From 93ba18a317bc76ffcb5d952191aca4a3cccc19a3 Mon Sep 17 00:00:00 2001 From: Vandan Juvekar Date: Sun, 13 Jun 2021 17:28:06 -0400 Subject: [PATCH 1/2] Changes for upgrading Terraform version to v1.0.0, including version updates for AWS provider to v3.37.0 and EKS module to v15.2.0 --- README.md | 20 ++++++++++--------- .../eks-managed-nodegroups-fargate.tfvars | 2 +- .../eks-with-bottlerocket-nodegroup.tfvars | 2 +- .../eks-with-lb-ingress.tfvars | 2 +- .../traefik-ingress-with-eks.tfvars | 2 +- .../eks-with-fluentbit-logging.tfvars | 2 +- .../eu-west-1/application/dev/base.tfvars | 2 +- modules/launch-templates/main.tf | 2 +- source/README.md | 20 +++++++++---------- source/main.tf | 8 ++++---- source/providers.tf | 2 +- source/versions.tf | 2 +- 12 files changed, 34 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index a8236f4a31..79ce9414f9 100644 --- a/README.md +++ b/README.md @@ -116,10 +116,11 @@ Bottlerocket can be updated automatically via Kubernetes Operator ## Prerequisites: Ensure that you have installed the following tools in your Mac or Windows Laptop before start working with this module and run Terraform Plan and Apply - 1. [aws cli] (https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) - 2. [aws-iam-authenticator] (https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) - 3. [kubectl] (https://Kubernetes .io/docs/tasks/tools/) - 4. wget +1. [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) +2. [aws-iam-authenticator](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html) +3. [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli) +4. [kubectl](https://kubernetes.io/docs/tasks/tools/) +5. wget ## Deployment Steps The following steps walks you through the deployment of example [DEV cluster](live/preprod/eu-west-1/application/dev/base.tfvars) configuration. This config deploys a private EKS cluster with public and private subnets. @@ -133,14 +134,15 @@ It also deploys few kubernetes apps i.e., LB Ingress Controller, Metrics Server, #### Step1: Clone the repo using the command below $ git clone https://github.com/aws-samples/aws-eks-accelerator-for-terraform.git + $ cd aws-eks-accelerator-for-terraform/source #### Step2: Update base.tfvars file -Update `~/aws-terraform-eks/live/preprod/eu-west-1/application/dev/base.tfvars` file with the instructions specified in the file (OR use the default values). You can choose to use an existing VPC ID and Subnet IDs or create a new VPC and subnets by providing CIDR ranges in `base.tfvars` file +Update `~/aws-eks-accelerator-for-terraform/live/preprod/eu-west-1/application/dev/base.tfvars` file with the instructions specified in the file (OR use the default values). You can choose to use an existing VPC ID and Subnet IDs or create a new VPC and subnets by providing CIDR ranges in `base.tfvars` file #### Step3: Update Terraform backend config file -Update `~/aws-terraform-eks/live/preprod/eu-west-1/application/dev/backend.conf` with your local directory path. [state.tf](source/state.tf) file contains backend config. +Update `~/aws-eks-accelerator-for-terraform/live/preprod/eu-west-1/application/dev/backend.conf` with your local directory path. [state.tf](source/state.tf) file contains backend config. Local terraform state backend config variables path = "local_tf_state/ekscluster/preprod/application/dev/terraform-main.tfstate" @@ -159,17 +161,17 @@ This role will become the Kubernetes Admin by default. #### Step5: Run Terraform init to initialize a working directory with configuration files - $ terraform init -backend-config ./live/preprod/eu-west-1/application/dev/backend.conf source + $ terraform init -backend-config ../live/preprod/eu-west-1/application/dev/backend.conf #### Step6: Run Terraform plan to verify the resources created by this execution - $ terraform plan -var-file ./live/preprod/eu-west-1/application/dev/base.tfvars source + $ terraform plan -var-file ../live/preprod/eu-west-1/application/dev/base.tfvars #### Step7: Finally, Terraform apply to create resources - $ terraform apply -var-file ./live/preprod/eu-west-1/application/dev/base.tfvars source + $ terraform apply -var-file ../live/preprod/eu-west-1/application/dev/base.tfvars ### Configure kubectl and test cluster EKS Cluster details can be extracted from terraform output or from AWS Console to get the name of cluster. This following command used to update the `kubeconfig` in your local machine where you run kubectl commands to interact with your EKS Cluster. diff --git a/examples/eks-managed-nodegroups-fargate/eks-managed-nodegroups-fargate.tfvars b/examples/eks-managed-nodegroups-fargate/eks-managed-nodegroups-fargate.tfvars index ec2ef397f6..682524abb7 100644 --- a/examples/eks-managed-nodegroups-fargate/eks-managed-nodegroups-fargate.tfvars +++ b/examples/eks-managed-nodegroups-fargate/eks-managed-nodegroups-fargate.tfvars @@ -9,7 +9,7 @@ tenant = "aws001" # AWS account name or unique id for tenant environment = "preprod" # Environment area eg., preprod or prod zone = "dev" # Environment with in one sub_tenant or business unit region = "eu-west-1" # EKS Cluster region -terraform_version = "Terraform v0.14.9" +terraform_version = "Terraform v1.0.0" #---------------------------------------------------------# # VPC and PRIVATE SUBNET DETAILS for EKS Cluster #---------------------------------------------------------# diff --git a/examples/eks-with-bottlerocket-nodegroup/eks-with-bottlerocket-nodegroup.tfvars b/examples/eks-with-bottlerocket-nodegroup/eks-with-bottlerocket-nodegroup.tfvars index 07df4dddb3..a328795d19 100644 --- a/examples/eks-with-bottlerocket-nodegroup/eks-with-bottlerocket-nodegroup.tfvars +++ b/examples/eks-with-bottlerocket-nodegroup/eks-with-bottlerocket-nodegroup.tfvars @@ -26,7 +26,7 @@ org = "aws" # Organization Name. Used to tag resources tenant = "aws001" # AWS account name or unique id for tenant environment = "preprod" # Environment area eg., preprod or prod zone = "dev" # Environment with in one sub_tenant or business unit -terraform_version = "Terraform v0.14.9" +terraform_version = "Terraform v1.0.0" #---------------------------------------------------------# # VPC and PRIVATE SUBNET DETAILS for EKS Cluster #---------------------------------------------------------# diff --git a/examples/eks-with-lb-ingress/eks-with-lb-ingress.tfvars b/examples/eks-with-lb-ingress/eks-with-lb-ingress.tfvars index 693cbefe94..9025d1e66a 100644 --- a/examples/eks-with-lb-ingress/eks-with-lb-ingress.tfvars +++ b/examples/eks-with-lb-ingress/eks-with-lb-ingress.tfvars @@ -8,7 +8,7 @@ org = "aws" # Organization Name. Used to tag resources tenant = "aws001" # AWS account name or unique id for tenant environment = "preprod" # Environment area eg., preprod or prod zone = "dev" # Environment with in one sub_tenant or business unit -terraform_version = "Terraform v0.14.9" +terraform_version = "Terraform v1.0.0" #---------------------------------------------------------# # VPC and PRIVATE SUBNET DETAILS for EKS Cluster #---------------------------------------------------------# diff --git a/examples/eks-with-traefik-ingress/traefik-ingress-with-eks.tfvars b/examples/eks-with-traefik-ingress/traefik-ingress-with-eks.tfvars index d41443193a..9c2deec895 100644 --- a/examples/eks-with-traefik-ingress/traefik-ingress-with-eks.tfvars +++ b/examples/eks-with-traefik-ingress/traefik-ingress-with-eks.tfvars @@ -8,7 +8,7 @@ org = "aws" # Organization Name. Used to tag resources tenant = "aws001" # AWS account name or unique id for tenant environment = "preprod" # Environment area eg., preprod or prod zone = "dev" # Environment with in one sub_tenant or business unit -terraform_version = "Terraform v0.14.9" +terraform_version = "Terraform v1.0.0" #---------------------------------------------------------# # VPC and PRIVATE SUBNET DETAILS for EKS Cluster #---------------------------------------------------------# diff --git a/examples/fluentbit-logging/eks-with-fluentbit-logging.tfvars b/examples/fluentbit-logging/eks-with-fluentbit-logging.tfvars index ebbb2340cd..e07308b002 100644 --- a/examples/fluentbit-logging/eks-with-fluentbit-logging.tfvars +++ b/examples/fluentbit-logging/eks-with-fluentbit-logging.tfvars @@ -8,7 +8,7 @@ org = "aws" # Organization Name. Used to tag resources tenant = "aws001" # AWS account name or unique id for tenant environment = "preprod" # Environment area eg., preprod or prod zone = "dev" # Environment with in one sub_tenant or business unit -terraform_version = "Terraform v0.14.9" +terraform_version = "Terraform v1.0.0" #---------------------------------------------------------# # VPC and PRIVATE SUBNET DETAILS for EKS Cluster #---------------------------------------------------------# diff --git a/live/preprod/eu-west-1/application/dev/base.tfvars b/live/preprod/eu-west-1/application/dev/base.tfvars index 07df4dddb3..a328795d19 100644 --- a/live/preprod/eu-west-1/application/dev/base.tfvars +++ b/live/preprod/eu-west-1/application/dev/base.tfvars @@ -26,7 +26,7 @@ org = "aws" # Organization Name. Used to tag resources tenant = "aws001" # AWS account name or unique id for tenant environment = "preprod" # Environment area eg., preprod or prod zone = "dev" # Environment with in one sub_tenant or business unit -terraform_version = "Terraform v0.14.9" +terraform_version = "Terraform v1.0.0" #---------------------------------------------------------# # VPC and PRIVATE SUBNET DETAILS for EKS Cluster #---------------------------------------------------------# diff --git a/modules/launch-templates/main.tf b/modules/launch-templates/main.tf index 127b353141..5052ee84d8 100644 --- a/modules/launch-templates/main.tf +++ b/modules/launch-templates/main.tf @@ -55,7 +55,7 @@ resource "aws_launch_template" "default" { tag_specifications { resource_type = "instance" - tags = merge(var.tags, map("Name", "${var.cluster_name}-${var.node_group_name}")) + tags = merge(var.tags, tomap({"Name" = "${var.cluster_name}-${var.node_group_name}"})) } network_interfaces { diff --git a/source/README.md b/source/README.md index b45d54fa2d..a5ce178ffc 100644 --- a/source/README.md +++ b/source/README.md @@ -2,8 +2,8 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 0.12 | -| [aws](#requirement\_aws) | 3.34.0 | +| [terraform](#requirement\_terraform) | >= 1.0.0 | +| [aws](#requirement\_aws) | 3.37.0 | | [helm](#requirement\_helm) | 2.0.3 | | [kubernetes](#requirement\_kubernetes) | 2.0.3 | @@ -11,13 +11,13 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | 3.34.0 | +| [aws](#provider\_aws) | 3.37.0 | ## Modules | Name | Source | Version | |------|--------|---------| -| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 14.0.0 | +| [eks](#module\_eks) | terraform-aws-modules/eks/aws | 15.2.0 | | [eks-label](#module\_eks-label) | ../modules/aws-resource-label | | | [helm](#module\_helm) | ../helm | | | [iam](#module\_iam) | ../modules/iam | | @@ -32,12 +32,12 @@ | Name | Type | |------|------| -| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/3.34.0/docs/data-sources/availability_zones) | data source | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/3.34.0/docs/data-sources/caller_identity) | data source | -| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/3.34.0/docs/data-sources/eks_cluster) | data source | -| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/3.34.0/docs/data-sources/eks_cluster_auth) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/3.34.0/docs/data-sources/region) | data source | -| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/3.34.0/docs/data-sources/security_group) | data source | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/3.37.0/docs/data-sources/availability_zones) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/3.37.0/docs/data-sources/caller_identity) | data source | +| [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/3.37.0/docs/data-sources/eks_cluster) | data source | +| [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/3.37.0/docs/data-sources/eks_cluster_auth) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/3.37.0/docs/data-sources/region) | data source | +| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/3.37.0/docs/data-sources/security_group) | data