From 71d19472f294d6cbb67ffbfb081fd54cad32551a Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 13 Sep 2024 16:31:42 -0500 Subject: [PATCH 01/26] chore: Remove outposts example (#3154) --- .pre-commit-config.yaml | 2 +- README.md | 5 +- examples/outposts/README.md | 122 ---------- examples/outposts/main.tf | 133 ----------- examples/outposts/outputs.tf | 226 ------------------- examples/outposts/prerequisites/main.tf | 149 ------------ examples/outposts/prerequisites/outputs.tf | 4 - examples/outposts/prerequisites/variables.tf | 5 - examples/outposts/prerequisites/versions.tf | 10 - examples/outposts/variables.tf | 5 - examples/outposts/versions.tf | 14 -- 11 files changed, 3 insertions(+), 672 deletions(-) delete mode 100644 examples/outposts/README.md delete mode 100644 examples/outposts/main.tf delete mode 100644 examples/outposts/outputs.tf delete mode 100644 examples/outposts/prerequisites/main.tf delete mode 100644 examples/outposts/prerequisites/outputs.tf delete mode 100644 examples/outposts/prerequisites/variables.tf delete mode 100644 examples/outposts/prerequisites/versions.tf delete mode 100644 examples/outposts/variables.tf delete mode 100644 examples/outposts/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b73ed98715..28c6063b6d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.92.2 + rev: v1.95.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/README.md b/README.md index 6aad481af7..fa77df6251 100644 --- a/README.md +++ b/README.md @@ -160,7 +160,6 @@ module "eks" { - [EKS Managed Node Group](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks-managed-node-group): EKS Cluster using EKS managed node groups - [Karpenter](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/karpenter): EKS Cluster with [Karpenter](https://karpenter.sh/) provisioned for intelligent data plane management -- [Outposts](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/outposts): EKS local cluster provisioned on [AWS Outposts](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts.html) - [Self Managed Node Group](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/self-managed-node-group): EKS Cluster using self-managed node groups ## Contributing @@ -170,7 +169,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple - [Code of Conduct](https://github.com/terraform-aws-modules/.github/blob/master/CODE_OF_CONDUCT.md) - [Contributing Guide](https://github.com/terraform-aws-modules/.github/blob/master/CONTRIBUTING.md) - + ## Requirements | Name | Version | @@ -365,7 +364,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | | [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created | | [self\_managed\_node\_groups\_autoscaling\_group\_names](#output\_self\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by self-managed node groups | - + ## License diff --git a/examples/outposts/README.md b/examples/outposts/README.md deleted file mode 100644 index 5057fc4a5e..0000000000 --- a/examples/outposts/README.md +++ /dev/null @@ -1,122 +0,0 @@ -# EKS on Outposts Example - -Configuration in this directory creates an AWS EKS local cluster on AWS Outposts - -See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts.html) for further details. - -Note: This example requires an an AWS Outpost to provision. - -## Usage - -To run this example you need to: - -1. Deploy the remote host where the cluster will be provisioned from. The remote host is required since only private access is permitted to clusters created on Outposts. If you have access to the network where Outposts are provisioned (VPN, etc.), you can skip this step: - -```bash -$ cd prerequisites -$ terraform init -$ terraform plan -$ terraform apply --auto-approve -``` - -2. If provisioning using the remote host deployed in step 1, connect to the remote host using SSM. Note, you will need to have the [SSM plugin for the AWS CLI installed](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html). You can use the output generated by step 1 to connect: - -```bash -$ aws ssm start-session --region --target -``` - -3. Once connected to the remote host, navigate to the cloned project example directory and deploy the example: - -```bash -$ cd $HOME/terraform-aws-eks/examples/outposts -$ terraform init -$ terraform plan -$ terraform apply --auto-approve -``` - -Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - -```bash -terraform destroy --auto-approve -``` - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.61 | -| [kubernetes](#requirement\_kubernetes) | >= 2.20 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 5.61 | -| [kubernetes](#provider\_kubernetes) | >= 2.20 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [eks](#module\_eks) | ../.. | n/a | - -## Resources - -| Name | Type | -|------|------| -| [kubernetes_storage_class_v1.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class_v1) | resource | -| [aws_outposts_outpost_instance_types.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/outposts_outpost_instance_types) | data source | -| [aws_outposts_outposts.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/outposts_outposts) | data source | -| [aws_subnet.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source | -| [aws_subnets.lookup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source | -| [aws_subnets.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source | -| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [region](#input\_region) | The AWS region to deploy into (e.g. us-east-1) | `string` | `"us-west-2"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [access\_entries](#output\_access\_entries) | Map of access entries created and their attributes | -| [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created | -| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created | -| [cluster\_addons](#output\_cluster\_addons) | Map of attribute maps for all EKS cluster addons enabled | -| [cluster\_arn](#output\_cluster\_arn) | The Amazon Resource Name (ARN) of the cluster | -| [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster | -| [cluster\_dualstack\_oidc\_issuer\_url](#output\_cluster\_dualstack\_oidc\_issuer\_url) | Dual-stack compatible URL on the EKS cluster for the OpenID Connect identity provider | -| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server | -| [cluster\_iam\_role\_arn](#output\_cluster\_iam\_role\_arn) | IAM role ARN of the EKS cluster | -| [cluster\_iam\_role\_name](#output\_cluster\_iam\_role\_name) | IAM role name of the EKS cluster | -| [cluster\_iam\_role\_unique\_id](#output\_cluster\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role | -| [cluster\_id](#output\_cluster\_id) | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts | -| [cluster\_identity\_providers](#output\_cluster\_identity\_providers) | Map of attribute maps for all EKS identity providers enabled | -| [cluster\_ip\_family](#output\_cluster\_ip\_family) | The IP family used by the cluster (e.g. `ipv4` or `ipv6`) | -| [cluster\_name](#output\_cluster\_name) | The name of the EKS cluster | -| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider | -| [cluster\_platform\_version](#output\_cluster\_platform\_version) | Platform version for the cluster | -| [cluster\_primary\_security\_group\_id](#output\_cluster\_primary\_security\_group\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console | -| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group | -| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group | -| [cluster\_service\_cidr](#output\_cluster\_service\_cidr) | The CIDR block where Kubernetes pod and service IP addresses are assigned from | -| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` | -| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate | -| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created | -| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups | -| [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created | -| [kms\_key\_arn](#output\_kms\_key\_arn) | The Amazon Resource Name (ARN) of the key | -| [kms\_key\_id](#output\_kms\_key\_id) | The globally unique identifier for the key | -| [kms\_key\_policy](#output\_kms\_key\_policy) | The IAM resource policy set on the key | -| [node\_security\_group\_arn](#output\_node\_security\_group\_arn) | Amazon Resource Name (ARN) of the node shared security group | -| [node\_security\_group\_id](#output\_node\_security\_group\_id) | ID of the node shared security group | -| [oidc\_provider](#output\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | -| [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | -| [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created | -| [self\_managed\_node\_groups\_autoscaling\_group\_names](#output\_self\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by self-managed node groups | - diff --git a/examples/outposts/main.tf b/examples/outposts/main.tf deleted file mode 100644 index c7835971f7..0000000000 --- a/examples/outposts/main.tf +++ /dev/null @@ -1,133 +0,0 @@ -provider "aws" { - region = var.region -} - -locals { - name = "ex-${basename(path.cwd)}" - cluster_version = "1.30" - - outpost_arn = element(tolist(data.aws_outposts_outposts.this.arns), 0) - instance_type = element(tolist(data.aws_outposts_outpost_instance_types.this.instance_types), 0) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-eks" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# EKS Module -################################################################################ - -module "eks" { - source = "../.." - - cluster_name = local.name - cluster_version = local.cluster_version - - cluster_endpoint_public_access = false # Not available on Outpost - cluster_endpoint_private_access = true - - # Gives Terraform identity admin access to cluster which will - # allow deploying resources (EBS storage class) into the cluster - enable_cluster_creator_admin_permissions = true - - vpc_id = data.aws_vpc.this.id - subnet_ids = data.aws_subnets.this.ids - - outpost_config = { - control_plane_instance_type = local.instance_type - outpost_arns = [local.outpost_arn] - } - - # Extend cluster security group rules - cluster_security_group_additional_rules = { - ingress_vpc_https = { - description = "Remote host to control plane" - protocol = "tcp" - from_port = 443 - to_port = 443 - type = "ingress" - cidr_blocks = [data.aws_vpc.this.cidr_block] - } - } - - self_managed_node_groups = { - outpost = { - name = local.name - - min_size = 2 - max_size = 5 - desired_size = 3 - instance_type = local.instance_type - - # Additional information is required to join local clusters to EKS - bootstrap_extra_args = <<-EOT - --enable-local-outpost true --cluster-id ${module.eks.cluster_id} --container-runtime containerd - EOT - } - } - - tags = local.tags -} - -resource "kubernetes_storage_class_v1" "this" { - metadata { - name = "ebs-sc" - annotations = { - "storageclass.kubernetes.io/is-default-class" = "true" - } - } - - storage_provisioner = "ebs.csi.aws.com" - volume_binding_mode = "WaitForFirstConsumer" - allow_volume_expansion = true - - parameters = { - type = "gp2" - encrypted = "true" - } -} - -################################################################################ -# Supporting Resources -################################################################################ - -data "aws_outposts_outposts" "this" {} - -data "aws_outposts_outpost_instance_types" "this" { - arn = local.outpost_arn -} - -# This just grabs the first Outpost and returns its subnets -data "aws_subnets" "lookup" { - filter { - name = "outpost-arn" - values = [local.outpost_arn] - } -} - -# This grabs a single subnet to reverse lookup those that belong to same VPC -# This is whats used for the cluster -data "aws_subnet" "this" { - id = element(tolist(data.aws_subnets.lookup.ids), 0) -} - -# These are subnets for the Outpost and restricted to the same VPC -# This is whats used