to_user | resource |
| aws_s3_bucket.nops_container_cost | resource |
| aws_s3_bucket_policy.nops_bucket_deny_insecure_transport | resource |
| aws_s3_bucket_public_access_block.nops_bucket_block_public_access | resource |
| aws_s3_bucket_server_side_encryption_configuration.nops_bucket_encryption | resource |
| nops_compute_copilot_integration.integration | resource |
| nops_container_cost_bucket.container_cost_bucket | resource |
| aws_caller_identity.current | data source |
| aws_eks_cluster.cluster | data source |
| aws_eks_clusters.clusters | data source |
| aws_iam_openid_connect_provider.provider | data source |
| aws_iam_role.nops_integration_role | data source |
| aws_region.current | data source |
| nops_projects.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cluster_names | EKS cluster name targeted to deploy resources, keep empty to create roles for all EKS clusters in this region. | list(string) |
[] |
no |
| create_bucket | Whether to create the S3 bucket or not, this variable can be used for cases where the bucket is already present or in another region. | bool |
true |
no |
| create_iam_user | Whether to create an IAM user (true or false), this is to support EKS clusters that do not have an IAM OIDC provider configured | bool |
false |
no |
| environment | nOps Environment | string |
"PROD" |
no |
| role_name | The name of the IAM role to attach the read policy, it should be the same as the integration role created when onboarding into nOps. If left empty it will be fetched automatically. | string |
"" |
no |
| Name | Description |
|---|---|
| eks_clusters | Selected EKS clusters metadata |
| nops_ccost_roles_arn | The ARNs of the roles to be used by the agent. |
| nops_ccost_user_arn | The ARN of the role to be used by the agent. |
| nops_cross_account_role_arn | the ARN of the role used by nOps for cross account access to access the S3 bucket. |