adding cluster autoscaler

8d77d420 · Danny · 420a0031 · 8d77d420 · 8d77d420 · 8d77d420
Commit 8d77d420 authored Mar 05, 2019 by Danny
3 changed files
--- a/eks-cluster-autoscaler-clusterrolebinding.tf
+++ b/eks-cluster-autoscaler-clusterrolebinding.tf
+resource "kubernetes_cluster_role" "cluster_autoscaler_clusterrole" {
+  metadata {
+    name = "autoscaler-svc-acc"
+  }
+
+  rule {
+    api_groups = [""]
+    resources  = ["configmaps", "namespaces", "pods", "services", "nodes", "ingresses", "secrets"]
+    verbs      = ["get", "list", "watch", "create", "patch", "delete"]
+  }
+}
+
+resource "kubernetes_cluster_role_binding" "external_dns_role_bind" {
+  metadata {
+    name = "autoscaler-svc-acc"
+  }
+
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "cluster-admin"
+  }
+
+  subject {
+    kind      = "ServiceAccount"
+    name      = "autoscaler-svc-acc"
+    namespace = "kube-system"
+    api_group = ""
+  }
+
+  subject {
+    kind      = "Group"
+    name      = "system:serviceaccount"
+    api_group = "rbac.authorization.k8s.io"
+  }
+}
--- a/eks-cluster-autoscaler-serviceaccount.tf
+++ b/eks-cluster-autoscaler-serviceaccount.tf
+resource "kubernetes_service_account" "cluster_autoscaler_service_account" {
+  metadata {
+    name      = "autoscaler-svc-acc"
+    namespace = "kube-system"
+  }
+}
--- a/eks-cluster-autoscaler.tf
+++ b/eks-cluster-autoscaler.tf
@@ -24,10 +24,6 @@ resource "kubernetes_deployment" "aws_cluster_autoscaler_deployment" {
          app      = "aws-cluster-autoscaler"
          instance = "aws-cluster-autoscaler-deploy"
        }
-
-        annotations {
-          "iam.amazonaws.com/role" = "kube2iam-role"
-        }
      }

      spec {
@@ -36,6 +32,7 @@ resource "kubernetes_deployment" "aws_cluster_autoscaler_deployment" {

        volume {
          name = "${kubernetes_service_account.cluster_autoscaler_service_account.default_secret_name}"
+          name = "autoscaler-ssl-volume"

          secret {
            secret_name = "${kubernetes_service_account.cluster_autoscaler_service_account.default_secret_name}"
@@ -43,21 +40,30 @@ resource "kubernetes_deployment" "aws_cluster_autoscaler_deployment" {
        }

        container {
-          image             = "amazon/aws-alb-ingress-controller:v1.1.0"
-          name              = "aws-alb-ingress-container"
+          image             = "k8s.gcr.io/cluster-autoscaler:v1.13.1"
+          name              = "cluster-autoscaler-container"
          image_pull_policy = "IfNotPresent"
-          args              = ["--cluster-name=${var.customer}-${var.envname}"]
+          args              = ["./cluster-autoscaler", "--cloud-provider=aws", "--namespace=default", "--nodes=1:10:${var.autoscaler_group}", "--logtostderr=true", "--stderrthreshold=info", "--v=4"]

          volume_mount {
            mount_path = "/var/run/secrets/kubernetes.io/serviceaccount"
            name       = "${kubernetes_service_account.cluster_autoscaler_service_account.default_secret_name}"
            read_only  = true
+
+            mount_path = "/etc/ssl/certs/ca-certificates.crt"
+            name       = "autoscaler-ssl-volume"
+            read_only  = true
+          }
+
+          liveness_probe {
+            http_get {
+              path = "/health"
+              port = 8085
+            }
          }

          port {
-            name           = "health"
-            container_port = 10254
-            protocol       = "TCP"
+            container_port = 8085
          }
        }
      }