From 70d6d9019200a2671ec67a1ac2371fe3300393be Mon Sep 17 00:00:00 2001 From: marcincuber Date: Tue, 1 Sep 2020 11:10:52 +0100 Subject: [PATCH] Add support for launch template and tf 0.13 --- .pre-commit-config.yaml | 2 +- README.md | 11 +- examples/multiaz-node-group/main.tf | 7 +- examples/single-named-node-group/main.tf | 5 +- .../main.tf | 158 ++++++++++++++++++ .../userdata.tpl | 17 ++ examples/single-node-group/main.tf | 5 +- main.tf | 29 ++-- variables.tf | 22 +-- versions.tf | 2 +- 10 files changed, 219 insertions(+), 39 deletions(-) create mode 100644 examples/single-node-group-with-launch-template/main.tf create mode 100644 examples/single-node-group-with-launch-template/userdata.tpl diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d688e1b..3440e21 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -18,7 +18,7 @@ repos: args: ['--allow-missing-credentials'] - id: trailing-whitespace - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.31.0 + rev: v1.36.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/README.md b/README.md index 1f40c11..93ac7e8 100644 --- a/README.md +++ b/README.md @@ -3,20 +3,19 @@ Terraform module to provision EKS Managed Node Group ## Resources created -This module will create EKS managed Node Group that will join your existing Kubernetes cluster. +This module will create EKS managed Node Group that will join your existing Kubernetes cluster. It supports use of launch template which will allow you to further enhance and modify worker nodes. ## Terraform versions -Terraform 0.12. Pin module version to `~> v2.0`. Submit pull-requests to `master` branch. +Terraform 0.12. Pin module version to `~> v3.0`. Submit pull-requests to `master` branch. ## Usage ```hcl module "eks-node-group" { source = "umotif-public/eks-node-group/aws" - version = "~> 2.0.0" + version = "~> 3.0.0" - enabled = true cluster_name = aws_eks_cluster.cluster.id subnet_ids = ["subnet-1","subnet-2","subnet-3"] @@ -43,12 +42,14 @@ module "eks-node-group" { ## Assumptions -Module is to be used with Terraform > 0.12. +Module is to be used with Terraform > 0.13. Fully working with Terraform 0.12 as well. ## Examples * [EKS Node Group- single](https://github.com/umotif-public/terraform-aws-eks-node-group/tree/master/examples/single-node-group) * [EKS Node Group- multiple az setup](https://github.com/umotif-public/terraform-aws-eks-node-group/tree/master/examples/multiaz-node-group) +* [EKS Node Group- single named node group](https://github.com/umotif-public/terraform-aws-eks-node-group/tree/master/examples/single-named-node-group) +* [EKS Node Group- single with launch template](https://github.com/umotif-public/terraform-aws-eks-node-group/tree/master/examples/single-node-group-with-launch-template) ## Authors diff --git a/examples/multiaz-node-group/main.tf b/examples/multiaz-node-group/main.tf index 25f3452..eb5b281 100644 --- a/examples/multiaz-node-group/main.tf +++ b/examples/multiaz-node-group/main.tf @@ -7,7 +7,7 @@ provider "aws" { ##### module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.21.0" + version = "2.48.0" name = "simple-vpc" @@ -46,7 +46,7 @@ resource "aws_eks_cluster" "cluster" { enabled_cluster_log_types = [] name = "eks" role_arn = aws_iam_role.cluster.arn - version = "1.14" + version = "1.17" vpc_config { subnet_ids = flatten([module.vpc.public_subnets, module.vpc.private_subnets]) @@ -130,7 +130,6 @@ resource "aws_iam_role_policy_attachment" "main_AmazonEC2ContainerRegistryReadOn module "eks-node-group-a" { source = "../../" - enabled = true create_iam_role = false cluster_name = aws_eks_cluster.cluster.id @@ -158,7 +157,6 @@ module "eks-node-group-a" { module "eks-node-group-b" { source = "../../" - enabled = true create_iam_role = false cluster_name = aws_eks_cluster.cluster.id @@ -186,7 +184,6 @@ module "eks-node-group-b" { module "eks-node-group-c" { source = "../../" - enabled = true create_iam_role = false cluster_name = aws_eks_cluster.cluster.id diff --git a/examples/single-named-node-group/main.tf b/examples/single-named-node-group/main.tf index 03d7990..e0aaabf 100644 --- a/examples/single-named-node-group/main.tf +++ b/examples/single-named-node-group/main.tf @@ -7,7 +7,7 @@ provider "aws" { ##### module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.21.0" + version = "2.48.0" name = "simple-vpc" @@ -46,7 +46,7 @@ resource "aws_eks_cluster" "cluster" { enabled_cluster_log_types = [] name = "eks" role_arn = aws_iam_role.cluster.arn - version = "1.14" + version = "1.17" vpc_config { subnet_ids = flatten([module.vpc.public_subnets, module.vpc.private_subnets]) @@ -94,7 +94,6 @@ module "eks-node-group" { node_group_name = "example-nodegroup" node_group_role_name = "example-nodegroup" - enabled = true cluster_name = aws_eks_cluster.cluster.id subnet_ids = flatten([module.vpc.private_subnets]) diff --git a/examples/single-node-group-with-launch-template/main.tf b/examples/single-node-group-with-launch-template/main.tf new file mode 100644 index 0000000..41f5c2a --- /dev/null +++ b/examples/single-node-group-with-launch-template/main.tf @@ -0,0 +1,158 @@ +provider "aws" { + region = "eu-west-1" +} + +##### +# VPC and subnets +##### +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "2.48.0" + + name = "simple-vpc" + + cidr = "10.0.0.0/16" + + azs = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] + private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] + public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"] + + private_subnet_tags = { + "kubernetes.io/role/internal-elb" = "1" + } + + public_subnet_tags = { + "kubernetes.io/role/elb" = "1" + } + + enable_dns_hostnames = true + enable_dns_support = true + enable_nat_gateway = true + enable_vpn_gateway = true + single_nat_gateway = true + one_nat_gateway_per_az = false + + tags = { + "kubernetes.io/cluster/eks" = "shared", + Environment = "test" + } +} + +##### +# EKS Cluster +##### + +resource "aws_eks_cluster" "cluster" { + enabled_cluster_log_types = [] + name = "eks" + role_arn = aws_iam_role.cluster.arn + version = "1.17" + + vpc_config { + subnet_ids = flatten([module.vpc.public_subnets, module.vpc.private_subnets]) + security_group_ids = [] + endpoint_private_access = "true" + endpoint_public_access = "true" + } +} + +resource "aws_iam_role" "cluster" { + name = "eks-cluster-role" + + assume_role_policy = < >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 + +yum install -y amazon-ssm-agent +systemctl enable amazon-ssm-agent && systemctl start amazon-ssm-agent + +/etc/eks/bootstrap.sh ${CLUSTER_NAME} --b64-cluster-ca ${B64_CLUSTER_CA} --apiserver-endpoint ${API_SERVER_URL} + +--==MYBOUNDARY==--\ \ No newline at end of file diff --git a/examples/single-node-group/main.tf b/examples/single-node-group/main.tf index f624985..7344d99 100644 --- a/examples/single-node-group/main.tf +++ b/examples/single-node-group/main.tf @@ -7,7 +7,7 @@ provider "aws" { ##### module "vpc" { source = "terraform-aws-modules/vpc/aws" - version = "2.21.0" + version = "2.48.0" name = "simple-vpc" @@ -46,7 +46,7 @@ resource "aws_eks_cluster" "cluster" { enabled_cluster_log_types = [] name = "eks" role_arn = aws_iam_role.cluster.arn - version = "1.14" + version = "1.17" vpc_config { subnet_ids = flatten([module.vpc.public_subnets, module.vpc.private_subnets]) @@ -91,7 +91,6 @@ resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSServicePolicy" { module "eks-node-group" { source = "../../" - enabled = true cluster_name = aws_eks_cluster.cluster.id subnet_ids = flatten([module.vpc.private_subnets]) diff --git a/main.tf b/main.tf index acd62c4..8cbcefc 100644 --- a/main.tf +++ b/main.tf @@ -1,25 +1,25 @@ resource "random_id" "main" { - count = var.enabled && var.node_group_name == "" ? 1 : 0 + count = var.node_group_name == "" ? 1 : 0 byte_length = 4 keepers = { ami_type = var.ami_type disk_size = var.disk_size - instance_types = join("|", var.instance_types) + instance_types = var.instance_types != null ? join("|", var.instance_types) : "" node_role_arn = var.node_role_arn ec2_ssh_key = var.ec2_ssh_key source_security_group_ids = join("|", var.source_security_group_ids) - subnet_ids = join("|", var.subnet_ids) - cluster_name = var.cluster_name + subnet_ids = join("|", var.subnet_ids) + cluster_name = var.cluster_name + launch_template_id = lookup(var.launch_template, "id", "") + launch_template_name = lookup(var.launch_template, "name", "") } } resource "aws_eks_node_group" "main" { - count = var.enabled ? 