Handle vpc-cni addon separately

iam_aws_vpc_cni.tf

@@ -1,5 +1,5 @@
 locals {
-  handle_aws_vpc_cni = var.handle_iam_resources && (var.handle_iam_aws_vpc_cni || contains(keys(var.cluster_addons), "vpc-cni"))
+  handle_aws_vpc_cni = var.handle_iam_resources && (var.handle_iam_aws_vpc_cni || length(var.vpc_cni_addon) > 0)
 }
 
 resource "aws_iam_role" "aws_vpc_cni" {

main.tf

@@ -15,24 +15,22 @@
 */
 
 locals {
-  vpc_cni_configuration_values = var.custom_networking ? jsonencode(
-    {
-      "env" : {
-        "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG" : "true",
-        "ENI_CONFIG_LABEL_DEF" : "topology.kubernetes.io/zone"
-      }
-      "eniConfig" : {
-        "create" : true,
-        "region" : data.aws_region.current.name,
-        "subnets" : { for e in var.pods_subnets :
-          e.availability_zone => {
-            id             = e.id
-            securityGroups = [aws_eks_cluster.quortex.vpc_config[0].cluster_security_group_id]
-          }
+  vpc_cni_configuration_values = var.custom_networking ? {
+    "env" : {
+      "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG" : "true",
+      "ENI_CONFIG_LABEL_DEF" : "topology.kubernetes.io/zone"
+    }
+    "eniConfig" : {
+      "create" : true,
+      "region" : data.aws_region.current.name,
+      "subnets" : { for e in var.pods_subnets :
+        e.availability_zone => {
+          id             = e.id
+          securityGroups = [aws_eks_cluster.quortex.vpc_config[0].cluster_security_group_id]
         }
       }
     }
-  ) : null
+  } : {}
   # The Quortex cluster OIDC issuer.
   cluster_oidc_issuer = trimprefix(aws_eks_cluster.quortex.identity[0].oidc[0].issuer, "https://")
   node_group_labels = [
@@ -210,11 +208,11 @@ resource "aws_eks_addon" "vpc_cni_addon" {
 
   cluster_name                = aws_eks_cluster.quortex.name
   addon_name                  = "vpc-cni"
-  addon_version               = var.cluster_addons["vpc-cni"].version
-  configuration_values        = try(coalesce(var.cluster_addons["vpc-cni"].configuration_values, local.vpc_cni_configuration_values), null)
-  preserve                    = try(var.cluster_addons["vpc-cni"].preserve, null)
-  resolve_conflicts_on_update = try(var.cluster_addons["vpc-cni"].resolve_conflicts, "OVERWRITE")
-  resolve_conflicts_on_create = try(var.cluster_addons["vpc-cni"].resolve_conflicts, "OVERWRITE")
+  addon_version               = var.vpc_cni_addon.version
+  configuration_values        = jsonencode(merge(local.vpc_cni_configuration_values, var.vpc_cni_addon.configuration_values))
+  preserve                    = try(var.vpc_cni_addon.preserve, null)
+  resolve_conflicts_on_update = try(var.vpc_cni_addon.resolve_conflicts, "OVERWRITE")
+  resolve_conflicts_on_create = try(var.vpc_cni_addon.resolve_conflicts, "OVERWRITE")
   service_account_role_arn    = lookup(local.addon_irsa_service_account_arn, "vpc-cni", null)
 
   tags = var.tags

variables.tf

@@ -300,6 +300,12 @@ variable "cluster_addons" {
   default     = {}
 }
 
+variable "vpc_cni_addon" {
+  description = "vpc-cni addon definition"
+  type        = any
+  default     = {}
+}
+
 variable "manage_aws_auth_configmap" {
   description = "Determines whether to manage the aws-auth configmap."
   type        = bool