Single AZ Support (#93)

* new: allow workload to be run in a single az

Some workloads have latency or other technical requirements that force pods to be within the same availability zone.  This enables the managed node group to exist in only one availability zone

* new: ensure EBS volumes created are compatible with topology

* update: eks-service-definition with single_az option

* docs: add reference for complex terraform feature

eks-service-definition.yml

@@ -49,6 +49,10 @@ provision:
     required: false
     type: array
     details: "A list of the desired AWS Compute types that the nodes will be launched with (e.g. [\"m5.large\"])"
+  - field_name: single_az
+    required: false
+    type: boolean
+    details: "Specify whether the managed node group should span only a single availability zone"
 
   computed_inputs:
   - name: instance_name
@@ -89,9 +93,9 @@ provision:
     type: array
     default: ["m5.large"]
     overwrite: true
-  - name: install_vpc_cni
+  - name: single_az
     type: boolean
-    default: true
+    default: false
     overwrite: true
 
   outputs:

terraform/modules/provision-aws/eks.tf

@@ -109,6 +109,7 @@ module "eks" {
       launch_template_name = "${local.cluster_name}-lt"
       name                 = "${local.cluster_name}"
       ami_id               = data.aws_ami.gsa-ise.id
+      subnet_ids           = var.single_az ? [module.vpc.private_subnets[0]] : module.vpc.private_subnets
 
       enable_bootstrap_user_data = true
       bootstrap_extra_args       = "--container-runtime dockerd"
@@ -309,10 +310,10 @@ data "template_file" "kubeconfig" {
 
 resource "local_sensitive_file" "kubeconfig" {
   # Only create the file if requested; it's not needed by provisioners
-  count             = var.write_kubeconfig ? 1 : 0
-  content           = data.template_file.kubeconfig.rendered
-  filename          = local.kubeconfig_name
-  file_permission   = "0600"
+  count           = var.write_kubeconfig ? 1 : 0
+  content         = data.template_file.kubeconfig.rendered
+  filename        = local.kubeconfig_name
+  file_permission = "0600"
 }
 
 

terraform/modules/provision-aws/variables.tf

@@ -45,3 +45,8 @@ variable "write_kubeconfig" {
   type    = bool
   default = false
 }
+
+variable "single_az" {
+  type    = bool
+  default = false
+}

terraform/modules/provision-k8s/k8s-persistent-storage.tf

@@ -11,4 +11,22 @@ resource "kubernetes_storage_class" "ebs-sc" {
   # https://docs.aws.amazon.com/eks/latest/userguide/storage-classes.html
   storage_provisioner    = "kubernetes.io/aws-ebs"
   allow_volume_expansion = true
+
+  # Ensure volumes are created in the correct topology (specifically availability zone)
+  # https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode
+  volume_binding_mode    = "WaitForFirstConsumer"
+
+  # The following code uses an optional nested block to define EBS volume parameters
+  # References:
+  # - https://codeinthehole.com/tips/conditional-nested-blocks-in-terraform/
+  # - https://medium.com/@business_99069/terraform-0-12-conditional-block-7d166e4abcbf
+  allowed_topologies {
+    dynamic "match_label_expressions" {
+      for_each = var.single_az ? [1] : []
+      content {
+        key    = "topology.ebs.csi.aws.com/zone"
+        values = ["${var.region}a"]
+      }
+    }
+  }
 }