1 : 0 - cluster_name = var.cluster_name node_group_name = var.node_group_name == "" ? join("-", [var.cluster_name, random_id.main[0].hex]) : var.node_group_name node_role_arn = var.node_role_arn == "" ? join("", aws_iam_role.main.*.arn) : var.node_role_arn @@ -52,6 +52,15 @@ resource "aws_eks_node_group" "main" { } } + dynamic "launch_template" { + for_each = length(var.launch_template) == 0 ? [] : [var.launch_template] + content { + id = lookup(launch_template.value, "id", null) + name = lookup(launch_template.value, "name", null) + version = lookup(launch_template.value, "version") + } + } + lifecycle { create_before_destroy = true ignore_changes = [scaling_config.0.desired_size] @@ -59,7 +68,7 @@ resource "aws_eks_node_group" "main" { } resource "aws_iam_role" "main" { - count = var.enabled && var.create_iam_role ? 1 : 0 + count = var.create_iam_role ? 1 : 0 name = var.node_group_role_name == "" ? "${var.cluster_name}-managed-group-node" : var.node_group_role_name @@ -80,21 +89,21 @@ EOF } resource "aws_iam_role_policy_attachment" "main_AmazonEKSWorkerNodePolicy" { - count = var.enabled && var.create_iam_role ? 1 : 0 + count = var.create_iam_role ? 1 : 0 policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy" role = aws_iam_role.main[0].name } resource "aws_iam_role_policy_attachment" "main_AmazonEKS_CNI_Policy" { - count = var.enabled && var.create_iam_role ? 1 : 0 + count = var.create_iam_role ? 1 : 0 policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" role = aws_iam_role.main[0].name } resource "aws_iam_role_policy_attachment" "main_AmazonEC2ContainerRegistryReadOnly" { - count = var.enabled && var.create_iam_role ? 1 : 0 + count = var.create_iam_role ? 1 : 0 policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" role = aws_iam_role.main[0].name diff --git a/variables.tf b/variables.tf index 128e766..12b0fdd 100644 --- a/variables.tf +++ b/variables.tf @@ -43,20 +43,20 @@ variable "node_role_arn" { variable "ami_type" { type = string - description = "Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to `AL2_x86_64`. Valid values: `AL2_x86_64`, `AL2_x86_64_GPU`. Terraform will only perform drift detection if a configuration value is provided" - default = "AL2_x86_64" + description = "Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Valid values: `AL2_x86_64`, `AL2_x86_64_GPU`. Terraform will only perform drift detection if a configuration value is provided" + default = null } variable "disk_size" { type = number description = "Disk size in GiB for worker nodes. Defaults to 20. Terraform will only perform drift detection if a configuration value is provided" - default = 20 + default = null } variable "instance_types" { type = list(string) - description = "Set of instance types associated with the EKS Node Group. Defaults to [\"t3.medium\"]. Terraform will only perform drift detection if a configuration value is provided" - default = ["t3.medium"] + description = "List of instance types associated with the EKS Node Group. Terraform will only perform drift detection if a configuration value is provided" + default = null } variable "kubernetes_labels" { @@ -83,12 +83,6 @@ variable "source_security_group_ids" { description = "Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. If you specify `ec2_ssh_key`, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0)" } -variable "enabled" { - type = bool - description = "Whether to create the resources. Set to `false` to prevent the module from creating any resources" - default = true -} - variable "create_iam_role" { type = bool description = "Create IAM role for node group. Set to false if pass `node_role_arn` as an argument" @@ -112,3 +106,9 @@ variable "force_update_version" { description = "Force version update if existing pods are unable to be drained due to a pod disruption budget issue." default = false } + +variable "launch_template" { + type = map(string) + description = "Configuration block with Launch Template settings. `name`, `id` and `version` parameters are available." + default = {} +} diff --git a/versions.tf b/versions.tf index 2962272..5834ca1 100644 --- a/versions.tf +++ b/versions.tf @@ -2,6 +2,6 @@ terraform { required_version = ">= 0.12.6, < 0.14" required_providers { - aws = ">= 2.63, < 4.0" + aws = ">= 3.3, < 4.0" } }