From d348fb4563acd5d3d686697a94881a74f8c881b2 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Mon, 7 Dec 2020 23:31:12 +0100 Subject: [PATCH 01/18] feat: enable default launch template Signed-off-by: Kevin Lefevre --- modules/node_groups/launchtemplate.tf | 94 +++++++++++++++++++ modules/node_groups/locals.tf | 2 + modules/node_groups/node_groups.tf | 16 +++- modules/node_groups/templates/userdata.sh.tpl | 10 ++ 4 files changed, 120 insertions(+), 2 deletions(-) create mode 100644 modules/node_groups/launchtemplate.tf create mode 100644 modules/node_groups/templates/userdata.sh.tpl diff --git a/modules/node_groups/launchtemplate.tf b/modules/node_groups/launchtemplate.tf new file mode 100644 index 0000000000..0a9aaabc6f --- /dev/null +++ b/modules/node_groups/launchtemplate.tf @@ -0,0 +1,94 @@ +data "template_file" "workers_userdata" { + for_each = { for k, v in local.node_groups_expanded : k => v if v["create_launch_template"] } + template = file("${path.module}/templates/userdata.sh.tpl") + + vars = { + bootstrap_extra_args = each.value["bootstrap_extra_args"] + kubelet_extra_args = each.value["kubelet_extra_args"] + } +} + +# This is based on the LT that EKS would create if no custom one is specified (aws ec2 describe-launch-template-versions --launch-template-id xxx) +# there are several more options one could set but you probably dont need to modify them +# you can take the default and add your custom AMI and/or custom tags +# +# Trivia: AWS transparently creates a copy of your LaunchTemplate and actually uses that copy then for the node group. If you DONT use a custom AMI, +# then the default user-data for bootstrapping a cluster is merged in the copy. +resource "aws_launch_template" "workers" { + for_each = { for k, v in local.node_groups_expanded : k => v if v["create_launch_template"] } + name = lookup(each.value, "name", join("-", [var.cluster_name, each.key, random_pet.node_groups[each.key].id])) + description = lookup(each.value, "name", join("-", [var.cluster_name, each.key, random_pet.node_groups[each.key].id])) + update_default_version = true + + block_device_mappings { + device_name = "/dev/xvda" + + ebs { + volume_size = each.value.disk_size + volume_type = "gp2" + delete_on_termination = true + # encrypted = true + + # Enable this if you want to encrypt your node root volumes with a KMS/CMK. encryption of PVCs is handled via k8s StorageClass tho + # you also need to attach data.aws_iam_policy_document.ebs_decryption.json from the disk_encryption_policy.tf to the KMS/CMK key then !! + # kms_key_id = var.kms_key_arn + } + } + + instance_type = each.value.instance_type + + monitoring { + enabled = true + } + + network_interfaces { + associate_public_ip_address = false + delete_on_termination = true + } + + # if you want to use a custom AMI + # image_id = var.ami_id + + # If you use a custom AMI, you need to supply via user-data, the bootstrap script as EKS DOESNT merge its managed user-data then + # you can add more than the minimum code you see in the template, e.g. install SSM agent, see https://github.com/aws/containers-roadmap/issues/593#issuecomment-577181345 + # + # (optionally you can use https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/cloudinit_config to render the script, example: https://github.com/terraform-aws-modules/terraform-aws-eks/pull/997#issuecomment-705286151) + + user_data = base64encode( + data.template_file.workers_userdata[each.key].rendered, + ) + + + # Supplying custom tags to EKS instances is another use-case for LaunchTemplates + tag_specifications { + resource_type = "instance" + + tags = merge( + var.tags, + lookup(var.node_groups_defaults, "additional_tags", {}), + lookup(var.node_groups[each.key], "additional_tags", {}), + ) + } + + # Supplying custom tags to EKS instances root volumes is another use-case for LaunchTemplates. (doesnt add tags to dynamically provisioned volumes via PVC tho) + tag_specifications { + resource_type = "volume" + + tags = merge( + var.tags, + lookup(var.node_groups_defaults, "additional_tags", {}), + lookup(var.node_groups[each.key], "additional_tags", {}), + ) + } + + # Tag the LT itself + tags = merge( + var.tags, + lookup(var.node_groups_defaults, "additional_tags", {}), + lookup(var.node_groups[each.key], "additional_tags", {}), + ) + + lifecycle { + create_before_destroy = true + } +} diff --git a/modules/node_groups/locals.tf b/modules/node_groups/locals.tf index 61c633d5db..1e327b8fa9 100644 --- a/modules/node_groups/locals.tf +++ b/modules/node_groups/locals.tf @@ -11,6 +11,8 @@ locals { max_capacity = var.workers_group_defaults["asg_max_size"] min_capacity = var.workers_group_defaults["asg_min_size"] subnets = var.workers_group_defaults["subnets"] + create_launch_template = false + kubelet_extra_args = var.workers_group_defaults["kubelet_extra_args"] }, var.node_groups_defaults, v, diff --git a/modules/node_groups/node_groups.tf b/modules/node_groups/node_groups.tf index 68abb094d9..d070778484 100644 --- a/modules/node_groups/node_groups.tf +++ b/modules/node_groups/node_groups.tf @@ -14,8 +14,8 @@ resource "aws_eks_node_group" "workers" { } ami_type = lookup(each.value, "ami_type", null) - disk_size = lookup(each.value, "disk_size", null) - instance_types = lookup(each.value, "instance_types", null) + disk_size = each.value["launch_template_id"] != null || each.value["create_launch_template"] ? null : lookup(each.value, "disk_size", null) + instance_types = each.value["launch_template_id"] != null || each.value["create_launch_template"] ? [] : [each.value["instance_type"]] release_version = lookup(each.value, "ami_release_version", null) capacity_type = lookup(each.value, "capacity_type", null) @@ -43,6 +43,18 @@ resource "aws_eks_node_group" "workers" { } } + dynamic "launch_template" { + for_each = each.value["launch_template_id"] == null && each.value["create_launch_template"] ? [{ + id = aws_launch_template.workers[each.key].id + version = aws_launch_template.workers[each.key].latest_version + }] : [] + + content { + id = launch_template.value["id"] + version = launch_template.value["version"] + } + } + version = lookup(each.value, "version", null) labels = merge( diff --git a/modules/node_groups/templates/userdata.sh.tpl b/modules/node_groups/templates/userdata.sh.tpl new file mode 100644 index 0000000000..fe0a37819d --- /dev/null +++ b/modules/node_groups/templates/userdata.sh.tpl @@ -0,0 +1,10 @@ +MIME-Version: 1.0 +Content-Type: multipart/mixed; boundary="//" + +--// +Content-Type: text/x-shellscript; charset="us-ascii" + +#!