source | ## Inputs diff --git a/source/main.tf b/source/main.tf index 0bd1f5fe79..1df5f30d1b 100644 --- a/source/main.tf +++ b/source/main.tf @@ -16,9 +16,9 @@ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ locals { - tags = merge(map("kubernetes.io/cluster/${module.eks-label.id}", "shared"), map("created-by", var.terraform_version)) - private_subnet_tags = merge(map("kubernetes.io/cluster/${module.eks-label.id}", "shared"), map("kubernetes.io/role/internal-elb", "1"), map("created-by", var.terraform_version)) - public_subnet_tags = merge(map("kubernetes.io/cluster/${module.eks-label.id}", "shared"), map("kubernetes.io/role/elb", "1"), map("created-by", var.terraform_version)) + tags = merge(tomap({"kubernetes.io/cluster/${module.eks-label.id}" = "shared"}), tomap({"created-by" = var.terraform_version})) + private_subnet_tags = merge(tomap({"kubernetes.io/cluster/${module.eks-label.id}" = "shared"}), tomap({"kubernetes.io/role/internal-elb" = "1"}), tomap({"created-by" = var.terraform_version})) + public_subnet_tags = merge(tomap({"kubernetes.io/cluster/${module.eks-label.id}" = "shared"}), tomap({"kubernetes.io/role/elb" = "1"}), tomap({"created-by" = var.terraform_version})) } locals { @@ -173,7 +173,7 @@ module "rbac" { # --------------------------------------------------------------------------------------------------------------------- module "eks" { source = "terraform-aws-modules/eks/aws" - version = "14.0.0" + version = "15.2.0" vpc_id = var.create_vpc == false ? var.vpc_id : module.vpc.vpc_id cluster_name = module.eks-label.id cluster_version = var.kubernetes_version diff --git a/source/providers.tf b/source/providers.tf index e701b5b291..94dced5730 100644 --- a/source/providers.tf +++ b/source/providers.tf @@ -20,7 +20,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "3.34.0" + version = "3.37.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/source/versions.tf b/source/versions.tf index 5d6e1a72b4..1e63857316 100644 --- a/source/versions.tf +++ b/source/versions.tf @@ -17,5 +17,5 @@ */ terraform { - required_version = ">= 0.13" + required_version = ">= 1.0.0" } \ No newline at end of file From e750d924da80b4090e0b6179a9ac1bfc4463d204 Mon Sep 17 00:00:00 2001 From: Vandan Juvekar Date: Tue, 15 Jun 2021 19:31:22 -0400 Subject: [PATCH 2/2] Updated Makefile for TF v1.0.0 upgrade --- Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index dbbbdeb31a..5c645e5f7f 100644 --- a/Makefile +++ b/Makefile @@ -4,16 +4,16 @@ all-test: clean tf-plan-eks .PHONY: clean clean: - rm -rf .terraform + rm -rf source/.terraform .PHONY: tf-plan-eks tf-plan-eks: - terraform init -backend-config ./live/preprod/eu-west-1/application/dev/backend.conf -reconfigure source && terraform validate && terraform plan -var-file ./live/preprod/eu-west-1/application/dev/base.tfvars source + cd source && terraform init -backend-config ../live/preprod/eu-west-1/application/dev/backend.conf -reconfigure && terraform validate && terraform plan -var-file ../live/preprod/eu-west-1/application/dev/base.tfvars .PHONY: tf-apply-eks tf-apply-eks: - terraform init -backend-config ./live/preprod/eu-west-1/application/dev/backend.conf -reconfigure source && terraform validate && terraform apply -var-file ./live/preprod/eu-west-1/application/dev/base.tfvars -auto-approve source + cd source && terraform init -backend-config ../live/preprod/eu-west-1/application/dev/backend.conf -reconfigure && terraform validate && terraform apply -var-file ../live/preprod/eu-west-1/application/dev/base.tfvars -auto-approve .PHONY: tf-destroy-eks tf-destroy-test: - terraform init -backend-config ./live/preprod/eu-west-1/application/dev/backend.conf -reconfigure source && terraform validate && terraform destroy -var-file ./live/preprod/eu-west-1/application/dev/base.tfvars source -auto-approve source + cd source && terraform init -backend-config ../live/preprod/eu-west-1/application/dev/backend.conf -reconfigure && terraform validate && terraform destroy -var-file ../live/preprod/eu-west-1/application/dev/base.tfvars -auto-approve