for the cluster -data "aws_subnets" "this" { - filter { - name = "outpost-arn" - values = [local.outpost_arn] - } - - filter { - name = "vpc-id" - values = [data.aws_subnet.this.vpc_id] - } -} - -data "aws_vpc" "this" { - id = data.aws_subnet.this.vpc_id -} diff --git a/examples/outposts/outputs.tf b/examples/outposts/outputs.tf deleted file mode 100644 index 9357464c29..0000000000 --- a/examples/outposts/outputs.tf +++ /dev/null @@ -1,226 +0,0 @@ -################################################################################ -# Cluster -################################################################################ - -output "cluster_arn" { - description = "The Amazon Resource Name (ARN) of the cluster" - value = module.eks.cluster_arn -} - -output "cluster_certificate_authority_data" { - description = "Base64 encoded certificate data required to communicate with the cluster" - value = module.eks.cluster_certificate_authority_data -} - -output "cluster_endpoint" { - description = "Endpoint for your Kubernetes API server" - value = module.eks.cluster_endpoint -} - -output "cluster_id" { - description = "The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts" - value = module.eks.cluster_id -} - -output "cluster_name" { - description = "The name of the EKS cluster" - value = module.eks.cluster_name -} - -output "cluster_oidc_issuer_url" { - description = "The URL on the EKS cluster for the OpenID Connect identity provider" - value = module.eks.cluster_oidc_issuer_url -} - -output "cluster_dualstack_oidc_issuer_url" { - description = "Dual-stack compatible URL on the EKS cluster for the OpenID Connect identity provider" - value = module.eks.cluster_dualstack_oidc_issuer_url -} - -output "cluster_platform_version" { - description = "Platform version for the cluster" - value = module.eks.cluster_platform_version -} - -output "cluster_status" { - description = "Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`" - value = module.eks.cluster_status -} - -output "cluster_primary_security_group_id" { - description = "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console" - value = module.eks.cluster_primary_security_group_id -} - -output "cluster_service_cidr" { - description = "The CIDR block where Kubernetes pod and service IP addresses are assigned from" - value = module.eks.cluster_service_cidr -} - -output "cluster_ip_family" { - description = "The IP family used by the cluster (e.g. `ipv4` or `ipv6`)" - value = module.eks.cluster_ip_family -} - -################################################################################ -# Access Entry -################################################################################ - -output "access_entries" { - description = "Map of access entries created and their attributes" - value = module.eks.access_entries -} - -################################################################################ -# KMS Key -################################################################################ - -output "kms_key_arn" { - description = "The Amazon Resource Name (ARN) of the key" - value = module.eks.kms_key_arn -} - -output "kms_key_id" { - description = "The globally unique identifier for the key" - value = module.eks.kms_key_id -} - -output "kms_key_policy" { - description = "The IAM resource policy set on the key" - value = module.eks.kms_key_policy -} - -################################################################################ -# Security Group -################################################################################ - -output "cluster_security_group_arn" { - description = "Amazon Resource Name (ARN) of the cluster security group" - value = module.eks.cluster_security_group_arn -} - -output "cluster_security_group_id" { - description = "ID of the cluster security group" - value = module.eks.cluster_security_group_id -} - -################################################################################ -# Node Security Group -################################################################################ - -output "node_security_group_arn" { - description = "Amazon Resource Name (ARN) of the node shared security group" - value = module.eks.node_security_group_arn -} - -output "node_security_group_id" { - description = "ID of the node shared security group" - value = module.eks.node_security_group_id -} - -################################################################################ -# IRSA -################################################################################ - -output "oidc_provider" { - description = "The OpenID Connect identity provider (issuer URL without leading `https://`)" - value = module.eks.oidc_provider -} - -output "oidc_provider_arn" { - description = "The ARN of the OIDC Provider if `enable_irsa = true`" - value = module.eks.oidc_provider_arn -} - -output "cluster_tls_certificate_sha1_fingerprint" { - description = "The SHA1 fingerprint of the public key of the cluster's certificate" - value = module.eks.cluster_tls_certificate_sha1_fingerprint -} - -################################################################################ -# IAM Role -################################################################################ - -output "cluster_iam_role_name" { - description = "IAM role name of the EKS cluster" - value = module.eks.cluster_iam_role_name -} - -output "cluster_iam_role_arn" { - description = "IAM role ARN of the EKS cluster" - value = module.eks.cluster_iam_role_arn -} - -output "cluster_iam_role_unique_id" { - description = "Stable and unique string identifying the IAM role" - value = module.eks.cluster_iam_role_unique_id -} - -################################################################################ -# EKS Addons -################################################################################ - -output "cluster_addons" { - description = "Map of attribute maps for all EKS cluster addons enabled" - value = module.eks.cluster_addons -} - -################################################################################ -# EKS Identity Provider -################################################################################ - -output "cluster_identity_providers" { - description = "Map of attribute maps for all EKS identity providers enabled" - value = module.eks.cluster_identity_providers -} - -################################################################################ -# CloudWatch Log Group -################################################################################ - -output "cloudwatch_log_group_name" { - description = "Name of cloudwatch log group created" - value = module.eks.cloudwatch_log_group_name -} - -output "cloudwatch_log_group_arn" { - description = "Arn of cloudwatch log group created" - value = module.eks.cloudwatch_log_group_arn -} - -################################################################################ -# Fargate Profile -################################################################################ - -output "fargate_profiles" { - description = "Map of attribute maps for all EKS Fargate Profiles created" - value = module.eks.fargate_profiles -} - -################################################################################ -# EKS Managed Node Group -################################################################################ - -output "eks_managed_node_groups" { - description = "Map of attribute maps for all EKS managed node groups created" - value = module.eks.eks_managed_node_groups -} - -output "eks_managed_node_groups_autoscaling_group_names" { - description = "List of the autoscaling group names created by EKS managed node groups" - value = module.eks.eks_managed_node_groups_autoscaling_group_names -} - -################################################################################ -# Self Managed Node Group -################################################################################ - -output "self_managed_node_groups" { - description = "Map of attribute maps for all self managed node groups created" - value = module.eks.self_managed_node_groups -} - -output "self_managed_node_groups_autoscaling_group_names" { - description = "List of the autoscaling group names created by self-managed node groups" - value = module.eks.self_managed_node_groups_autoscaling_group_names -} diff --git a/examples/outposts/prerequisites/main.tf b/examples/outposts/prerequisites/main.tf deleted file mode 100644 index 1a1dd18a4b..0000000000 --- a/examples/outposts/prerequisites/main.tf +++ /dev/null @@ -1,149 +0,0 @@ -provider "aws" { - region = var.region -} - -locals { - name = "ex-${basename(path.cwd)}" - - terraform_version = "1.3.6" - - outpost_arn = element(tolist(data.aws_outposts_outposts.this.arns), 0) - instance_type = element(tolist(data.aws_outposts_outpost_instance_types.this.instance_types), 0) - - tags = { - Example = local.name - GithubRepo = "terraform-aws-eks" - GithubOrg = "terraform-aws-modules" - } -} - -################################################################################ -# Pre-Requisites -################################################################################ - -module "ssm_bastion_ec2" { - source = "terraform-aws-modules/ec2-instance/aws" - version = "~> 5.5" - - name = "${local.name}-bastion" - - create_iam_instance_profile = true - iam_role_policies = { - AdministratorAccess = "arn:aws:iam::aws:policy/AdministratorAccess" - } - - instance_type = local.instance_type - - user_data = <<-EOT - #!/bin/bash - - # Add ssm-user since it won't exist until first login - adduser -m ssm-user - tee /etc/sudoers.d/ssm-agent-users <<'EOF' - # User rules for ssm-user - ssm-user ALL=(ALL) NOPASSWD:ALL - EOF - chmod 440 /etc/sudoers.d/ssm-agent-users - - cd /home/ssm-user - - # Install git to clone repo - yum install git -y - - # Install Terraform - curl -sSO https://releases.hashicorp.com/terraform/${local.terraform_version}/terraform_${local.terraform_version}_linux_amd64.zip - sudo unzip -qq terraform_${local.terraform_version}_linux_amd64.zip terraform -d /usr/bin/ - rm terraform_${local.terraform_version}_linux_amd64.zip 2> /dev/null - - # Install kubectl - curl -LO https://dl.k8s.io/release/v1.30.0/bin/linux/amd64/kubectl - install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl - - # Remove default awscli which is v1 - we want latest v2 - yum remove awscli -y - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" - unzip -qq awscliv2.zip - ./aws/install - - # Clone repo - git clone https://github.com/terraform-aws-modules/terraform-aws-eks.git \ - && cd /home/ssm-user/terraform-aws-eks - - chown -R ssm-user:ssm-user /home/ssm-user/ - EOT - - vpc_security_group_ids = [module.bastion_security_group.security_group_id] - subnet_id = element(data.aws_subnets.this.ids, 0) - - tags = local.tags -} - -module "bastion_security_group" { - source = "terraform-aws-modules/security-group/aws" - version = "~> 5.0" - - name = "${local.name}-bastion" - description = "Security group to allow provisioning ${local.name} EKS local cluster on Outposts" - vpc_id = data.aws_vpc.this.id - - ingress_with_cidr_blocks = [ - { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = data.aws_vpc.this.cidr_block - }, - ] - egress_with_cidr_blocks = [ - { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = "0.0.0.0/0" - }, - ] - - tags = local.tags -} - -################################################################################ -# Supporting Resources -################################################################################ - -data "aws_outposts_outposts" "this" {} - -data "aws_outposts_outpost_instance_types" "this" { - arn = local.outpost_arn -} - -# This just grabs the first Outpost and returns its subnets -data "aws_subnets" "lookup" { - filter { - name = "outpost-arn" - values = [local.outpost_arn] - } -} - -# This grabs a single subnet to reverse lookup those that belong to same VPC -# This is whats used for the cluster -data "aws_subnet" "this" { - id = element(tolist(data.aws_subnets.lookup.ids), 0) -} - -# These are subnets for the Outpost and restricted to the same VPC -# This is whats used for the cluster -data "aws_subnets" "this" { - filter { - name = "outpost-arn" - values = [local.outpost_arn] - } - - filter { - name = "vpc-id" - values = [data.aws_subnet.this.vpc_id] - } -} - -data "aws_vpc" "this" { - id = data.aws_subnet.this.vpc_id -} diff --git a/examples/outposts/prerequisites/outputs.tf b/examples/outposts/prerequisites/outputs.tf deleted file mode 100644 index f2ff81ab70..0000000000 --- a/examples/outposts/prerequisites/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "ssm_start_session" { - description = "SSM start session command to connect to remote host created" - value = "aws ssm start-session --region ${var.region} --target ${module.ssm_bastion_ec2.id}" -} diff --git a/examples/outposts/prerequisites/variables.tf b/examples/outposts/prerequisites/variables.tf deleted file mode 100644 index 47945c8501..0000000000 --- a/examples/outposts/prerequisites/variables.tf +++ /dev/null @@ -1,5 +0,0 @@ -variable "region" { - description = "The AWS region to deploy into (e.g. us-east-1)" - type = string - default = "us-west-2" -} diff --git a/examples/outposts/prerequisites/versions.tf b/examples/outposts/prerequisites/versions.tf deleted file mode 100644 index 5bfe6da389..0000000000 --- a/examples/outposts/prerequisites/versions.tf +++ /dev/null @@ -1,10 +0,0 @@ -terraform { - required_version = ">= 1.3.2" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.61" - } - } -} diff --git a/examples/outposts/variables.tf b/examples/outposts/variables.tf deleted file mode 100644 index 47945c8501..0000000000 --- a/examples/outposts/variables.tf +++ /dev/null @@ -1,5 +0,0 @@ -variable "region" { - description = "The AWS region to deploy into (e.g. us-east-1)" - type = string - default = "us-west-2" -} diff --git a/examples/outposts/versions.tf b/examples/outposts/versions.tf deleted file mode 100644 index 9836b3a468..0000000000 --- a/examples/outposts/versions.tf +++ /dev/null @@ -1,14 +0,0 @@ -terraform { - required_version = ">= 1.3.2" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.61" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = ">= 2.20" - } - } -} From 47ab3eb884ab243a99322998445127ea6802fcaf Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Mon, 16 Sep 2024 10:36:15 -0500 Subject: [PATCH 02/26] fix: Correct Karpenter EC2 service principal DNS suffix in non-commercial regions (#3157) --- .pre-commit-config.yaml | 2 +- modules/karpenter/main.tf | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 28c6063b6d..9530aa8f8a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.95.0 + rev: v1.96.0 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf index fc4a5dca57..d03dfa49f8 100644 --- a/modules/karpenter/main.tf +++ b/modules/karpenter/main.tf @@ -4,6 +4,7 @@ data "aws_caller_identity" "current" {} locals { account_id = data.aws_caller_identity.current.account_id + dns_suffix = data.aws_partition.current.dns_suffix partition = data.aws_partition.current.partition region = data.aws_region.current.name } @@ -286,7 +287,7 @@ data "aws_iam_policy_document" "node_assume_role" { principals { type = "Service" - identifiers = ["ec2.amazonaws.com"] + identifiers = ["ec2.${local.dns_suffix}"] } } } From 2965d99e1ecca710bbdf8fbccb208d042239e8e2 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 16 Sep 2024 15:36:45 +0000 Subject: [PATCH 03/26] chore(release): version 20.24.1 [skip ci] ## [20.24.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.0...v20.24.1) (2024-09-16) ### Bug Fixes * Correct Karpenter EC2 service principal DNS suffix in non-commercial regions ([#3157](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3157)) ([47ab3eb](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/47ab3eb884ab243a99322998445127ea6802fcaf)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 178d0d672c..cfeb4d8e90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [20.24.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.0...v20.24.1) (2024-09-16) + + +### Bug Fixes + +* Correct Karpenter EC2 service principal DNS suffix in non-commercial regions ([#3157](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3157)) ([47ab3eb](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/47ab3eb884ab243a99322998445127ea6802fcaf)) + ## [20.24.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.23.0...v20.24.0) (2024-08-19) From 8b90872983b9c349ff2e0a71678d687dc32ed626 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 21 Sep 2024 09:45:50 -0500 Subject: [PATCH 04/26] fix: Remove deprecated `inline_policy` from cluster role (#3163) --- .github/workflows/pre-commit.yml | 4 ++-- .pre-commit-config.yaml | 2 +- README.md | 6 +++--- examples/karpenter/README.md | 4 ++-- main.tf | 23 ----------------------- modules/_user_data/README.md | 8 ++++---- modules/aws-auth/README.md | 4 ++-- modules/eks-managed-node-group/README.md | 14 +++++++------- modules/fargate-profile/README.md | 4 ++-- modules/karpenter/README.md | 6 +++--- modules/self-managed-node-group/README.md | 14 +++++++------- tests/eks-managed-node-group/README.md | 4 ++-- tests/fargate-profile/README.md | 4 ++-- tests/self-managed-node-group/README.md | 4 ++-- tests/user-data/README.md | 4 ++-- 15 files changed, 41 insertions(+), 64 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index c2632d1a44..71878b4351 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -7,8 +7,8 @@ on: - master env: - TERRAFORM_DOCS_VERSION: v0.16.0 - TFLINT_VERSION: v0.50.3 + TERRAFORM_DOCS_VERSION: v0.19.0 + TFLINT_VERSION: v0.53.0 jobs: collectInputs: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9530aa8f8a..55b241248d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.96.0 + rev: v1.96.1 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/README.md b/README.md index fa77df6251..37008e7824 100644 --- a/README.md +++ b/README.md @@ -243,8 +243,8 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | [cluster\_additional\_security\_group\_ids](#input\_cluster\_additional\_security\_group\_ids) | List of additional, externally created security group IDs to attach to the cluster control plane | `list(string)` | `[]` | no | | [cluster\_addons](#input\_cluster\_addons) | Map of cluster addon configurations to enable for the cluster. Addon name can be the map keys or set with `name` | `any` | `{}` | no | | [cluster\_addons\_timeouts](#input\_cluster\_addons\_timeouts) | Create, update, and delete timeout configurations for the cluster addons | `map(string)` | `{}` | no | -| [cluster\_enabled\_log\_types](#input\_cluster\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | 
[
  "audit",
  "api",
  "authenticator"
]
| no | -| [cluster\_encryption\_config](#input\_cluster\_encryption\_config) | Configuration block with encryption configuration for the cluster. To disable secret encryption, set this value to `{}` | `any` | 
{
  "resources": [
    "secrets"
  ]
}
| no | +| [cluster\_enabled\_log\_types](#input\_cluster\_enabled\_log\_types) | A list of the desired control plane logs to enable. For more information, see Amazon EKS Control Plane Logging documentation (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) | `list(string)` | 
[
  "audit",
  "api",
  "authenticator"
]
| no | +| [cluster\_encryption\_config](#input\_cluster\_encryption\_config) | Configuration block with encryption configuration for the cluster. To disable secret encryption, set this value to `{}` | `any` | 
{
  "resources": [
    "secrets"
  ]
}
| no | | [cluster\_encryption\_policy\_description](#input\_cluster\_encryption\_policy\_description) | Description of the cluster encryption policy created | `string` | `"Cluster encryption policy to allow cluster role to utilize CMK provided"` | no | | [cluster\_encryption\_policy\_name](#input\_cluster\_encryption\_policy\_name) | Name to use on cluster encryption policy created | `string` | `null` | no | | [cluster\_encryption\_policy\_path](#input\_cluster\_encryption\_policy\_path) | Cluster encryption policy path | `string` | `null` | no | @@ -252,7 +252,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | [cluster\_encryption\_policy\_use\_name\_prefix](#input\_cluster\_encryption\_policy\_use\_name\_prefix) | Determines whether cluster encryption policy name (`cluster_encryption_policy_name`) is used as a prefix | `bool` | `true` | no | | [cluster\_endpoint\_private\_access](#input\_cluster\_endpoint\_private\_access) | Indicates whether or not the Amazon EKS private API server endpoint is enabled | `bool` | `true` | no | | [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Indicates whether or not the Amazon EKS public API server endpoint is enabled | `bool` | `false` | no | -| [cluster\_endpoint\_public\_access\_cidrs](#input\_cluster\_endpoint\_public\_access\_cidrs) | List of CIDR blocks which can access the Amazon EKS public API server endpoint | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | +| [cluster\_endpoint\_public\_access\_cidrs](#input\_cluster\_endpoint\_public\_access\_cidrs) | List of CIDR blocks which can access the Amazon EKS public API server endpoint | `list(string)` | 
[
  "0.0.0.0/0"
]
| no | | [cluster\_identity\_providers](#input\_cluster\_identity\_providers) | Map of cluster identity provider configurations to enable for the cluster. Note - this is different/separate from IRSA | `any` | `{}` | no | | [cluster\_ip\_family](#input\_cluster\_ip\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created | `string` | `"ipv4"` | no | | [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | `""` | no | diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md index 62291cdc07..3ec2d6c2e7 100644 --- a/examples/karpenter/README.md +++ b/examples/karpenter/README.md @@ -83,7 +83,7 @@ terraform destroy --auto-approve Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -176,4 +176,4 @@ No inputs. | [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | | [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created | | [self\_managed\_node\_groups\_autoscaling\_group\_names](#output\_self\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by self-managed node groups | - + diff --git a/main.tf b/main.tf index 1846a1da05..b891b26d0e 100644 --- a/main.tf +++ b/main.tf @@ -411,29 +411,6 @@ resource "aws_iam_role" "this" { permissions_boundary = var.iam_role_permissions_boundary force_detach_policies = true - # https://github.com/terraform-aws-modules/terraform-aws-eks/issues/920 - # Resources running on the cluster are still generating logs when destroying the module resources - # which results in the log group being re-created even after Terraform destroys it. Removing the - # ability for the cluster role to create the log group prevents this log group from being re-created - # outside of Terraform due to services still generating logs during destroy process - dynamic "inline_policy" { - for_each = var.create_cloudwatch_log_group ? [1] : [] - content { - name = local.iam_role_name - - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Action = ["logs:CreateLogGroup"] - Effect = "Deny" - Resource = "*" - }, - ] - }) - } - } - tags = merge(var.tags, var.iam_role_tags) } diff --git a/modules/_user_data/README.md b/modules/_user_data/README.md index e5207d9443..09c4b98a4e 100644 --- a/modules/_user_data/README.md +++ b/modules/_user_data/README.md @@ -4,7 +4,7 @@ Configuration in this directory renders the appropriate user data for the given See [`examples/user_data/`](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/user_data) for various examples using this module. - + ## Requirements | Name | Version | @@ -39,8 +39,8 @@ No modules. | [additional\_cluster\_dns\_ips](#input\_additional\_cluster\_dns\_ips) | Additional DNS IP addresses to use for the cluster. Only used when `ami_type` = `BOTTLEROCKET_*` | `list(string)` | `[]` | no | | [ami\_type](#input\_ami\_type) | Type of Amazon Machine Image (AMI) associated with the EKS Node Group. See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid values | `string` | `null` | no | | [bootstrap\_extra\_args](#input\_bootstrap\_extra\_args) | Additional arguments passed to the bootstrap script. When `ami_type` = `BOTTLEROCKET_*`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data | `string` | `""` | no | -| [cloudinit\_post\_nodeadm](#input\_cloudinit\_post\_nodeadm) | Array of cloud-init document parts that are created after the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | -| [cloudinit\_pre\_nodeadm](#input\_cloudinit\_pre\_nodeadm) | Array of cloud-init document parts that are created before the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | +| [cloudinit\_post\_nodeadm](#input\_cloudinit\_post\_nodeadm) | Array of cloud-init document parts that are created after the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | +| [cloudinit\_pre\_nodeadm](#input\_cloudinit\_pre\_nodeadm) | Array of cloud-init document parts that are created before the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | | [cluster\_auth\_base64](#input\_cluster\_auth\_base64) | Base64 encoded CA of associated EKS cluster | `string` | `""` | no | | [cluster\_endpoint](#input\_cluster\_endpoint) | Endpoint of associated EKS cluster | `string` | `""` | no | | [cluster\_ip\_family](#input\_cluster\_ip\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6` | `string` | `"ipv4"` | no | @@ -61,4 +61,4 @@ No modules. |------|-------------| | [platform](#output\_platform) | [DEPRECATED - Will be removed in `v21.0`] Identifies the OS platform as `bottlerocket`, `linux` (AL2), `al2023, or `windows | | [user\_data](#output\_user\_data) | Base64 encoded user data rendered for the provided inputs | - + diff --git a/modules/aws-auth/README.md b/modules/aws-auth/README.md index 5ba490b7f1..d4b97f14ca 100644 --- a/modules/aws-auth/README.md +++ b/modules/aws-auth/README.md @@ -39,7 +39,7 @@ module "eks" { ## Usage - + ## Requirements | Name | Version | @@ -78,4 +78,4 @@ No modules. ## Outputs No outputs. - + diff --git a/modules/eks-managed-node-group/README.md b/modules/eks-managed-node-group/README.md index 96b6c4f290..de0c95b103 100644 --- a/modules/eks-managed-node-group/README.md +++ b/modules/eks-managed-node-group/README.md @@ -58,7 +58,7 @@ module "eks_managed_node_group" { } ``` - + ## Requirements | Name | Version | @@ -110,8 +110,8 @@ module "eks_managed_node_group" { | [bootstrap\_extra\_args](#input\_bootstrap\_extra\_args) | Additional arguments passed to the bootstrap script. When `ami_type` = `BOTTLEROCKET_*`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data | `string` | `""` | no | | [capacity\_reservation\_specification](#input\_capacity\_reservation\_specification) | Targeting for EC2 capacity reservations | `any` | `{}` | no | | [capacity\_type](#input\_capacity\_type) | Type of capacity associated with the EKS Node Group. Valid values: `ON_DEMAND`, `SPOT` | `string` | `"ON_DEMAND"` | no | -| [cloudinit\_post\_nodeadm](#input\_cloudinit\_post\_nodeadm) | Array of cloud-init document parts that are created after the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | -| [cloudinit\_pre\_nodeadm](#input\_cloudinit\_pre\_nodeadm) | Array of cloud-init document parts that are created before the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | +| [cloudinit\_post\_nodeadm](#input\_cloudinit\_post\_nodeadm) | Array of cloud-init document parts that are created after the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | +| [cloudinit\_pre\_nodeadm](#input\_cloudinit\_pre\_nodeadm) | Array of cloud-init document parts that are created before the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | | [cluster\_auth\_base64](#input\_cluster\_auth\_base64) | Base64 encoded CA of associated EKS cluster | `string` | `""` | no | | [cluster\_endpoint](#input\_cluster\_endpoint) | Endpoint of associated EKS cluster | `string` | `""` | no | | [cluster\_ip\_family](#input\_cluster\_ip\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6` | `string` | `"ipv4"` | no | @@ -164,7 +164,7 @@ module "eks_managed_node_group" { | [license\_specifications](#input\_license\_specifications) | A map of license specifications to associate with | `any` | `{}` | no | | [maintenance\_options](#input\_maintenance\_options) | The maintenance options for the instance | `any` | `{}` | no | | [max\_size](#input\_max\_size) | Maximum number of instances/nodes | `number` | `3` | no | -| [metadata\_options](#input\_metadata\_options) | Customize the metadata options for the instance | `map(string)` | 
{
  "http_endpoint": "enabled",
  "http_put_response_hop_limit": 2,
  "http_tokens": "required"
}
| no | +| [metadata\_options](#input\_metadata\_options) | Customize the metadata options for the instance | `map(string)` | 
{
  "http_endpoint": "enabled",
  "http_put_response_hop_limit": 2,
  "http_tokens": "required"
}
| no | | [min\_size](#input\_min\_size) | Minimum number of instances/nodes | `number` | `0` | no | | [name](#input\_name) | Name of the EKS managed node group | `string` | `""` | no | | [network\_interfaces](#input\_network\_interfaces) | Customize network interfaces to be attached at instance boot time | `list(any)` | `[]` | no | @@ -179,11 +179,11 @@ module "eks_managed_node_group" { | [remote\_access](#input\_remote\_access) | Configuration block with remote access settings. Only valid when `use_custom_launch_template` = `false` | `any` | `{}` | no | | [schedules](#input\_schedules) | Map of autoscaling group schedule to create | `map(any)` | `{}` | no | | [subnet\_ids](#input\_subnet\_ids) | Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: `kubernetes.io/cluster/CLUSTER_NAME` | `list(string)` | `null` | no | -| [tag\_specifications](#input\_tag\_specifications) | The tags to apply to the resources during launch | `list(string)` | 
[
  "instance",
  "volume",
  "network-interface"
]
| no | +| [tag\_specifications](#input\_tag\_specifications) | The tags to apply to the resources during launch | `list(string)` | 
[
  "instance",
  "volume",
  "network-interface"
]
| no | | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | | [taints](#input\_taints) | The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group | `any` | `{}` | no | | [timeouts](#input\_timeouts) | Create, update, and delete timeout configurations for the node group | `map(string)` | `{}` | no | -| [update\_config](#input\_update\_config) | Configuration block of settings for max unavailable resources during node group updates | `map(string)` | 
{
  "max_unavailable_percentage": 33
}
| no | +| [update\_config](#input\_update\_config) | Configuration block of settings for max unavailable resources during node group updates | `map(string)` | 
{
  "max_unavailable_percentage": 33
}
| no | | [update\_launch\_template\_default\_version](#input\_update\_launch\_template\_default\_version) | Whether to update the launch templates default version on each update. Conflicts with `launch_template_default_version` | `bool` | `true` | no | | [use\_custom\_launch\_template](#input\_use\_custom\_launch\_template) | Determines whether to use a custom launch template or not. If set to `false`, EKS will use its own default launch template | `bool` | `true` | no | | [use\_latest\_ami\_release\_version](#input\_use\_latest\_ami\_release\_version) | Determines whether to use the latest AMI release version for the given `ami_type` (except for `CUSTOM`). Note: `ami_type` and `cluster_version` must be supplied in order to enable this feature | `bool` | `false` | no | @@ -211,4 +211,4 @@ module "eks_managed_node_group" { | [node\_group\_status](#output\_node\_group\_status) | Status of the EKS Node Group | | [node\_group\_taints](#output\_node\_group\_taints) | List of objects containing information about taints applied to the node group | | [platform](#output\_platform) | [DEPRECATED - Will be removed in `v21.0`] Identifies the OS platform as `bottlerocket`, `linux` (AL2), `al2023`, or `windows` | - + diff --git a/modules/fargate-profile/README.md b/modules/fargate-profile/README.md index b1ee9e0ade..e6be895ebe 100644 --- a/modules/fargate-profile/README.md +++ b/modules/fargate-profile/README.md @@ -23,7 +23,7 @@ module "fargate_profile" { } ``` - + ## Requirements | Name | Version | @@ -92,4 +92,4 @@ No modules. | [iam\_role\_arn](#output\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role | | [iam\_role\_name](#output\_iam\_role\_name) | The name of the IAM role | | [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role | - + diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md index 6810d0fa0c..7cfbf27499 100644 --- a/modules/karpenter/README.md +++ b/modules/karpenter/README.md @@ -80,7 +80,7 @@ module "karpenter" { } ``` - + ## Requirements | Name | Version | @@ -158,7 +158,7 @@ No modules. | [iam\_role\_tags](#input\_iam\_role\_tags) | A map of additional tags to add the the IAM role | `map(any)` | `{}` | no | | [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the name of the IAM role (`iam_role_name`) is used as a prefix | `bool` | `true` | no | | [irsa\_assume\_role\_condition\_test](#input\_irsa\_assume\_role\_condition\_test) | Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate when assuming the role | `string` | `"StringEquals"` | no | -| [irsa\_namespace\_service\_accounts](#input\_irsa\_namespace\_service\_accounts) | List of `namespace:serviceaccount`pairs to use in trust policy for IAM role for service accounts | `list(string)` | 
[
  "karpenter:karpenter"
]
| no | +| [irsa\_namespace\_service\_accounts](#input\_irsa\_namespace\_service\_accounts) | List of `namespace:serviceaccount`pairs to use in trust policy for IAM role for service accounts | `list(string)` | 
[
  "karpenter:karpenter"
]
| no | | [irsa\_oidc\_provider\_arn](#input\_irsa\_oidc\_provider\_arn) | OIDC provider arn used in trust policy for IAM role for service accounts | `string` | `""` | no | | [namespace](#input\_namespace) | Namespace to associate with the Karpenter Pod Identity | `string` | `"kube-system"` | no | | [node\_iam\_role\_additional\_policies](#input\_node\_iam\_role\_additional\_policies) | Additional policies to be added to the IAM role | `map(string)` | `{}` | no | @@ -200,4 +200,4 @@ No modules. | [queue\_name](#output\_queue\_name) | The name of the created Amazon SQS queue | | [queue\_url](#output\_queue\_url) | The URL for the created Amazon SQS queue | | [service\_account](#output\_service\_account) | Service Account associated with the Karpenter Pod Identity | - + diff --git a/modules/self-managed-node-group/README.md b/modules/self-managed-node-group/README.md index 8422b0c7ef..14c3abe4ab 100644 --- a/modules/self-managed-node-group/README.md +++ b/modules/self-managed-node-group/README.md @@ -37,7 +37,7 @@ module "self_managed_node_group" { } ``` - + ## Requirements | Name | Version | @@ -93,8 +93,8 @@ module "self_managed_node_group" { | [bootstrap\_extra\_args](#input\_bootstrap\_extra\_args) | Additional arguments passed to the bootstrap script. When `ami_type` = `BOTTLEROCKET_*`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data | `string` | `""` | no | | [capacity\_rebalance](#input\_capacity\_rebalance) | Indicates whether capacity rebalance is enabled | `bool` | `null` | no | | [capacity\_reservation\_specification](#input\_capacity\_reservation\_specification) | Targeting for EC2 capacity reservations | `any` | `{}` | no | -| [cloudinit\_post\_nodeadm](#input\_cloudinit\_post\_nodeadm) | Array of cloud-init document parts that are created after the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | -| [cloudinit\_pre\_nodeadm](#input\_cloudinit\_pre\_nodeadm) | Array of cloud-init document parts that are created before the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | +| [cloudinit\_post\_nodeadm](#input\_cloudinit\_post\_nodeadm) | Array of cloud-init document parts that are created after the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | +| [cloudinit\_pre\_nodeadm](#input\_cloudinit\_pre\_nodeadm) | Array of cloud-init document parts that are created before the nodeadm document part | 
