Skip to content

Commit

Permalink
Added more SG inputs;updated autoscaler perms;removed tiered storage …
Browse files Browse the repository at this point in the history
…submodule
  • Loading branch information
jrsdav committed Oct 17, 2022
1 parent 77f90f4 commit 2903ee3
Show file tree
Hide file tree
Showing 9 changed files with 61 additions and 359 deletions.
12 changes: 11 additions & 1 deletion cluster_autoscaler.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,11 @@ data "aws_iam_policy_document" "cluster_autoscaler" {
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"ec2:DescribeImages",
"ec2:DescribeInstanceTypes",
"ec2:DescribeLaunchTemplateVersions",
"ec2:GetInstanceTypesFromInstanceRequirements",
"eks:DesribedNodegroup",
]

resources = ["*"]
Expand Down Expand Up @@ -62,10 +66,15 @@ data "aws_iam_policy_document" "cluster_autoscaler_sts" {
identifiers = [format("arn:%s:iam::%s:oidc-provider/%s", local.aws_partition, local.account_id, local.oidc_issuer)]
}
condition {
test = "StringLike"
test = "StringEquals"
values = [format("system:serviceaccount:%s:%s", "kube-system", "cluster-autoscaler")]
variable = format("%s:sub", local.oidc_issuer)
}
condition {
test = "StringEquals"
values = ["sts.amazonaws.com"]
variable = format("%s:aud", local.oidc_issuer)
}
}
}

Expand Down Expand Up @@ -107,6 +116,7 @@ locals {
"1.20" = "v1.20.1",
"1.21" = "v1.21.1",
"1.22" = "v1.22.1",
"1.23" = "v1.23.0"
}

}
Expand Down
10 changes: 8 additions & 2 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -150,13 +150,17 @@ module "eks" {
aws_auth_roles = local.role_bindings
cluster_name = var.cluster_name
cluster_version = var.cluster_version
create_cluster_primary_security_group_tags = false
cluster_endpoint_private_access = true # Always set to true here, which enables private networking for the node groups
cluster_endpoint_private_access = true # Always set to true here, which enables private networking for the node groups
cluster_endpoint_public_access = var.disable_public_eks_endpoint ? false : true
cluster_endpoint_public_access_cidrs = var.allowed_public_cidrs
cluster_enabled_log_types = var.cluster_enabled_log_types
cluster_security_group_additional_rules = var.cluster_security_group_additional_rules
cluster_security_group_id = var.cluster_security_group_id
control_plane_subnet_ids = local.cluster_subnet_ids
create_cloudwatch_log_group = false
create_cluster_primary_security_group_tags = false # Cleaner if we handle the tag in aws_ec2_tag.cluster_security_group
create_cluster_security_group = var.create_cluster_security_group
create_node_security_group = var.create_node_security_group
create_iam_role = var.use_runtime_policy ? false : true
eks_managed_node_groups = local.node_groups
eks_managed_node_group_defaults = local.node_group_defaults
Expand All @@ -165,6 +169,8 @@ module "eks" {
iam_role_path = var.iam_path
iam_role_permissions_boundary = var.permissions_boundary_arn
manage_aws_auth_configmap = true
node_security_group_id = var.node_security_group_id
node_security_group_additional_rules = var.node_security_group_additional_rules
openid_connect_audiences = ["sts.amazonaws.com"]
tags = local.tags
vpc_id = var.vpc_id
Expand Down
89 changes: 0 additions & 89 deletions modules/tiered-storage-resources/README.md

This file was deleted.

119 changes: 0 additions & 119 deletions modules/tiered-storage-resources/main.tf

This file was deleted.

38 changes: 0 additions & 38 deletions modules/tiered-storage-resources/outputs.tf

This file was deleted.

75 changes: 0 additions & 75 deletions modules/tiered-storage-resources/variables.tf

This file was deleted.

Loading

0 comments on commit 2903ee3

Please sign in to comment.