/bin/bash +sed -i '/^KUBELET_EXTRA_ARGS=/a KUBELET_EXTRA_ARGS+=" ${kubelet_extra_args}"' /etc/eks/bootstrap.sh + +--//-- From 66d6e69eb5f980699396bfaa0390e11cca683773 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Mon, 7 Dec 2020 23:43:04 +0100 Subject: [PATCH 02/18] chore: add docs Signed-off-by: Kevin Lefevre --- modules/node_groups/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md index e7a1967dc6..5b5a003a18 100644 --- a/modules/node_groups/README.md +++ b/modules/node_groups/README.md @@ -35,6 +35,8 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In | source\_security\_group\_ids | Source security groups for remote access to workers | list(string) | If key\_name is specified: THE REMOTE ACCESS WILL BE OPENED TO THE WORLD | | subnets | Subnets to contain workers | list(string) | `var.workers_group_defaults[subnets]` | | version | Kubernetes version | string | Provider default behavior | +| create_launch_template | Create and use a default launch template | `false` | +| kubelet_extra_args | This string is passed directly to kubelet if set. Useful for adding labels or taints. Require `create_launch_template` to be `true`| "" | ## Requirements @@ -47,6 +49,7 @@ No requirements. |------|---------| | aws | n/a | | random | n/a | +| template | n/a | ## Inputs From 048640934b0ea0252695c33c25ae7bd526b0e6b6 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 8 Dec 2020 10:34:48 +0100 Subject: [PATCH 03/18] fix: remove unused var and add default disk size Signed-off-by: Kevin Lefevre --- modules/node_groups/launchtemplate.tf | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/node_groups/launchtemplate.tf b/modules/node_groups/launchtemplate.tf index 0a9aaabc6f..2dcb15dcbd 100644 --- a/modules/node_groups/launchtemplate.tf +++ b/modules/node_groups/launchtemplate.tf @@ -3,8 +3,7 @@ data "template_file" "workers_userdata" { template = file("${path.module}/templates/userdata.sh.tpl") vars = { - bootstrap_extra_args = each.value["bootstrap_extra_args"] - kubelet_extra_args = each.value["kubelet_extra_args"] + kubelet_extra_args = each.value["kubelet_extra_args"] } } @@ -16,7 +15,7 @@ data "template_file" "workers_userdata" { # then the default user-data for bootstrapping a cluster is merged in the copy. resource "aws_launch_template" "workers" { for_each = { for k, v in local.node_groups_expanded : k => v if v["create_launch_template"] } - name = lookup(each.value, "name", join("-", [var.cluster_name, each.key, random_pet.node_groups[each.key].id])) + name_prefix = lookup(each.value, "name", join("-", [var.cluster_name, each.key, random_pet.node_groups[each.key].id])) description = lookup(each.value, "name", join("-", [var.cluster_name, each.key, random_pet.node_groups[each.key].id])) update_default_version = true @@ -24,7 +23,7 @@ resource "aws_launch_template" "workers" { device_name = "/dev/xvda" ebs { - volume_size = each.value.disk_size + volume_size = lookup(each.value, "disk_size", 20) volume_type = "gp2" delete_on_termination = true # encrypted = true From 408bcde40ff7abe7b5317014239b999804374131 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 8 Dec 2020 23:07:59 +0100 Subject: [PATCH 04/18] feat: add name tag Signed-off-by: Kevin Lefevre --- modules/node_groups/launchtemplate.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/node_groups/launchtemplate.tf b/modules/node_groups/launchtemplate.tf index 2dcb15dcbd..f7fa026077 100644 --- a/modules/node_groups/launchtemplate.tf +++ b/modules/node_groups/launchtemplate.tf @@ -66,6 +66,9 @@ resource "aws_launch_template" "workers" { var.tags, lookup(var.node_groups_defaults, "additional_tags", {}), lookup(var.node_groups[each.key], "additional_tags", {}), + { + Name = lookup(each.value, "name", join("-", [var.cluster_name, each.key, random_pet.node_groups[each.key].id])) + } ) } @@ -77,6 +80,9 @@ resource "aws_launch_template" "workers" { var.tags, lookup(var.node_groups_defaults, "additional_tags", {}), lookup(var.node_groups[each.key], "additional_tags", {}), + { + Name = lookup(each.value, "name", join("-", [var.cluster_name, each.key, random_pet.node_groups[each.key].id])) + } ) } From 9fb05a7359d97a294b25e96430e6aa1d51a4e2da Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 12 Jan 2021 12:52:55 +0100 Subject: [PATCH 05/18] fix: disable remote access with LT Signed-off-by: Kevin Lefevre --- modules/node_groups/node_groups.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/node_groups/node_groups.tf b/modules/node_groups/node_groups.tf index d070778484..f129cb1cde 100644 --- a/modules/node_groups/node_groups.tf +++ b/modules/node_groups/node_groups.tf @@ -20,7 +20,7 @@ resource "aws_eks_node_group" "workers" { capacity_type = lookup(each.value, "capacity_type", null) dynamic "remote_access" { - for_each = each.value["key_name"] != "" ? [{ + for_each = each.value["key_name"] != "" && each.value["launch_template_id"] == null && !each.value["create_launch_template"] ? [{ ec2_ssh_key = each.value["key_name"] source_security_group_ids = lookup(each.value, "source_security_group_ids", []) }] : [] From 21d07608d0a6b0526e6e92fe0c98812fddee7bc7 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 12 Jan 2021 14:09:27 +0100 Subject: [PATCH 06/18] fix: add key_name to launch template Signed-off-by: Kevin Lefevre --- modules/node_groups/launchtemplate.