add ECR Pull Through Cache example

KaaS/Elastic Kubernetes Service(EKS)/Terraform/ecr-pull-through-cache/README.md

@@ -0,0 +1,8 @@
+## This template demostrate the implementation of a ECR Pull Through Cache with EKS
+
+Configure a private ECR registry to cache ECR Public Images
+
+In this example, a Deployment with image `123456789.dkr.ecr.<region>.amazonaws.com/ecr-public/nginx/nginx:latest` will be deployed. It is eseentially pulling from https://gallery.ecr.aws/nginx/nginx. As the image include `ecr-public`, it hits the Pull Through Cache Rule and utilize the Pull Through Cache.
+
+## Reference
+- https://aws-ia.github.io/terraform-aws-eks-blueprints/patterns/ecr-pull-through-cache/

KaaS/Elastic Kubernetes Service(EKS)/Terraform/ecr-pull-through-cache/data.tf

@@ -0,0 +1,17 @@
+data "aws_partition" "current" {}
+data "aws_caller_identity" "current" {}
+data "aws_availability_zones" "available" {}
+data "aws_eks_cluster_auth" "this" {
+  name = module.eks.cluster_name
+}
+locals {
+  name   = basename(path.cwd)
+  region = var.region
+
+  vpc_cidr = "10.0.0.0/16"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
+
+  tags = {
+    project  = local.name
+  }
+}

KaaS/Elastic Kubernetes Service(EKS)/Terraform/ecr-pull-through-cache/ecr.tf

@@ -0,0 +1,4 @@
+resource "aws_ecr_pull_through_cache_rule" "example" {
+  ecr_repository_prefix = "ecr-public"
+  upstream_registry_url = "public.ecr.aws"
+}

KaaS/Elastic Kubernetes Service(EKS)/Terraform/ecr-pull-through-cache/eks.tf

@@ -0,0 +1,43 @@
+module "eks" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "20.30.1"
+
+  cluster_name                   = local.name
+  cluster_version                = var.eks_version
+  cluster_endpoint_public_access = true
+  cluster_endpoint_private_access = true
+
+  vpc_id     = module.vpc.vpc_id
+  subnet_ids = module.vpc.private_subnets
+
+  eks_managed_node_groups = {
+    linux = {
+      instance_types = ["m5.large"]
+
+      ami_type     = "AL2_x86_64"
+      min_size     = 1
+      max_size     = 5
+      desired_size = 2
+    }
+  }
+
+  access_entries = {
+    # One access entry with a policy associated
+    admin = {
+      kubernetes_groups = []
+      principal_arn     = data.aws_caller_identity.current.arn
+
+      policy_associations = {
+        admin = {
+          policy_arn = "arn:${data.aws_partition.current.partition}:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
+          access_scope = {
+            type       = "cluster"
+          }
+        }
+      }
+    }
+  }
+
+  tags = local.tags
+}
+

KaaS/Elastic Kubernetes Service(EKS)/Terraform/ecr-pull-through-cache/k8s.tf

@@ -0,0 +1,36 @@
+resource "kubernetes_deployment" "nginx" {
+  metadata {
+    name = "nginx-deployment"
+    labels = {
+      app = "nginx"
+    }
+  }
+
+  spec {
+    replicas = 3
+
+    selector {
+      match_labels = {
+        app = "nginx"
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          app = "nginx"
+        }
+      }
+
+      spec {
+        container {
+          name  = "nginx"
+          image = "${data.aws_caller_identity.current.id}.dkr.ecr.${var.region}.amazonaws.com/ecr-public/nginx/nginx:latest"
+          port {
+            container_port = 80
+          }
+        }
+      }
+    }
+  }
+}

KaaS/Elastic Kubernetes Service(EKS)/Terraform/ecr-pull-through-cache/output.tf

@@ -0,0 +1,4 @@
+output "configure_kubectl" {
+  description = "Configure kubectl: make sure you're logged in with the correct AWS profile and run the following command to update your kubeconfig"
+  value       = "aws eks --region ${local.region} update-kubeconfig --name ${module.eks.cluster_name}"
+}

KaaS/Elastic Kubernetes Service(EKS)/Terraform/ecr-pull-through-cache/terraform.tf

@@ -0,0 +1,48 @@
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.34"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 2.9"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.20"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.14"
+    }
+  }
+}
+
+provider "aws" {
+  region = local.region
+}
+
+provider "kubernetes" {
+  host                   = module.eks.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+  token                  = data.aws_eks_cluster_auth.this.token
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = module.eks.cluster_endpoint
+    cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+    token                  = data.aws_eks_cluster_auth.this.token
+  }
+}
+
+provider "kubectl" {
+  apply_retry_count      = 10
+  host                   = module.eks.cluster_endpoint
+  cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
+  load_config_file       = false
+  token                  = data.aws_eks_cluster_auth.this.token
+}

KaaS/Elastic Kubernetes Service(EKS)/Terraform/ecr-pull-through-cache/variable.tf

@@ -0,0 +1,8 @@
+variable "region" {
+  type = string
+}
+
+variable "eks_version" {
+  type = string
+  default = "1.31"
+}

KaaS/Elastic Kubernetes Service(EKS)/Terraform/ecr-pull-through-cache/vpc.tf

@@ -0,0 +1,16 @@
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.0"
+
+  name = local.name
+  cidr = local.vpc_cidr
+
+  azs             = local.azs
+  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+
+  tags = local.tags
+}

README.md

@@ -47,7 +47,11 @@ This repository contains IaC scripts to deploy Kubernetes Cluster on different C
 #### Workload
 - [add-ons](/KaaS/Elastic%20Kubernetes%20Service(EKS)/Terraform/add-ons/README.md) (Advanced Configurations)
 
-### [Azure Kubernetes Cluster (AKS)](/KaaS/Azure%20Kubernetes%20Service(AKS)/)
+#### Docker Images
+- [ECR Pull Through Cache](/KaaS/Elastic%20Kubernetes%20Service(EKS)/Terraform/ecr-pull-through-cache/README.md) ✅
+
+
+### [Azure Kubernetes Cluster (AKS)](/KaaS/Azure%20Kubernetes%20Service(AKS)/) 🔨
 - [Terraform](/KaaS/Azure%20Kubernetes%20Service(AKS)/Terraform/README.md)
 
 ## Kubeadm