From 32c8b8419259c74deb8c5fcb1e77e71b55ec9770 Mon Sep 17 00:00:00 2001
From: nerahou <nrahou@synamedia.com>
Date: Thu, 12 Sep 2024 12:21:03 +0200
Subject: [PATCH] Use vpc-cni addon configuration values to create eniconfigs

---
 iam_aws_vpc_cni.tf |  2 +-
 main.tf            | 46 ++++++++++++++++++----------------------------
 variables.tf       | 11 +++++++++++
 versions.tf        |  4 ----
 4 files changed, 30 insertions(+), 33 deletions(-)

diff --git a/iam_aws_vpc_cni.tf b/iam_aws_vpc_cni.tf
index 16d3306..90e2d9f 100644
--- a/iam_aws_vpc_cni.tf
+++ b/iam_aws_vpc_cni.tf
@@ -1,5 +1,5 @@
 locals {
-  handle_aws_vpc_cni = var.handle_iam_resources && (var.handle_iam_aws_vpc_cni || contains(keys(var.cluster_addons), "vpc-cni"))
+  handle_aws_vpc_cni = var.handle_iam_resources && var.handle_iam_aws_vpc_cni
 }
 
 resource "aws_iam_role" "aws_vpc_cni" {
diff --git a/main.tf b/main.tf
index 7ab75ca..78f602f 100644
--- a/main.tf
+++ b/main.tf
@@ -15,11 +15,18 @@
 */
 
 locals {
-  eni_configs = [for e in var.pods_subnets : {
-    name           = e.availability_zone
-    subnet         = e.id
-    securityGroups = [aws_eks_cluster.quortex.vpc_config[0].cluster_security_group_id]
-  }]
+  vpc_cni_configuration_values = var.handle_eni_configs ? {
+    "eniConfig" : {
+      "create" : true,
+      "region" : data.aws_region.current.name,
+      "subnets" : { for e in var.pods_subnets :
+        e.availability_zone => {
+          id             = e.id
+          securityGroups = [aws_eks_cluster.quortex.vpc_config[0].cluster_security_group_id]
+        }
+      }
+    }
+  } : null
   # The Quortex cluster OIDC issuer.
   cluster_oidc_issuer = trimprefix(aws_eks_cluster.quortex.identity[0].oidc[0].issuer, "https://")
   node_group_labels = [
@@ -193,15 +200,15 @@ locals {
 }
 
 resource "aws_eks_addon" "vpc_cni_addon" {
-  count = local.handle_aws_vpc_cni ? 1 : 0
+  count = var.vpc_cni_addon == null ? 0 : 1
 
   cluster_name                = aws_eks_cluster.quortex.name
   addon_name                  = "vpc-cni"
-  addon_version               = var.cluster_addons["vpc-cni"].version
-  configuration_values        = try(var.cluster_addons["vpc-cni"].configuration_values, null)
-  preserve                    = try(var.cluster_addons["vpc-cni"].preserve, null)
-  resolve_conflicts_on_update = try(var.cluster_addons["vpc-cni"].resolve_conflicts, "OVERWRITE")
-  resolve_conflicts_on_create = try(var.cluster_addons["vpc-cni"].resolve_conflicts, "OVERWRITE")
+  addon_version               = var.vpc_cni_addon.version
+  configuration_values        = jsonencode(merge(local.vpc_cni_configuration_values, var.vpc_cni_addon.configuration_values))
+  preserve                    = var.vpc_cni_addon.preserve
+  resolve_conflicts_on_update = var.vpc_cni_addon.resolve_conflicts
+  resolve_conflicts_on_create = var.vpc_cni_addon.resolve_conflicts
   service_account_role_arn    = lookup(local.addon_irsa_service_account_arn, "vpc-cni", null)
 
   tags = var.tags
@@ -221,8 +228,6 @@ resource "aws_eks_addon" "quortex_addon" {
   service_account_role_arn    = lookup(local.addon_irsa_service_account_arn, each.key, null)
 
   tags = var.tags
-
-  depends_on = [helm_release.eni_configs]
 }
 
 # This AWS CLI command will add tags to the ASG created by EKS
@@ -288,18 +293,3 @@ resource "aws_cloudwatch_log_group" "cluster_logs" {
   retention_in_days = var.cluster_logs_retention
   tags              = var.tags
 }
-
-resource "helm_release" "eni_configs" {
-  count      = var.handle_eni_configs ? 1 : 0
-  version    = "1.0.0"
-  chart      = "empty"
-  repository = "https://quortex.github.io/helm-charts"
-  name       = "aws-vpc-cni-config"
-
-  values = [
-    templatefile("${path.module}/templates/eniconfigs.yaml", {
-      eniConfigs : jsonencode(local.eni_configs)
-    })
-  ]
-  depends_on = [aws_eks_addon.vpc_cni_addon]
-}
diff --git a/variables.tf b/variables.tf
index cf0d3a2..cc4b758 100644
--- a/variables.tf
+++ b/variables.tf
@@ -300,6 +300,17 @@ variable "cluster_addons" {
   default     = {}
 }
 
+variable "vpc_cni_addon" {
+  description = "vpc-cni addon definition"
+  type = object({
+    version              = string
+    resolve_conflicts    = optional(string, "OVERWRITE")
+    preserve             = optional(bool)
+    configuration_values = any
+  })
+  nullable = true
+}
+
 variable "manage_aws_auth_configmap" {
   description = "Determines whether to manage the aws-auth configmap."
   type        = bool
diff --git a/versions.tf b/versions.tf
index 50c8ff2..8029fd1 100644
--- a/versions.tf
+++ b/versions.tf
@@ -22,10 +22,6 @@ terraform {
       source  = "hashicorp/aws"
       version = ">=5.0.0"
     }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">=2.0.0"
-    }
     kubernetes = {
       source  = "hashicorp/kubernetes"
       version = ">=2.0.0"