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/node_groups/launchtemplate.tf b/modules/node_groups/launchtemplate.tf index f7fa026077..6f41cb630b 100644 --- a/modules/node_groups/launchtemplate.tf +++ b/modules/node_groups/launchtemplate.tf @@ -57,6 +57,7 @@ resource "aws_launch_template" "workers" { data.template_file.workers_userdata[each.key].rendered, ) + key_name = lookup(each.value, "key_name", null) # Supplying custom tags to EKS instances is another use-case for LaunchTemplates tag_specifications { From d97a78d4c4359517ff35f0a3e6d44984cab69e63 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 2 Feb 2021 17:14:26 +0100 Subject: [PATCH 07/18] feat: use cloud init and local var from workers Signed-off-by: Kevin Lefevre --- modules/node_groups/launchtemplate.tf | 39 ++++++++++--------- modules/node_groups/locals.tf | 7 ++++ modules/node_groups/templates/userdata.sh.tpl | 11 +++--- 3 files changed, 33 insertions(+), 24 deletions(-) diff --git a/modules/node_groups/launchtemplate.tf b/modules/node_groups/launchtemplate.tf index 6f41cb630b..7075f1e3b7 100644 --- a/modules/node_groups/launchtemplate.tf +++ b/modules/node_groups/launchtemplate.tf @@ -1,9 +1,19 @@ -data "template_file" "workers_userdata" { - for_each = { for k, v in local.node_groups_expanded : k => v if v["create_launch_template"] } - template = file("${path.module}/templates/userdata.sh.tpl") +data "cloudinit_config" "workers_userdata" { + for_each = { for k, v in local.node_groups_expanded : k => v if v["create_launch_template"] } + gzip = false + base64_encode = true + boundary = "//" + + part { + content_type = "text/x-shellscript" + content = templatefile("${path.module}/templates/userdata.sh.tpl", + { + pre_userdata = each.value["pre_userdata"] + kubelet_extra_args = each.value["kubelet_extra_args"] + additional_userdata = each.value["additional_userdata"] + } + ) - vars = { - kubelet_extra_args = each.value["kubelet_extra_args"] } } @@ -23,26 +33,21 @@ resource "aws_launch_template" "workers" { device_name = "/dev/xvda" ebs { - volume_size = lookup(each.value, "disk_size", 20) - volume_type = "gp2" + volume_size = lookup(each.value, "disk_size", null) + volume_type = lookup(each.value, "disk_type", null) delete_on_termination = true - # encrypted = true - - # Enable this if you want to encrypt your node root volumes with a KMS/CMK. encryption of PVCs is handled via k8s StorageClass tho - # you also need to attach data.aws_iam_policy_document.ebs_decryption.json from the disk_encryption_policy.tf to the KMS/CMK key then !! - # kms_key_id = var.kms_key_arn } } instance_type = each.value.instance_type monitoring { - enabled = true + enabled = lookup(each.value, "enable_monitoring", null) } network_interfaces { - associate_public_ip_address = false - delete_on_termination = true + associate_public_ip_address = lookup(each.value, "public_ip", null) + delete_on_termination = lookup(each.value, "eni_delete", null) } # if you want to use a custom AMI @@ -53,9 +58,7 @@ resource "aws_launch_template" "workers" { # # (optionally you can use https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/cloudinit_config to render the script, example: https://github.com/terraform-aws-modules/terraform-aws-eks/pull/997#issuecomment-705286151) - user_data = base64encode( - data.template_file.workers_userdata[each.key].rendered, - ) + user_data = data.cloudinit_config.workers_userdata[each.key].rendered key_name = lookup(each.value, "key_name", null) diff --git a/modules/node_groups/locals.tf b/modules/node_groups/locals.tf index 1e327b8fa9..6da7759ea6 100644 --- a/modules/node_groups/locals.tf +++ b/modules/node_groups/locals.tf @@ -13,6 +13,13 @@ locals { subnets = var.workers_group_defaults["subnets"] create_launch_template = false kubelet_extra_args = var.workers_group_defaults["kubelet_extra_args"] + disk_size = var.workers_group_defaults["root_volume_size"] + disk_type = var.workers_group_defaults["root_volume_type"] + enabled_monitoring = var.workers_group_defaults["enable_monitoring"] + eni_delete = var.workers_group_defaults["eni_delete"] + public_ip = var.workers_group_defaults["public_ip"] + pre_userdata = var.workers_group_defaults["pre_userdata"] + additional_userdata = var.workers_group_defaults["additional_userdata"] }, var.node_groups_defaults, v, diff --git a/modules/node_groups/templates/userdata.sh.tpl b/modules/node_groups/templates/userdata.sh.tpl index fe0a37819d..23bf491648 100644 --- a/modules/node_groups/templates/userdata.sh.tpl +++ b/modules/node_groups/templates/userdata.sh.tpl @@ -1,10 +1,9 @@ -MIME-Version: 1.0 -Content-Type: multipart/mixed; boundary="//" +#!/bin/bash -e ---// -Content-Type: text/x-shellscript; charset="us-ascii" +# Allow user supplied pre userdata code +${pre_userdata} -#!/bin/bash sed -i '/^KUBELET_EXTRA_ARGS=/a KUBELET_EXTRA_ARGS+=" ${kubelet_extra_args}"' /etc/eks/bootstrap.sh ---//-- +# Allow user supplied userdata code +${additional_userdata} From 5ff9484b88eb02e5854212430612611ea5f736d7 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 2 Feb 2021 17:49:55 +0100 Subject: [PATCH 08/18] fix: remove additonnal user data as they are the same as pre Signed-off-by: Kevin Lefevre --- modules/node_groups/launchtemplate.tf | 5 ++--- modules/node_groups/templates/userdata.sh.tpl | 3 --- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/modules/node_groups/launchtemplate.tf b/modules/node_groups/launchtemplate.tf index 7075f1e3b7..215392ad79 100644 --- a/modules/node_groups/launchtemplate.tf +++ b/modules/node_groups/launchtemplate.tf @@ -8,9 +8,8 @@ data "cloudinit_config" "workers_userdata" { content_type = "text/x-shellscript" content = templatefile("${path.module}/templates/userdata.sh.tpl", { - pre_userdata = each.value["pre_userdata"] - kubelet_extra_args = each.value["kubelet_extra_args"] - additional_userdata = each.value["additional_userdata"] + pre_userdata = each.value["pre_userdata"] + kubelet_extra_args = each.value["kubelet_extra_args"] } ) diff --git a/modules/node_groups/templates/userdata.sh.tpl b/modules/node_groups/templates/userdata.sh.tpl index 23bf491648..3aecd0aabb 100644 --- a/modules/node_groups/templates/userdata.sh.tpl +++ b/modules/node_groups/templates/userdata.sh.tpl @@ -4,6 +4,3 @@ ${pre_userdata} sed -i '/^KUBELET_EXTRA_ARGS=/a KUBELET_EXTRA_ARGS+=" ${kubelet_extra_args}"' /etc/eks/bootstrap.sh - -# Allow user supplied userdata code -${additional_userdata} From bb1f95b4c84f514bc927eb9edab00488102eb23c Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 2 Feb 2021 18:07:49 +0100 Subject: [PATCH 09/18] fix: typo monitoring Signed-off-by: Kevin Lefevre --- modules/node_groups/locals.