Update Terraform configurations and set up Ingress for EKS deployment

Author: pabhi18

node-app/values.yaml

@@ -5,12 +5,13 @@
 replicaCount: 1
 
 image:
-  repository: pabhi4881/node-app
+  repository: 637423391401.dkr.ecr.us-east-1.amazonaws.com/node-app
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
   tag: "latest"
 
-imagePullSecrets: []
+imagePullSecrets:
+  - name: nodeapp
 nameOverride: ""
 fullnameOverride: ""
 
@@ -36,24 +37,28 @@ securityContext: {}
   #   drop:
   #   - ALL
   # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
+  # runAsNonRoot: trueclear
   # runAsUser: 1000
 
 service:
   type: ClusterIP
   port: 3000
 
+
 ingress:
-  enabled: false
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
+  enabled: true
+  className: "nginx"
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: ip
+    alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+    alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:your-region:your-account-id:certificate/cert-id"  # Optional for HTTPS
   hosts:
-    - host: chart-example.local
+    - host: toyocars.online
       paths:
         - path: /
-          pathType: ImplementationSpecific
+          pathType: Prefix
   tls: []
   #  - secretName: chart-example-tls
   #    hosts:
@@ -74,11 +79,13 @@ resources: {}
 livenessProbe:
   httpGet:
     path: /
-    port: http
+    port: 3000
+
 readinessProbe:
   httpGet:
     path: /
-    port: http
+    port: 3000
+
 
 autoscaling:
   enabled: false

terraform/main.tf

@@ -7,6 +7,57 @@ module "vpc" {
   private_subnets = var.private_subnets_cidr
   public_subnets  = var.public_subnets_cidr
   enable_nat_gateway = true
+
+  private_subnet_tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+    "kubernetes.io/role/internal-elb"           = "1"
+  }
+  public_subnet_tags = {
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
+    "kubernetes.io/role/elb"                    = "1"
+  }
+}
+
+# ECR policy
+resource "aws_iam_policy" "ecr_policy" {
+  name = "eks-ecr-policy"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "ecr:GetAuthorizationToken",
+          "ecr:BatchCheckLayerAvailability",
+          "ecr:GetDownloadUrlForLayer",
+          "ecr:GetRepositoryPolicy",
+          "ecr:DescribeRepositories",
+          "ecr:ListImages",
+          "ecr:BatchGetImage"
+        ]
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+# ALB policy
+resource "aws_iam_policy" "alb_policy" {
+  name = "eks-alb-policy"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "elasticloadbalancing:*",
+          "ec2:CreateSecurityGroup",
+          "ec2:Describe*"
+        ]
+        Resource = "*"
+      }
+    ]
+  })
 }
 
 module "eks" {
@@ -26,6 +77,11 @@ module "eks" {
       desired_size = 1
       instance_types = ["t3.small"]
       capacity_type  = "SPOT"
+
+      iam_role_additional_policies = {
+        AmazonECR_Policy = aws_iam_policy.ecr_policy.arn
+        ALBIngress_Policy = aws_iam_policy.alb_policy.arn
+      }
     }
   }
 }

terraform/provider.tf

@@ -1,4 +1,13 @@
+terraform {
+  backend "s3" {
+    bucket         	   = "node-app-tfstate"
+    key              	 = "state/terraform.tfstate"
+    region         	   = "us-east-1"
+    encrypt        	   = true
+    dynamodb_table     = "node_app_lockid"
+  }
+}
+
 provider "aws" {
   region = var.region
 }
-

terraform/variables.tf

@@ -1,7 +1,7 @@
 variable "region" {
   description = "AWS region"
   type        = string
-  default     = "us-west-2"
+  default     = "us-east-1"
 }
 
 variable "vpc_cidr" {