list(object({
    content      = string
    content_type = optional(string)
    filename     = optional(string)
    merge_type   = optional(string)
  }))
| `[]` | no | | [cluster\_auth\_base64](#input\_cluster\_auth\_base64) | Base64 encoded CA of associated EKS cluster | `string` | `""` | no | | [cluster\_endpoint](#input\_cluster\_endpoint) | Endpoint of associated EKS cluster | `string` | `""` | no | | [cluster\_ip\_family](#input\_cluster\_ip\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6` | `string` | `"ipv4"` | no | @@ -146,7 +146,7 @@ module "self_managed_node_group" { | [instance\_initiated\_shutdown\_behavior](#input\_instance\_initiated\_shutdown\_behavior) | Shutdown behavior for the instance. Can be `stop` or `terminate`. (Default: `stop`) | `string` | `null` | no | | [instance\_maintenance\_policy](#input\_instance\_maintenance\_policy) | If this block is configured, add a instance maintenance policy to the specified Auto Scaling group | `any` | `{}` | no | | [instance\_market\_options](#input\_instance\_market\_options) | The market (purchasing) option for the instance | `any` | `{}` | no | -| [instance\_refresh](#input\_instance\_refresh) | If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated | `any` | 
{
  "preferences": {
    "min_healthy_percentage": 66
  },
  "strategy": "Rolling"
}
| no | +| [instance\_refresh](#input\_instance\_refresh) | If this block is configured, start an Instance Refresh when this Auto Scaling Group is updated | `any` | 
{
  "preferences": {
    "min_healthy_percentage": 66
  },
  "strategy": "Rolling"
}
| no | | [instance\_requirements](#input\_instance\_requirements) | The attribute requirements for the type of instance. If present then `instance_type` cannot be present | `any` | `{}` | no | | [instance\_type](#input\_instance\_type) | The type of the instance to launch | `string` | `""` | no | | [kernel\_id](#input\_kernel\_id) | The kernel ID | `string` | `null` | no | @@ -162,7 +162,7 @@ module "self_managed_node_group" { | [maintenance\_options](#input\_maintenance\_options) | The maintenance options for the instance | `any` | `{}` | no | | [max\_instance\_lifetime](#input\_max\_instance\_lifetime) | The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 604800 and 31536000 seconds | `number` | `null` | no | | [max\_size](#input\_max\_size) | The maximum size of the autoscaling group | `number` | `3` | no | -| [metadata\_options](#input\_metadata\_options) | Customize the metadata options for the instance | `map(string)` | 
{
  "http_endpoint": "enabled",
  "http_put_response_hop_limit": 2,
  "http_tokens": "required"
}
| no | +| [metadata\_options](#input\_metadata\_options) | Customize the metadata options for the instance | `map(string)` | 
{
  "http_endpoint": "enabled",
  "http_put_response_hop_limit": 2,
  "http_tokens": "required"
}
| no | | [metrics\_granularity](#input\_metrics\_granularity) | The granularity to associate with the metrics to collect. The only valid value is `1Minute` | `string` | `null` | no | | [min\_elb\_capacity](#input\_min\_elb\_capacity) | Setting this causes Terraform to wait for this number of instances to show up healthy in the ELB only on creation. Updates will not wait on ELB instance number changes | `number` | `null` | no | | [min\_size](#input\_min\_size) | The minimum size of the autoscaling group | `number` | `0` | no | @@ -182,7 +182,7 @@ module "self_managed_node_group" { | [service\_linked\_role\_arn](#input\_service\_linked\_role\_arn) | The ARN of the service-linked role that the ASG will use to call other AWS services | `string` | `null` | no | | [subnet\_ids](#input\_subnet\_ids) | A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones` | `list(string)` | `null` | no | | [suspended\_processes](#input\_suspended\_processes) | A list of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`. Note that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly | `list(string)` | `[]` | no | -| [tag\_specifications](#input\_tag\_specifications) | The tags to apply to the resources during launch | `list(string)` | 
[
  "instance",
  "volume",
  "network-interface"
]
| no | +| [tag\_specifications](#input\_tag\_specifications) | The tags to apply to the resources during launch | `list(string)` | 
[
  "instance",
  "volume",
  "network-interface"
]
| no | | [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no | | [target\_group\_arns](#input\_target\_group\_arns) | A set of `aws_alb_target_group` ARNs, for use with Application or Network Load Balancing | `list(string)` | `[]` | no | | [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default` | `list(string)` | `[]` | no | @@ -225,4 +225,4 @@ module "self_managed_node_group" { | [launch\_template\_name](#output\_launch\_template\_name) | The name of the launch template | | [platform](#output\_platform) | [DEPRECATED - Will be removed in `v21.0`] Identifies the OS platform as `bottlerocket`, `linux` (AL2), `al2023`, or `windows` | | [user\_data](#output\_user\_data) | Base64 encoded user data | - + diff --git a/tests/eks-managed-node-group/README.md b/tests/eks-managed-node-group/README.md index f6f753897b..5478469e94 100644 --- a/tests/eks-managed-node-group/README.md +++ b/tests/eks-managed-node-group/README.md @@ -12,7 +12,7 @@ $ terraform apply --auto-approve Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -94,4 +94,4 @@ No inputs. | [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | | [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created | | [self\_managed\_node\_groups\_autoscaling\_group\_names](#output\_self\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by self-managed node groups | - + diff --git a/tests/fargate-profile/README.md b/tests/fargate-profile/README.md index f0ac3d5390..16bd7e9fc8 100644 --- a/tests/fargate-profile/README.md +++ b/tests/fargate-profile/README.md @@ -12,7 +12,7 @@ $ terraform apply --auto-approve Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -85,4 +85,4 @@ No inputs. | [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | | [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created | | [self\_managed\_node\_groups\_autoscaling\_group\_names](#output\_self\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by self-managed node groups | - + diff --git a/tests/self-managed-node-group/README.md b/tests/self-managed-node-group/README.md index 6f5ddce892..6523f4f402 100644 --- a/tests/self-managed-node-group/README.md +++ b/tests/self-managed-node-group/README.md @@ -12,7 +12,7 @@ $ terraform apply --auto-approve Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - + ## Requirements | Name | Version | @@ -90,4 +90,4 @@ No inputs. | [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | | [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created | | [self\_managed\_node\_groups\_autoscaling\_group\_names](#output\_self\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by self-managed node groups | - + diff --git a/tests/user-data/README.md b/tests/user-data/README.md index 3278c7f0f9..88988ab2f4 100644 --- a/tests/user-data/README.md +++ b/tests/user-data/README.md @@ -12,7 +12,7 @@ $ terraform plan $ terraform apply --auto-approve ``` - + ## Requirements | Name | Version | @@ -104,4 +104,4 @@ No inputs. ## Outputs No outputs. - + From 7f219a678ee5712d4d7bed8881749e497130d549 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 21 Sep 2024 14:46:18 +0000 Subject: [PATCH 05/26] chore(release): version 20.24.2 [skip ci] ## [20.24.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.1...v20.24.2) (2024-09-21) ### Bug Fixes * Remove deprecated `inline_policy` from cluster role ([#3163](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3163)) ([8b90872](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/8b90872983b9c349ff2e0a71678d687dc32ed626)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cfeb4d8e90..9f2559199b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [20.24.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.1...v20.24.2) (2024-09-21) + + +### Bug Fixes + +* Remove deprecated `inline_policy` from cluster role ([#3163](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3163)) ([8b90872](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/8b90872983b9c349ff2e0a71678d687dc32ed626)) + ## [20.24.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.0...v20.24.1) (2024-09-16) From fef655585b33d717c1665bf8151f0573a17dedc2 Mon Sep 17 00:00:00 2001 From: Jami Karvanen Date: Thu, 3 Oct 2024 16:54:52 +0300 Subject: [PATCH 06/26] fix: Add `primary_ipv6` parameter to self-managed-node-group (#3169) Add primary_ipv6 parameter to self-managed-node-group --- modules/self-managed-node-group/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/self-managed-node-group/main.tf b/modules/self-managed-node-group/main.tf index 42411c484e..76201ccd0e 100644 --- a/modules/self-managed-node-group/main.tf +++ b/modules/self-managed-node-group/main.tf @@ -417,6 +417,7 @@ resource "aws_launch_template" "this" { ipv6_prefixes = try(network_interfaces.value.ipv6_prefixes, []) network_card_index = try(network_interfaces.value.network_card_index, null) network_interface_id = try(network_interfaces.value.network_interface_id, null) + primary_ipv6 = try(network_interfaces.value.primary_ipv6, null) private_ip_address = try(network_interfaces.value.private_ip_address, null) # Ref: https://github.com/hashicorp/terraform-provider-aws/issues/4570 security_groups = compact(concat(try(network_interfaces.value.security_groups, []), local.security_group_ids)) From d2c671aca25165cc060e2459f5cafb49868a7be3 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 3 Oct 2024 13:55:23 +0000 Subject: [PATCH 07/26] chore(release): version 20.24.3 [skip ci] ## [20.24.3](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.2...v20.24.3) (2024-10-03) ### Bug Fixes * Add `primary_ipv6` parameter to self-managed-node-group ([#3169](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3169)) ([fef6555](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/fef655585b33d717c1665bf8151f0573a17dedc2)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f2559199b..c5787e7944 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [20.24.3](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.2...v20.24.3) (2024-10-03) + + +### Bug Fixes + +* Add `primary_ipv6` parameter to self-managed-node-group ([#3169](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3169)) ([fef6555](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/fef655585b33d717c1665bf8151f0573a17dedc2)) + ## [20.24.2](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.1...v20.24.2) (2024-09-21) From 670aa8a79d48e13e70726b0809ac3add3914b58e Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 8 Oct 2024 14:15:15 +0000 Subject: [PATCH 08/26] docs: Correct reference module implementation names to be unique in v20 upgrade guide (#3174) --- .pre-commit-config.yaml | 2 +- docs/UPGRADE-20.0.