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/node_groups/locals.tf b/modules/node_groups/locals.tf index 6da7759ea6..ee70773ebe 100644 --- a/modules/node_groups/locals.tf +++ b/modules/node_groups/locals.tf @@ -15,11 +15,10 @@ locals { kubelet_extra_args = var.workers_group_defaults["kubelet_extra_args"] disk_size = var.workers_group_defaults["root_volume_size"] disk_type = var.workers_group_defaults["root_volume_type"] - enabled_monitoring = var.workers_group_defaults["enable_monitoring"] + enable_monitoring = var.workers_group_defaults["enable_monitoring"] eni_delete = var.workers_group_defaults["eni_delete"] public_ip = var.workers_group_defaults["public_ip"] pre_userdata = var.workers_group_defaults["pre_userdata"] - additional_userdata = var.workers_group_defaults["additional_userdata"] }, var.node_groups_defaults, v, From d14f010e434f41a006b2d7840b0e73cb806eb723 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Tue, 2 Feb 2021 18:08:02 +0100 Subject: [PATCH 10/18] chore: add new variable to README Signed-off-by: Kevin Lefevre --- modules/node_groups/README.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md index 5b5a003a18..01659e17c0 100644 --- a/modules/node_groups/README.md +++ b/modules/node_groups/README.md @@ -23,6 +23,7 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In | capacity\_type | Type of instance capacity to provision. Options are `ON_DEMAND` and `SPOT` | string | Provider default behavior | | desired\_capacity | Desired number of workers | number | `var.workers_group_defaults[asg_desired_capacity]` | | disk\_size | Workers' disk size | number | Provider default behavior | +| disk\_type | Workers' disk type. Require `create_launch_template` to be `true`| number | `gp3` | | iam\_role\_arn | IAM role ARN for workers | string | `var.default_iam_role_arn` | | instance\_types | Node group's instance type(s). Multiple types can be specified when `capacity_type="SPOT"`. | list | `[var.workers_group_defaults[instance_type]]` | | k8s\_labels | Kubernetes labels | map(string) | No labels applied | @@ -35,8 +36,12 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In | source\_security\_group\_ids | Source security groups for remote access to workers | list(string) | If key\_name is specified: THE REMOTE ACCESS WILL BE OPENED TO THE WORLD | | subnets | Subnets to contain workers | list(string) | `var.workers_group_defaults[subnets]` | | version | Kubernetes version | string | Provider default behavior | -| create_launch_template | Create and use a default launch template | `false` | -| kubelet_extra_args | This string is passed directly to kubelet if set. Useful for adding labels or taints. Require `create_launch_template` to be `true`| "" | +| create_launch_template | Create and use a default launch template | bool | `false` | +| kubelet_extra_args | This string is passed directly to kubelet if set. Useful for adding labels or taints. Require `create_launch_template` to be `true`| string | "" | +| enable_monitoring | Enables/disables detailed monitoring. Require `create_launch_template` to be `true`| bool | `true` | +| eni_delete | Delete the Elastic Network Interface (ENI) on termination (if set to false you will have to manually delete before destroying) | bool | `true` | +| public_ip | Associate a public ip address with a worker. Require `create_launch_template` to be `true`| string | `false` +| pre_userdata | userdata to pre-append to the default userdata. Require `create_launch_template` to be `true`| string | "" | ## Requirements @@ -48,8 +53,8 @@ No requirements. | Name | Version | |------|---------| | aws | n/a | +| cloudinit | n/a | | random | n/a | -| template | n/a | ## Inputs From 315db50d730743169863585367e2748ae12dec65 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Wed, 3 Feb 2021 22:22:40 +0100 Subject: [PATCH 11/18] feat: implement security group logic Signed-off-by: Kevin Lefevre --- modules/node_groups/launchtemplate.tf | 9 +++++++ modules/node_groups/locals.tf | 35 ++++++++++++++------------- modules/node_groups/variables.tf | 12 +++++++++ node_groups.tf | 18 ++++++++------ 4 files changed, 49 insertions(+), 25 deletions(-) diff --git a/modules/node_groups/launchtemplate.tf b/modules/node_groups/launchtemplate.tf index 215392ad79..0537e3f69f 100644 --- a/modules/node_groups/launchtemplate.tf +++ b/modules/node_groups/launchtemplate.tf @@ -47,6 +47,15 @@ resource "aws_launch_template" "workers" { network_interfaces { associate_public_ip_address = lookup(each.value, "public_ip", null) delete_on_termination = lookup(each.value, "eni_delete", null) + security_groups = flatten([ + var.worker_security_group_id, + var.worker_additional_security_group_ids, + lookup( + each.value, + "additional_security_group_ids", + null, + ), + ]) } # if you want to use a custom AMI diff --git a/modules/node_groups/locals.tf b/modules/node_groups/locals.tf index ee70773ebe..33137bcc0b 100644 --- a/modules/node_groups/locals.tf +++ b/modules/node_groups/locals.tf @@ -2,23 +2,24 @@ locals { # Merge defaults and per-group values to make code cleaner node_groups_expanded = { for k, v in var.node_groups : k => merge( { - desired_capacity = var.workers_group_defaults["asg_desired_capacity"] - iam_role_arn = var.default_iam_role_arn - instance_types = [var.workers_group_defaults["instance_type"]] - key_name = var.workers_group_defaults["key_name"] - launch_template_id = var.workers_group_defaults["launch_template_id"] - launch_template_version = var.workers_group_defaults["launch_template_version"] - max_capacity = var.workers_group_defaults["asg_max_size"] - min_capacity = var.workers_group_defaults["asg_min_size"] - subnets = var.workers_group_defaults["subnets"] - create_launch_template = false - kubelet_extra_args = var.workers_group_defaults["kubelet_extra_args"] - disk_size = var.workers_group_defaults["root_volume_size"] - disk_type = var.workers_group_defaults["root_volume_type"] - enable_monitoring = var.workers_group_defaults["enable_monitoring"] - eni_delete = var.workers_group_defaults["eni_delete"] - public_ip = var.workers_group_defaults["public_ip"] - pre_userdata = var.workers_group_defaults["pre_userdata"] + desired_capacity = var.workers_group_defaults["asg_desired_capacity"] + iam_role_arn = var.default_iam_role_arn + instance_types = [var.workers_group_defaults["instance_type"]] + key_name = var.workers_group_defaults["key_name"] + launch_template_id = var.workers_group_defaults["launch_template_id"] + launch_template_version = var.workers_group_defaults["launch_template_version"] + max_capacity = var.workers_group_defaults["asg_max_size"] + min_capacity = var.workers_group_defaults["asg_min_size"] + subnets = var.workers_group_defaults["subnets"] + create_launch_template = false + kubelet_extra_args = var.workers_group_defaults["kubelet_extra_args"] + disk_size = var.workers_group_defaults["root_volume_size"] + disk_type = var.workers_group_defaults["root_volume_type"] + enable_monitoring = var.workers_group_defaults["enable_monitoring"] + eni_delete = var.workers_group_defaults["eni_delete"] + public_ip = var.workers_group_defaults["public_ip"] + pre_userdata = var.workers_group_defaults["pre_userdata"] + additional_security_group_ids = var.workers_group_defaults["additional_security_group_ids"] }, var.node_groups_defaults, v, diff --git a/modules/node_groups/variables.tf b/modules/node_groups/variables.tf index fc869d9d99..585beb5f91 100644 --- a/modules/node_groups/variables.tf +++ b/modules/node_groups/variables.tf @@ -19,6 +19,18 @@ variable "workers_group_defaults" { type = any } +variable "worker_security_group_id" { + description = "If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster." + type = string + default = "" +} + +variable "worker_additional_security_group_ids" { + description = "A list of additional security group ids to attach to worker instances" + type = list(string) + default = [] +} + variable "tags" { description = "A map of tags to add to all resources" type = map(string) diff --git a/node_groups.tf b/node_groups.tf index 6721f51aa2..d98979310f 100644 --- a/node_groups.tf +++ b/node_groups.tf @@ -1,12 +1,14 @@ module "node_groups" { - source = "./modules/node_groups" - create_eks = var.create_eks - cluster_name = coalescelist(aws_eks_cluster.this[*].name, [""])[0] - default_iam_role_arn = coalescelist(aws_iam_role.workers[*].arn, [""])[0] - workers_group_defaults = local.workers_group_defaults - tags = var.tags - node_groups_defaults = var.node_groups_defaults - node_groups = var.node_groups + source = "./modules/node_groups" + create_eks = var.create_eks + cluster_name = coalescelist(aws_eks_cluster.this[*].name, [""])[0] + default_iam_role_arn = coalescelist(aws_iam_role.workers[*].arn, [""])[0] + workers_group_defaults = local.workers_group_defaults + worker_security_group_id = local.worker_security_group_id + worker_additional_security_group_ids = var.worker_additional_security_group_ids + tags = var.tags + node_groups_defaults = var.node_groups_defaults + node_groups = var.node_groups # Hack to ensure ordering of resource creation. # This is a homemade `depends_on` https://discuss.hashicorp.com/t/tips-howto-implement-module-depends-on-emulation/2305/2 From 01d468bf771189b32f8024ef31aceb49405ac8f7 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Wed, 3 Feb 2021 22:27:24 +0100 Subject: [PATCH 12/18] chore: add docs Signed-off-by: Kevin Lefevre --- modules/node_groups/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md index 01659e17c0..94519f4e56 100644 --- a/modules/node_groups/README.md +++ b/modules/node_groups/README.md @@ -67,6 +67,8 @@ No requirements. | node\_groups | Map of maps of `eks_node_groups` to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | `{}` | no | | node\_groups\_defaults | map of maps of node groups to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | n/a | yes | | tags | A map of tags to add to all resources | `map(string)` | n/a | yes | +| worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | `list(string)` | `[]` | no | +| worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster. | `string` | `""` | no | | workers\_group\_defaults | Workers group defaults from parent | `any` | n/a | yes | ## Outputs From fe9d129ad4918925e1d67fe2dd7194ec51c5b488 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Fri, 19 Feb 2021 10:55:19 +0100 Subject: [PATCH 13/18] fix: take first instance type into account Signed-off-by: Kevin Lefevre --- modules/node_groups/launchtemplate.