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 55b241248d..48e324bc8d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -24,7 +24,7 @@ repos: - '--args=--only=terraform_unused_required_providers' - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/docs/UPGRADE-20.0.md b/docs/UPGRADE-20.0.md index 6f53e326c2..c93a031ee9 100644 --- a/docs/UPGRADE-20.0.md +++ b/docs/UPGRADE-20.0.md @@ -170,7 +170,7 @@ To give users advanced notice and provide some future direction for this module, - ] } -+ module "eks" { ++ module "eks_aws_auth" { + source = "terraform-aws-modules/eks/aws//modules/aws-auth" + version = "~> 20.0" @@ -197,7 +197,7 @@ To give users advanced notice and provide some future direction for this module, ### Karpenter Diff of Before (v19.21) vs After (v20.0) ```diff - module "eks" { + module "eks_karpenter" { source = "terraform-aws-modules/eks/aws//modules/karpenter" - version = "~> 19.21" + version = "~> 20.0" From eb78240617993845a2a85056655b16302ea9a02c Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 11 Oct 2024 16:03:02 +0000 Subject: [PATCH 09/26] fix: Update CI workflow versions to latest (#3176) --- .github/workflows/pr-title.yml | 2 +- .github/workflows/pre-commit.yml | 10 +++++----- .pre-commit-config.yaml | 1 - 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 3973df4438..1e50760ee7 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -14,7 +14,7 @@ jobs: steps: # Please look up the latest version from # https://github.com/amannn/action-semantic-pull-request/releases - - uses: amannn/action-semantic-pull-request@v5.4.0 + - uses: amannn/action-semantic-pull-request@v5.5.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 71878b4351..a19ff831f9 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -45,14 +45,14 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v1.3.1 with: directory: ${{ matrix.directory }} - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory != '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -61,7 +61,7 @@ jobs: - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }} # Run only validate pre-commit check on min version supported if: ${{ matrix.directory == '.' }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.minVersion }} tflint-version: ${{ env.TFLINT_VERSION }} @@ -88,10 +88,10 @@ jobs: - name: Terraform min/max versions id: minMax - uses: clowdhaus/terraform-min-max@v1.3.0 + uses: clowdhaus/terraform-min-max@v1.3.1 - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }} - uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0 + uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1 with: terraform-version: ${{ steps.minMax.outputs.maxVersion }} tflint-version: ${{ env.TFLINT_VERSION }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 48e324bc8d..4f0721881c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,6 @@ repos: - '--args=--only=terraform_required_providers' - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - - '--args=--only=terraform_unused_required_providers' - id: terraform_validate - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 From b2a8617794a782107399b26c1ff4503e0ea5ec3a Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 12 Oct 2024 16:44:24 +0000 Subject: [PATCH 10/26] feat: Add support for newly released AL2023 accelerated AMI types (#3177) --- README.md | 6 +++--- docs/compute_resources.md | 4 ++-- examples/eks-managed-node-group/eks-al2.tf | 2 +- examples/eks-managed-node-group/eks-al2023.tf | 2 +- examples/eks-managed-node-group/eks-bottlerocket.tf | 2 +- examples/eks-managed-node-group/versions.tf | 2 +- examples/karpenter/README.md | 6 +++--- examples/karpenter/main.tf | 4 ++-- examples/karpenter/versions.tf | 2 +- examples/self-managed-node-group/eks-al2.tf | 2 +- examples/self-managed-node-group/eks-al2023.tf | 2 +- examples/self-managed-node-group/eks-bottlerocket.tf | 2 +- examples/self-managed-node-group/versions.tf | 2 +- modules/_user_data/main.tf | 2 ++ modules/eks-managed-node-group/README.md | 6 +++--- modules/eks-managed-node-group/main.tf | 2 ++ modules/eks-managed-node-group/versions.tf | 2 +- modules/fargate-profile/README.md | 4 ++-- modules/fargate-profile/versions.tf | 2 +- modules/karpenter/README.md | 4 ++-- modules/karpenter/versions.tf | 2 +- modules/self-managed-node-group/README.md | 6 +++--- modules/self-managed-node-group/main.tf | 4 ++++ modules/self-managed-node-group/versions.tf | 2 +- tests/eks-managed-node-group/README.md | 4 ++-- tests/eks-managed-node-group/main.tf | 2 +- tests/eks-managed-node-group/versions.tf | 2 +- tests/fargate-profile/README.md | 4 ++-- tests/fargate-profile/main.tf | 2 +- tests/fargate-profile/versions.tf | 2 +- tests/self-managed-node-group/README.md | 4 ++-- tests/self-managed-node-group/main.tf | 7 +++++-- tests/self-managed-node-group/versions.tf | 2 +- versions.tf | 2 +- 34 files changed, 58 insertions(+), 47 deletions(-) diff --git a/README.md b/README.md index 37008e7824..7d3ae81479 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ module "eks" { version = "~> 20.0" cluster_name = "my-cluster" - cluster_version = "1.30" + cluster_version = "1.31" cluster_endpoint_public_access = true @@ -175,7 +175,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.61 | +| [aws](#requirement\_aws) | >= 5.70 | | [time](#requirement\_time) | >= 0.9 | | [tls](#requirement\_tls) | >= 3.0 | @@ -183,7 +183,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.61 | +| [aws](#provider\_aws) | >= 5.70 | | [time](#provider\_time) | >= 0.9 | | [tls](#provider\_tls) | >= 3.0 | diff --git a/docs/compute_resources.md b/docs/compute_resources.md index 721c29c1ee..1b033d2814 100644 --- a/docs/compute_resources.md +++ b/docs/compute_resources.md @@ -113,7 +113,7 @@ Refer to the [Self Managed Node Group documentation](https://docs.aws.amazon.com 1. The `self-managed-node-group` uses the latest AWS EKS Optimized AMI (Linux) for the given Kubernetes version by default: ```hcl - cluster_version = "1.27" + cluster_version = "1.31" # This self managed node group will use the latest AWS EKS Optimized AMI for Kubernetes 1.27 self_managed_node_groups = { @@ -124,7 +124,7 @@ Refer to the [Self Managed Node Group documentation](https://docs.aws.amazon.com 2. To use Bottlerocket, specify the `ami_type` as one of the respective `"BOTTLEROCKET_*" types` and supply a Bottlerocket OS AMI: ```hcl - cluster_version = "1.27" + cluster_version = "1.31" self_managed_node_groups = { bottlerocket = { diff --git a/examples/eks-managed-node-group/eks-al2.tf b/examples/eks-managed-node-group/eks-al2.tf index 2dfb5b019f..910fa216b2 100644 --- a/examples/eks-managed-node-group/eks-al2.tf +++ b/examples/eks-managed-node-group/eks-al2.tf @@ -3,7 +3,7 @@ module "eks_al2" { version = "~> 20.0" cluster_name = "${local.name}-al2" - cluster_version = "1.30" + cluster_version = "1.31" # EKS Addons cluster_addons = { diff --git a/examples/eks-managed-node-group/eks-al2023.tf b/examples/eks-managed-node-group/eks-al2023.tf index 1b112d23a2..349da821f9 100644 --- a/examples/eks-managed-node-group/eks-al2023.tf +++ b/examples/eks-managed-node-group/eks-al2023.tf @@ -3,7 +3,7 @@ module "eks_al2023" { version = "~> 20.0" cluster_name = "${local.name}-al2023" - cluster_version = "1.30" + cluster_version = "1.31" # EKS Addons cluster_addons = { diff --git a/examples/eks-managed-node-group/eks-bottlerocket.tf b/examples/eks-managed-node-group/eks-bottlerocket.tf index 44efa593c0..01a6878814 100644 --- a/examples/eks-managed-node-group/eks-bottlerocket.tf +++ b/examples/eks-managed-node-group/eks-bottlerocket.tf @@ -3,7 +3,7 @@ module "eks_bottlerocket" { version = "~> 20.0" cluster_name = "${local.name}-bottlerocket" - cluster_version = "1.30" + cluster_version = "1.31" # EKS Addons cluster_addons = { diff --git a/examples/eks-managed-node-group/versions.tf b/examples/eks-managed-node-group/versions.tf index 5bfe6da389..fe57b7a76f 100644 --- a/examples/eks-managed-node-group/versions.tf +++ b/examples/eks-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } } } diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md index 3ec2d6c2e7..43d911a8b6 100644 --- a/examples/karpenter/README.md +++ b/examples/karpenter/README.md @@ -89,7 +89,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.61 | +| [aws](#requirement\_aws) | >= 5.70 | | [helm](#requirement\_helm) | >= 2.7 | | [kubectl](#requirement\_kubectl) | >= 2.0 | @@ -97,8 +97,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.61 | -| [aws.virginia](#provider\_aws.virginia) | >= 5.61 | +| [aws](#provider\_aws) | >= 5.70 | +| [aws.virginia](#provider\_aws.virginia) | >= 5.70 | | [helm](#provider\_helm) | >= 2.7 | | [kubectl](#provider\_kubectl) | >= 2.0 | diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf index 72ceff275a..49321c977e 100644 --- a/examples/karpenter/main.tf +++ b/examples/karpenter/main.tf @@ -62,7 +62,7 @@ module "eks" { source = "../.." cluster_name = local.name - cluster_version = "1.30" + cluster_version = "1.31" # Gives Terraform identity admin access to cluster which will # allow deploying resources (Karpenter) into the cluster @@ -157,7 +157,7 @@ resource "helm_release" "karpenter" { repository_username = data.aws_ecrpublic_authorization_token.token.user_name repository_password = data.aws_ecrpublic_authorization_token.token.password chart = "karpenter" - version = "1.0.0" + version = "1.0.6" wait = false values = [ diff --git a/examples/karpenter/versions.tf b/examples/karpenter/versions.tf index 8a0624ba0d..b5a6a82f39 100644 --- a/examples/karpenter/versions.tf +++ b/examples/karpenter/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } helm = { source = "hashicorp/helm" diff --git a/examples/self-managed-node-group/eks-al2.tf b/examples/self-managed-node-group/eks-al2.tf index be5c65ade5..e015982733 100644 --- a/examples/self-managed-node-group/eks-al2.tf +++ b/examples/self-managed-node-group/eks-al2.tf @@ -3,7 +3,7 @@ module "eks_al2" { version = "~> 20.0" cluster_name = "${local.name}-al2" - cluster_version = "1.30" + cluster_version = "1.31" # EKS Addons cluster_addons = { diff --git a/examples/self-managed-node-group/eks-al2023.tf b/examples/self-managed-node-group/eks-al2023.tf index 701560527f..4d7c5dc7e1 100644 --- a/examples/self-managed-node-group/eks-al2023.tf +++ b/examples/self-managed-node-group/eks-al2023.tf @@ -3,7 +3,7 @@ module "eks_al2023" { version = "~> 20.0" cluster_name = "${local.name}-al2023" - cluster_version = "1.30" + cluster_version = "1.31" # EKS Addons cluster_addons = { diff --git a/examples/self-managed-node-group/eks-bottlerocket.tf b/examples/self-managed-node-group/eks-bottlerocket.tf index 2afb079472..ff2fb2cf3d 100644 --- a/examples/self-managed-node-group/eks-bottlerocket.tf +++ b/examples/self-managed-node-group/eks-bottlerocket.tf @@ -3,7 +3,7 @@ module "eks_bottlerocket" { version = "~> 20.0" cluster_name = "${local.name}-bottlerocket" - cluster_version = "1.30" + cluster_version = "1.31" # EKS Addons cluster_addons = { diff --git a/examples/self-managed-node-group/versions.tf b/examples/self-managed-node-group/versions.tf index 5bfe6da389..fe57b7a76f 100644 --- a/examples/self-managed-node-group/versions.tf +++ b/examples/self-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } } } diff --git a/modules/_user_data/main.tf b/modules/_user_data/main.tf index 79b8cbae5d..e66cd3d466 100644 --- a/modules/_user_data/main.tf +++ b/modules/_user_data/main.tf @@ -30,6 +30,8 @@ locals { WINDOWS_FULL_2022_x86_64 = "windows" AL2023_x86_64_STANDARD = "al2023" AL2023_ARM_64_STANDARD = "al2023" + AL2023_x86_64_NEURON = "al2023" + AL2023_x86_64_NVIDIA = "al2023" } # Try to use `ami_type` first, but fall back to current, default behavior # TODO - will be removed in v21.0 diff --git a/modules/eks-managed-node-group/README.md b/modules/eks-managed-node-group/README.md index de0c95b103..c64f006fc9 100644 --- a/modules/eks-managed-node-group/README.md +++ b/modules/eks-managed-node-group/README.md @@ -10,7 +10,7 @@ module "eks_managed_node_group" { name = "separate-eks-mng" cluster_name = "my-cluster" - cluster_version = "1.27" + cluster_version = "1.31" subnet_ids = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"] @@ -64,13 +64,13 @@ module "eks_managed_node_group" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.61 | +| [aws](#requirement\_aws) | >= 5.70 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.61 | +| [aws](#provider\_aws) | >= 5.70 | ## Modules diff --git a/modules/eks-managed-node-group/main.tf b/modules/eks-managed-node-group/main.tf index 