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/node_groups/launchtemplate.tf b/modules/node_groups/launchtemplate.tf index 0537e3f69f..df8b447dcd 100644 --- a/modules/node_groups/launchtemplate.tf +++ b/modules/node_groups/launchtemplate.tf @@ -38,7 +38,7 @@ resource "aws_launch_template" "workers" { } } - instance_type = each.value.instance_type + instance_type = element(each.value.instance_types, 0) monitoring { enabled = lookup(each.value, "enable_monitoring", null) From 6bf7c3663db94a4215f598bf70ce0cd666e84024 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Fri, 19 Feb 2021 12:12:22 +0100 Subject: [PATCH 14/18] chore: update README for terraform-docs Signed-off-by: Kevin Lefevre --- README.md | 35 +++++++++++++++++++++++++++++++++++ modules/node_groups/README.md | 13 +++++++++++++ 2 files changed, 48 insertions(+) diff --git a/README.md b/README.md index a513473299..a079bfa458 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,41 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | random | >= 2.1 | | template | >= 2.1 | +## Modules + +| Name | Source | Version | +|------|--------|---------| +| fargate | ./modules/fargate | | +| node_groups | ./modules/node_groups | | + +## Resources + +| Name | +|------| +| [aws_ami](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/ami) | +| [aws_autoscaling_group](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/autoscaling_group) | +| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/caller_identity) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/cloudwatch_log_group) | +| [aws_eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/eks_cluster) | +| [aws_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/iam_instance_profile) | +| [aws_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/iam_instance_profile) | +| [aws_iam_openid_connect_provider](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/iam_openid_connect_provider) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/iam_policy_document) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/iam_policy) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/iam_role_policy_attachment) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/iam_role) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/iam_role) | +| [aws_launch_configuration](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/launch_configuration) | +| [aws_launch_template](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/launch_template) | +| [aws_partition](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/partition) | +| [aws_security_group_rule](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/security_group_rule) | +| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/security_group) | +| [kubernetes_config_map](https://registry.terraform.io/providers/hashicorp/kubernetes/1.11.1/docs/resources/config_map) | +| [local_file](https://registry.terraform.io/providers/hashicorp/local/1.4/docs/resources/file) | +| [null_resource](https://registry.terraform.io/providers/hashicorp/null/2.1/docs/resources/resource) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2.1/docs/resources/pet) | +| [template_file](https://registry.terraform.io/providers/hashicorp/template/2.1/docs/data-sources/file) | + ## Inputs | Name | Description | Type | Default | Required | diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md index 94519f4e56..8c91540a56 100644 --- a/modules/node_groups/README.md +++ b/modules/node_groups/README.md @@ -56,6 +56,19 @@ No requirements. | cloudinit | n/a | | random | n/a | +## Modules + +No Modules. + +## Resources + +| Name | +|------| +| [aws_eks_node_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group) | +| [aws_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | +| [cloudinit_config](https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/config) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | + ## Inputs | Name | Description | Type | Default | Required | From 71739b938a49c97d08779c1262f883182238fcbe Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Fri, 19 Feb 2021 12:20:25 +0100 Subject: [PATCH 15/18] chore: update README for terraform-docs Signed-off-by: Kevin Lefevre --- modules/fargate/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/modules/fargate/README.md b/modules/fargate/README.md index 8b4c72f25e..39f53039b0 100644 --- a/modules/fargate/README.md +++ b/modules/fargate/README.md @@ -27,6 +27,20 @@ No requirements. |------|---------| | aws | n/a | +## Modules + +No Modules. + +## Resources + +| Name | +|------| +| [aws_eks_fargate_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_fargate_profile) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | + ## Inputs | Name | Description | Type | Default | Required | From 0d12a8f3f131c36a3585d97e7ff632f04eb1fdb2 Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Fri, 19 Feb 2021 13:56:31 +0100 Subject: [PATCH 16/18] chore: update README for terraform-docs Signed-off-by: Kevin Lefevre --- README.md | 1 - modules/fargate/README.md | 1 - modules/node_groups/README.md | 1 - 3 files changed, 3 deletions(-) diff --git a/README.md b/README.md index a079bfa458..5a1ac9bdd9 100644 --- a/README.md +++ b/README.md @@ -303,5 +303,4 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | workers\_launch\_template\_ids | IDs of the worker launch templates. | | workers\_launch\_template\_latest\_versions | Latest versions of the worker launch templates. | | workers\_user\_data | User data of worker groups | - diff --git a/modules/fargate/README.md b/modules/fargate/README.md index 39f53039b0..ae0e251dee 100644 --- a/modules/fargate/README.md +++ b/modules/fargate/README.md @@ -66,5 +66,4 @@ No Modules. | fargate\_profile\_ids | EKS Cluster name and EKS Fargate Profile names separated by a colon (:). | | iam\_role\_arn | IAM role ARN for EKS Fargate pods | | iam\_role\_name | IAM role name for EKS Fargate pods | - diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md index 8c91540a56..3b08dcd5b4 100644 --- a/modules/node_groups/README.md +++ b/modules/node_groups/README.md @@ -90,5 +90,4 @@ No Modules. |------|-------------| | aws\_auth\_roles | Roles for use in aws-auth ConfigMap | | node\_groups | Outputs from EKS node groups. Map of maps, keyed by `var.node_groups` keys. See `aws_eks_node_group` Terraform documentation for values | - From 2ec6da99f52e7a5a6a2020ef6b803881148974aa Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Sat, 20 Mar 2021 12:03:39 +0100 Subject: [PATCH 17/18] feat: add latest logic Signed-off-by: Kevin Lefevre --- .gitignore | 1 + README.md | 46 +++++++++++++-------------- modules/fargate/README.md | 2 +- modules/node_groups/launchtemplate.tf | 2 +- modules/node_groups/locals.tf | 1 + modules/node_groups/node_groups.tf | 2 +- 6 files changed, 28 insertions(+), 26 deletions(-) diff --git a/.gitignore b/.gitignore index db3aec7ca3..7115e3546d 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ eks-admin-service-account.yaml config-map-aws-auth*.yaml kubeconfig_* *.swp +.terraform.lock.hcl diff --git a/README.md b/README.md index 5a1ac9bdd9..1f2ec13d49 100644 --- a/README.md +++ b/README.md @@ -174,29 +174,29 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | Name | |------| -| [aws_ami](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/ami) | -| [aws_autoscaling_group](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/autoscaling_group) | -| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/caller_identity) | -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/cloudwatch_log_group) | -| [aws_eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/eks_cluster) | -| [aws_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/iam_instance_profile) | -| [aws_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/iam_instance_profile) | -| [aws_iam_openid_connect_provider](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/iam_openid_connect_provider) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/iam_policy_document) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/iam_policy) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/iam_role_policy_attachment) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/iam_role) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/iam_role) | -| [aws_launch_configuration](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/launch_configuration) | -| [aws_launch_template](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/launch_template) | -| [aws_partition](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/data-sources/partition) | -| [aws_security_group_rule](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/security_group_rule) | -| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/3.22.0/docs/resources/security_group) | -| [kubernetes_config_map](https://registry.terraform.io/providers/hashicorp/kubernetes/1.11.1/docs/resources/config_map) | -| [local_file](https://registry.terraform.io/providers/hashicorp/local/1.4/docs/resources/file) | -| [null_resource](https://registry.terraform.io/providers/hashicorp/null/2.1/docs/resources/resource) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/2.1/docs/resources/pet) | -| [template_file](https://registry.terraform.io/providers/hashicorp/template/2.1/docs/data-sources/file) | +| [aws_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | +| [aws_autoscaling_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | +| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | +| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | +| [aws_eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster) | +| [aws_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_instance_profile) | +| [aws_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | +| [aws_iam_openid_connect_provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | +| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | +| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | +| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | +| [aws_launch_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration) | +| [aws_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | +| [aws_partition](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | +| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | +| [aws_security_group_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | +| [kubernetes_config_map](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | +| [local_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | +| [null_resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | +| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| [template_file](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | ## Inputs diff --git a/modules/fargate/README.md b/modules/fargate/README.md index ae0e251dee..7615eeb6f5 100644 --- a/modules/fargate/README.md +++ b/modules/fargate/README.md @@ -37,9 +37,9 @@ No Modules. |------| | [aws_eks_fargate_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_fargate_profile) | | [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | | [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | | [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | +| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | ## Inputs diff --git a/modules/node_groups/launchtemplate.tf b/modules/node_groups/launchtemplate.tf index df8b447dcd..1da04e2037 100644 --- a/modules/node_groups/launchtemplate.tf +++ b/modules/node_groups/launchtemplate.tf @@ -38,7 +38,7 @@ resource "aws_launch_template" "workers" { } } - instance_type = element(each.value.instance_types, 0) + instance_type = each.value["set_instance_types_on_lt"] ? element(each.value.instance_types, 0) : null monitoring { enabled = lookup(each.value, "enable_monitoring", null) diff --git a/modules/node_groups/locals.tf b/modules/node_groups/locals.tf index 33137bcc0b..3c510d70ab 100644 --- a/modules/node_groups/locals.tf +++ b/modules/node_groups/locals.tf @@ -8,6 +8,7 @@ locals { key_name = var.workers_group_defaults["key_name"] launch_template_id = var.workers_group_defaults["launch_template_id"] launch_template_version = var.workers_group_defaults["launch_template_version"] + set_instance_types_on_lt = false max_capacity = var.workers_group_defaults["asg_max_size"] min_capacity = var.workers_group_defaults["asg_min_size"] subnets = var.workers_group_defaults["subnets"] diff --git a/modules/node_groups/node_groups.tf b/modules/node_groups/node_groups.tf index f129cb1cde..8b9904cb17 100644 --- a/modules/node_groups/node_groups.tf +++ b/modules/node_groups/node_groups.tf @@ -15,7 +15,7 @@ resource "aws_eks_node_group" "workers" { ami_type = lookup(each.value, "ami_type", null) disk_size = each.value["launch_template_id"] != null || each.value["create_launch_template"] ? null : lookup(each.value, "disk_size", null) - instance_types = each.value["launch_template_id"] != null || each.value["create_launch_template"] ? [] : [each.value["instance_type"]] + instance_types = !each.value["set_instance_types_on_lt"] ? each.value["instance_types"] : null release_version = lookup(each.value, "ami_release_version", null) capacity_type = lookup(each.value, "capacity_type", null) From 26ee15335a285e2ea972beb7dcc6e5227cab087e Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Fri, 16 Apr 2021 19:33:04 +0200 Subject: [PATCH 18/18] chore: fix docs Signed-off-by: Kevin Lefevre --- README.md | 35 ----------------------------------- modules/fargate/README.md | 14 -------------- modules/node_groups/README.md | 18 +++++------------- 3 files changed, 5 insertions(+), 62 deletions(-) diff --git a/README.md b/README.md index c4a51a541c..4687b2e829 100644 --- a/README.md +++ b/README.md @@ -224,41 +224,6 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | [template_file.launch_template_userdata](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | | [template_file.userdata](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | -## Modules - -| Name | Source | Version | -|------|--------|---------| -| fargate | ./modules/fargate | | -| node_groups | ./modules/node_groups | | - -## Resources - -| Name | -|------| -| [aws_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | -| [aws_autoscaling_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | -| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | -| [aws_cloudwatch_log_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | -| [aws_eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster) | -| [aws_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_instance_profile) | -| [aws_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | -| [aws_iam_openid_connect_provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | -| [aws_launch_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration) | -| [aws_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | -| [aws_partition](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | -| [aws_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | -| [aws_security_group_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | -| [kubernetes_config_map](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | -| [local_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | -| [null_resource](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | -| [template_file](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | - ## Inputs | Name | Description | Type | Default | Required | diff --git a/modules/fargate/README.md b/modules/fargate/README.md index 5397bad6bf..d31e59735b 100644 --- a/modules/fargate/README.md +++ b/modules/fargate/README.md @@ -44,20 +44,6 @@ No modules. | [aws_iam_policy_document.eks_fargate_pod_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_role.custom_fargate_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source | -## Modules - -No Modules. - -## Resources - -| Name | -|------| -| [aws_eks_fargate_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_fargate_profile) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | - ## Inputs | Name | Description | Type | Default | Required | diff --git a/modules/node_groups/README.md b/modules/node_groups/README.md index 6f2c513e4d..b7443cb326 100644 --- a/modules/node_groups/README.md +++ b/modules/node_groups/README.md @@ -57,6 +57,7 @@ The role ARN specified in `var.default_iam_role_arn` will be used by default. In | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 3.22.0 | +| [cloudinit](#provider\_cloudinit) | n/a | | [random](#provider\_random) | >= 2.1 | ## Modules @@ -68,20 +69,9 @@ No modules. | Name | Type | |------|------| | [aws_eks_node_group.workers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group) | resource | +| [aws_launch_template.workers](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource | | [random_pet.node_groups](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | - -## Modules - -No Modules. - -## Resources - -| Name | -|------| -| [aws_eks_node_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group) | -| [aws_launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | -| [cloudinit_config](https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/config) | -| [random_pet](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | +| [cloudinit_config.workers_userdata](https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/config) | data source | ## Inputs @@ -94,6 +84,8 @@ No Modules. | [node\_groups](#input\_node\_groups) | Map of maps of `eks_node_groups` to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | `{}` | no | | [node\_groups\_defaults](#input\_node\_groups\_defaults) | map of maps of node groups to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | n/a | yes | | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | n/a | yes | +| [worker\_additional\_security\_group\_ids](#input\_worker\_additional\_security\_group\_ids) | A list of additional security group ids to attach to worker instances | `list(string)` | `[]` | no | +| [worker\_security\_group\_id](#input\_worker\_security\_group\_id) | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster. | `string` | `""` | no | | [workers\_group\_defaults](#input\_workers\_group\_defaults) | Workers group defaults from parent | `any` | n/a | yes | ## Outputs