9c0c78c9c4..42c221dc91 100644 --- a/modules/eks-managed-node-group/main.tf +++ b/modules/eks-managed-node-group/main.tf @@ -362,6 +362,8 @@ locals { WINDOWS_FULL_2022_x86_64 = "/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-${local.ssm_cluster_version}" AL2023_x86_64_STANDARD = "/aws/service/eks/optimized-ami/${local.ssm_cluster_version}/amazon-linux-2023/x86_64/standard/recommended/release_version" AL2023_ARM_64_STANDARD = "/aws/service/eks/optimized-ami/${local.ssm_cluster_version}/amazon-linux-2023/arm64/standard/recommended/release_version" + AL2023_x86_64_NEURON = "/aws/service/eks/optimized-ami/${local.ssm_cluster_version}/amazon-linux-2023/x86_64/neuron/recommended/release_version" + AL2023_x86_64_NVIDIA = "/aws/service/eks/optimized-ami/${local.ssm_cluster_version}/amazon-linux-2023/x86_64/nvidia/recommended/release_version" } # The Windows SSM params currently do not have a release version, so we have to get the full output JSON blob and parse out the release version diff --git a/modules/eks-managed-node-group/versions.tf b/modules/eks-managed-node-group/versions.tf index 5bfe6da389..fe57b7a76f 100644 --- a/modules/eks-managed-node-group/versions.tf +++ b/modules/eks-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } } } diff --git a/modules/fargate-profile/README.md b/modules/fargate-profile/README.md index e6be895ebe..a030f5ae07 100644 --- a/modules/fargate-profile/README.md +++ b/modules/fargate-profile/README.md @@ -29,13 +29,13 @@ module "fargate_profile" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.61 | +| [aws](#requirement\_aws) | >= 5.70 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.61 | +| [aws](#provider\_aws) | >= 5.70 | ## Modules diff --git a/modules/fargate-profile/versions.tf b/modules/fargate-profile/versions.tf index 5bfe6da389..fe57b7a76f 100644 --- a/modules/fargate-profile/versions.tf +++ b/modules/fargate-profile/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } } } diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md index 7cfbf27499..b2bcc1fc6f 100644 --- a/modules/karpenter/README.md +++ b/modules/karpenter/README.md @@ -86,13 +86,13 @@ module "karpenter" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.61 | +| [aws](#requirement\_aws) | >= 5.70 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.61 | +| [aws](#provider\_aws) | >= 5.70 | ## Modules diff --git a/modules/karpenter/versions.tf b/modules/karpenter/versions.tf index 5bfe6da389..fe57b7a76f 100644 --- a/modules/karpenter/versions.tf +++ b/modules/karpenter/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } } } diff --git a/modules/self-managed-node-group/README.md b/modules/self-managed-node-group/README.md index 14c3abe4ab..81d58579dd 100644 --- a/modules/self-managed-node-group/README.md +++ b/modules/self-managed-node-group/README.md @@ -10,7 +10,7 @@ module "self_managed_node_group" { name = "separate-self-mng" cluster_name = "my-cluster" - cluster_version = "1.27" + cluster_version = "1.31" cluster_endpoint = "https://012345678903AB2BAE5D1E0BFE0E2B50.gr7.us-east-1.eks.amazonaws.com" cluster_auth_base64 = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKbXFqQ1VqNGdGR2w3ZW5PeWthWnZ2RjROOTVOUEZCM2o0cGhVZUsrWGFtN2ZSQnZya0d6OGxKZmZEZWF2b2plTwpQK2xOZFlqdHZncmxCUEpYdHZIZmFzTzYxVzdIZmdWQ2EvamdRM2w3RmkvL1dpQmxFOG9oWUZkdWpjc0s1SXM2CnNkbk5KTTNYUWN2TysrSitkV09NT2ZlNzlsSWdncmdQLzgvRU9CYkw3eUY1aU1hS3lsb1RHL1V3TlhPUWt3ZUcKblBNcjdiUmdkQ1NCZTlXYXowOGdGRmlxV2FOditsTDhsODBTdFZLcWVNVlUxbjQyejVwOVpQRTd4T2l6L0xTNQpYV2lXWkVkT3pMN0xBWGVCS2gzdkhnczFxMkI2d1BKZnZnS1NzWllQRGFpZTloT1NNOUJkNFNPY3JrZTRYSVBOCkVvcXVhMlYrUDRlTWJEQzhMUkVWRDdCdVZDdWdMTldWOTBoL3VJUy9WU2VOcEdUOGVScE5DakszSjc2aFlsWm8KWjNGRG5QWUY0MWpWTHhiOXF0U1ROdEp6amYwWXBEYnFWci9xZzNmQWlxbVorMzd3YWM1eHlqMDZ4cmlaRUgzZgpUM002d2lCUEVHYVlGeWN5TmNYTk5aYW9DWDJVL0N1d2JsUHAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" @@ -43,13 +43,13 @@ module "self_managed_node_group" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.61 | +| [aws](#requirement\_aws) | >= 5.70 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.61 | +| [aws](#provider\_aws) | >= 5.70 | ## Modules diff --git a/modules/self-managed-node-group/main.tf b/modules/self-managed-node-group/main.tf index 76201ccd0e..77ca1856c8 100644 --- a/modules/self-managed-node-group/main.tf +++ b/modules/self-managed-node-group/main.tf @@ -24,6 +24,8 @@ locals { WINDOWS_FULL_2022_x86_64 = "windows" AL2023_x86_64_STANDARD = "al2023" AL2023_ARM_64_STANDARD = "al2023" + AL2023_x86_64_NEURON = "al2023" + AL2023_x86_64_NVIDIA = "al2023" } user_data_type = local.ami_type_to_user_data_type[var.ami_type] @@ -43,6 +45,8 @@ locals { WINDOWS_FULL_2022_x86_64 = "/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-${local.ssm_cluster_version}/image_id" AL2023_x86_64_STANDARD = "/aws/service/eks/optimized-ami/${local.ssm_cluster_version}/amazon-linux-2023/x86_64/standard/recommended/image_id" AL2023_ARM_64_STANDARD = "/aws/service/eks/optimized-ami/${local.ssm_cluster_version}/amazon-linux-2023/arm64/standard/recommended/image_id" + AL2023_x86_64_NEURON = "/aws/service/eks/optimized-ami/${local.ssm_cluster_version}/amazon-linux-2023/x86_64/neuron/recommended/image_id" + AL2023_x86_64_NVIDIA = "/aws/service/eks/optimized-ami/${local.ssm_cluster_version}/amazon-linux-2023/x86_64/nvidia/recommended/image_id" } } diff --git a/modules/self-managed-node-group/versions.tf b/modules/self-managed-node-group/versions.tf index 5bfe6da389..fe57b7a76f 100644 --- a/modules/self-managed-node-group/versions.tf +++ b/modules/self-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } } } diff --git a/tests/eks-managed-node-group/README.md b/tests/eks-managed-node-group/README.md index 5478469e94..70c3b10746 100644 --- a/tests/eks-managed-node-group/README.md +++ b/tests/eks-managed-node-group/README.md @@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.61 | +| [aws](#requirement\_aws) | >= 5.70 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.61 | +| [aws](#provider\_aws) | >= 5.70 | ## Modules diff --git a/tests/eks-managed-node-group/main.tf b/tests/eks-managed-node-group/main.tf index dfe7aea768..5cb5ccf8b5 100644 --- a/tests/eks-managed-node-group/main.tf +++ b/tests/eks-managed-node-group/main.tf @@ -7,7 +7,7 @@ data "aws_availability_zones" "available" {} locals { name = "ex-${replace(basename(path.cwd), "_", "-")}" - cluster_version = "1.30" + cluster_version = "1.31" region = "eu-west-1" vpc_cidr = "10.0.0.0/16" diff --git a/tests/eks-managed-node-group/versions.tf b/tests/eks-managed-node-group/versions.tf index 5bfe6da389..fe57b7a76f 100644 --- a/tests/eks-managed-node-group/versions.tf +++ b/tests/eks-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } } } diff --git a/tests/fargate-profile/README.md b/tests/fargate-profile/README.md index 16bd7e9fc8..34872e8b1a 100644 --- a/tests/fargate-profile/README.md +++ b/tests/fargate-profile/README.md @@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.61 | +| [aws](#requirement\_aws) | >= 5.70 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.61 | +| [aws](#provider\_aws) | >= 5.70 | ## Modules diff --git a/tests/fargate-profile/main.tf b/tests/fargate-profile/main.tf index 6106022373..fc9afc76ed 100644 --- a/tests/fargate-profile/main.tf +++ b/tests/fargate-profile/main.tf @@ -6,7 +6,7 @@ data "aws_availability_zones" "available" {} locals { name = "ex-${basename(path.cwd)}" - cluster_version = "1.30" + cluster_version = "1.31" region = "eu-west-1" vpc_cidr = "10.0.0.0/16" diff --git a/tests/fargate-profile/versions.tf b/tests/fargate-profile/versions.tf index 5bfe6da389..fe57b7a76f 100644 --- a/tests/fargate-profile/versions.tf +++ b/tests/fargate-profile/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } } } diff --git a/tests/self-managed-node-group/README.md b/tests/self-managed-node-group/README.md index 6523f4f402..1dbf43bac4 100644 --- a/tests/self-managed-node-group/README.md +++ b/tests/self-managed-node-group/README.md @@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.61 | +| [aws](#requirement\_aws) | >= 5.70 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.61 | +| [aws](#provider\_aws) | >= 5.70 | ## Modules diff --git a/tests/self-managed-node-group/main.tf b/tests/self-managed-node-group/main.tf index 7fc6171e95..b2c1423445 100644 --- a/tests/self-managed-node-group/main.tf +++ b/tests/self-managed-node-group/main.tf @@ -7,7 +7,7 @@ data "aws_availability_zones" "available" {} locals { name = "ex-${replace(basename(path.cwd), "_", "-")}" - cluster_version = "1.29" + cluster_version = "1.31" region = "eu-west-1" vpc_cidr = "10.0.0.0/16" @@ -138,6 +138,7 @@ module "eks" { max_size = 5 desired_size = 2 + ami_type = "AL2_x86_64" bootstrap_extra_args = "--kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot'" use_mixed_instances_policy = true @@ -172,7 +173,8 @@ module "eks" { max_size = 7 desired_size = 1 - ami_id = data.aws_ami.eks_default.id + ami_id = data.aws_ami.eks_default.id + ami_type = "AL2_x86_64" pre_bootstrap_user_data = <<-EOT export FOO=bar @@ -213,6 +215,7 @@ module "eks" { max_size = 2 desired_size = 1 + ami_type = "AL2_x86_64" bootstrap_extra_args = "--kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot'" instance_type = null diff --git a/tests/self-managed-node-group/versions.tf b/tests/self-managed-node-group/versions.tf index 5bfe6da389..fe57b7a76f 100644 --- a/tests/self-managed-node-group/versions.tf +++ b/tests/self-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } } } diff --git a/versions.tf b/versions.tf index 00d8754704..4717288ded 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.61" + version = ">= 5.70" } tls = { source = "hashicorp/tls" From 159db95b6d99f7f8a93a403a7aeb7ded079345cd Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 12 Oct 2024 16:44:50 +0000 Subject: [PATCH 11/26] chore(release): version 20.25.0 [skip ci] ## [20.25.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.3...v20.25.0) (2024-10-12) ### Features * Add support for newly released AL2023 accelerated AMI types ([#3177](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3177)) ([b2a8617](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/b2a8617794a782107399b26c1ff4503e0ea5ec3a)) ### Bug Fixes * Update CI workflow versions to latest ([#3176](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3176)) ([eb78240](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/eb78240617993845a2a85056655b16302ea9a02c)) --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c5787e7944..5a205edb3c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ All notable changes to this project will be documented in this file. +## [20.25.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.3...v20.25.0) (2024-10-12) + + +### Features + +* Add support for newly released AL2023 accelerated AMI types ([#3177](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3177)) ([b2a8617](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/b2a8617794a782107399b26c1ff4503e0ea5ec3a)) + + +### Bug Fixes + +* Update CI workflow versions to latest ([#3176](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3176)) ([eb78240](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/eb78240617993845a2a85056655b16302ea9a02c)) + ## [20.24.3](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.2...v20.24.3) (2024-10-03) From 6974a5e1582a4ed2d8b1f9a07cdacd156ba5ffef Mon Sep 17 00:00:00 2001 From: dtscssap <146767262+dtscssap@users.noreply.github.com> Date: Sat, 12 Oct 2024 12:57:19 -0400 Subject: [PATCH 12/26] feat: Add support for `desired_capacity_type` (named `desired_size_type`) on self-managed node group (#3166) * set desired_capacity_type * fix: Add variable with `null` type and pass through node group --------- Co-authored-by: Bryant Biggs --- modules/self-managed-node-group/README.md | 1 + modules/self-managed-node-group/main.tf | 1 + modules/self-managed-node-group/variables.tf | 6 ++++++ node_groups.tf | 1 + 4 files changed, 9 insertions(+) diff --git a/modules/self-managed-node-group/README.md b/modules/self-managed-node-group/README.md index 81d58579dd..7b9ffc5a8b 100644 --- a/modules/self-managed-node-group/README.md +++ b/modules/self-managed-node-group/README.md @@ -117,6 +117,7 @@ module "self_managed_node_group" { | [default\_instance\_warmup](#input\_default\_instance\_warmup) | Amount of time, in seconds, until a newly launched instance can contribute to the Amazon CloudWatch metrics. This delay lets an instance finish initializing before Amazon EC2 Auto Scaling aggregates instance metrics, resulting in more reliable usage data | `number` | `null` | no | | [delete\_timeout](#input\_delete\_timeout) | Delete timeout to wait for destroying autoscaling group | `string` | `null` | no | | [desired\_size](#input\_desired\_size) | The number of Amazon EC2 instances that should be running in the autoscaling group | `number` | `1` | no | +| [desired\_size\_type](#input\_desired\_size\_type) | The unit of measurement for the value specified for `desired_size`. Supported for attribute-based instance type selection only. Valid values: `units`, `vcpu`, `memory-mib` | `string` | `null` | no | | [disable\_api\_termination](#input\_disable\_api\_termination) | If true, enables EC2 instance termination protection | `bool` | `null` | no | | [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `null` | no | | [elastic\_gpu\_specifications](#input\_elastic\_gpu\_specifications) | The elastic GPU to attach to the instance | `any` | `{}` | no | diff --git a/modules/self-managed-node-group/main.tf b/modules/self-managed-node-group/main.tf index 77ca1856c8..127591081b 100644 --- a/modules/self-managed-node-group/main.tf +++ b/modules/self-managed-node-group/main.tf @@ -502,6 +502,7 @@ resource "aws_autoscaling_group" "this" { default_cooldown = var.default_cooldown default_instance_warmup = var.default_instance_warmup desired_capacity = var.desired_size + desired_capacity_type = var.desired_size_type enabled_metrics = var.enabled_metrics force_delete = var.force_delete force_delete_warm_pool = var.force_delete_warm_pool diff --git a/modules/self-managed-node-group/variables.tf b/modules/self-managed-node-group/variables.tf index 92121ea750..fd2216d300 100644 --- a/modules/self-managed-node-group/variables.tf +++ b/modules/self-managed-node-group/variables.tf @@ -420,6 +420,12 @@ variable "desired_size" { default = 1 } +variable "desired_size_type" { + description = "The unit of measurement for the value specified for `desired_size`. Supported for attribute-based instance type selection only. Valid values: `units`, `vcpu`, `memory-mib`" + type = string + default = null +} + variable "ignore_failed_scaling_activities" { description = "Whether to ignore failed Auto Scaling scaling activities while waiting for capacity." type = bool diff --git a/node_groups.tf b/node_groups.tf index de75fc9133..4ac638100a 100644 --- a/node_groups.tf +++ b/node_groups.tf @@ -435,6 +435,7 @@ module "self_managed_node_group" { min_size = try(each.value.min_size, var.self_managed_node_group_defaults.min_size, 0) max_size = try(each.value.max_size, var.self_managed_node_group_defaults.max_size, 3) desired_size = try(each.value.desired_size, var.self_managed_node_group_defaults.desired_size, 1) + desired_size_type = try(each.value.desired_size_type, var.self_managed_node_group_defaults.desired_size_type, null) capacity_rebalance = try(each.value.capacity_rebalance, var.self_managed_node_group_defaults.capacity_rebalance, null) min_elb_capacity = try(each.value.min_elb_capacity, var.self_managed_node_group_defaults.min_elb_capacity, null) wait_for_elb_capacity = try(each.value.wait_for_elb_capacity, var.self_managed_node_group_defaults.wait_for_elb_capacity, null) From 00d4cc1373d97a5abfa05b7cc75e9c9a189e4d5f Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 12 Oct 2024 16:57:44 +0000 Subject: [PATCH 13/26] chore(release): version 20.26.0 [skip ci] ## [20.26.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.25.0...v20.26.0) (2024-10-12) ### Features * Add support for `desired_capacity_type` (named `desired_size_type`) on self-managed node group ([#3166](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3166)) ([6974a5e](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/6974a5e1582a4ed2d8b1f9a07cdacd156ba5ffef)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a205edb3c..195f5c5c46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [20.26.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.25.0...v20.26.0) (2024-10-12) + + +### Features + +* Add support for `desired_capacity_type` (named `desired_size_type`) on self-managed node group ([#3166](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3166)) ([6974a5e](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/6974a5e1582a4ed2d8b1f9a07cdacd156ba5ffef)) + ## [20.25.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.24.3...v20.25.0) (2024-10-12) From 4abc779c0e29fdf64d6c725ef0c5f7de8a708c46 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 22 Oct 2024 15:08:16 +0000 Subject: [PATCH 14/26] docs: Correct doc links following `examples`/`tests` re-org (#3187) --- docs/UPGRADE-18.0.md | 2 +- docs/compute_resources.md | 6 +++--- docs/user_data.md | 2 +- modules/_user_data/README.md | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/UPGRADE-18.0.md b/docs/UPGRADE-18.0.md index 3f25ca8e43..8b3d0accad 100644 --- a/docs/UPGRADE-18.0.md +++ b/docs/UPGRADE-18.0.md @@ -48,7 +48,7 @@ See more information [here](https://github.com/terraform-aws-modules/terraform-a - Additional changes for the `self-managed-node-group` sub-module over the previous `node_groups` variable include: - The underlying autoscaling group and launch template have been updated to more closely match that of the [`terraform-aws-autoscaling`](https://github.com/terraform-aws-modules/terraform-aws-autoscaling) module and the features it offers - The previous iteration used a count over a list of node group definitions which was prone to disruptive updates; this is now replaced with a map/for_each to align with that of the EKS managed node group and Fargate profile behaviors/style -- The user data configuration supported across the module has been completely revamped. A new `_user_data` internal sub-module has been created to consolidate all user data configuration in one location which provides better support for testability (via the [`examples/user_data`](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/user_data) example). The new sub-module supports nearly all possible combinations including the ability to allow users to provide their own user data template which will be rendered by the module. See the `examples/user_data` example project for the full plethora of example configuration possibilities and more details on the logic of the design can be found in the [`modules/_user_data`](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/modules/_user_data_) directory. +- The user data configuration supported across the module has been completely revamped. A new `_user_data` internal sub-module has been created to consolidate all user data configuration in one location which provides better support for testability (via the [`tests/user-data`](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/tests/user-data) example). The new sub-module supports nearly all possible combinations including the ability to allow users to provide their own user data template which will be rendered by the module. See the `tests/user-data` example project for the full plethora of example configuration possibilities and more details on the logic of the design can be found in the [`modules/_user_data`](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/modules/_user_data_) directory. - Resource name changes may cause issues with existing resources. For example, security groups and IAM roles cannot be renamed, they must be recreated. Recreation of these resources may also trigger a recreation of the cluster. To use the legacy (< 18.x) resource naming convention, set `prefix_separator` to "". - Security group usage has been overhauled to provide only the bare minimum network connectivity required to launch a bare bones cluster. See the [security group documentation section](https://github.com/terraform-aws-modules/terraform-aws-eks#security-groups) for more details. Users upgrading to v18.x will want to review the rules they have in place today versus the rules provisioned by the v18.x module and ensure to make any necessary adjustments for their specific workload. diff --git a/docs/compute_resources.md b/docs/compute_resources.md index 1b033d2814..6b74c4a507 100644 --- a/docs/compute_resources.md +++ b/docs/compute_resources.md @@ -104,7 +104,7 @@ Refer to the [EKS Managed Node Group documentation](https://docs.aws.amazon.com/ } ``` -See the [`examples/eks_managed_node_group/` example](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks_managed_node_group) for a working example of various configurations. +See the [`examples/eks-managed-node-group/` example](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/eks-managed-node-group) for a working example of various configurations. ### Self Managed Node Groups @@ -134,11 +134,11 @@ Refer to the [Self Managed Node Group documentation](https://docs.aws.amazon.com } ``` -See the [`examples/self_managed_node_group/` example](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/self_managed_node_group) for a working example of various configurations. +See the [`examples/self-managed-node-group/` example](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/self-managed-node-group) for a working example of various configurations. ### Fargate Profiles -Fargate profiles are straightforward to use and therefore no further details are provided here. See the [`examples/fargate_profile/` example](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/fargate_profile) for a working example of various configurations. +Fargate profiles are straightforward to use and therefore no further details are provided here. See the [`tests/fargate-profile/` tests](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/tests/fargate-profile) for a working example of various configurations. ### Default Configurations diff --git a/docs/user_data.md b/docs/user_data.md index 1ddc5d1aa7..3ca2263deb 100644 --- a/docs/user_data.md +++ b/docs/user_data.md @@ -1,6 +1,6 @@ # User Data & Bootstrapping -Users can see the various methods of using and providing user data through the [user data examples](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/user_data) as well more detailed information on the design and possible configurations via the [user data module itself](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/modules/_user_data) +Users can see the various methods of using and providing user data through the [user data tests](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/tests/user-data) as well more detailed information on the design and possible configurations via the [user data module itself](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/modules/_user_data) ## Summary diff --git a/modules/_user_data/README.md b/modules/_user_data/README.md index 09c4b98a4e..185335b16a 100644 --- a/modules/_user_data/README.md +++ b/modules/_user_data/README.md @@ -2,7 +2,7 @@ Configuration in this directory renders the appropriate user data for the given inputs. See [`docs/user_data.md`](https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/user_data.md) for more info. -See [`examples/user_data/`](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/user_data) for various examples using this module. +See [`tests/user-data/`](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/tests/user-data) for various tests cases using this module. ## Requirements From dea6c44b459a546b1386563dfd497bc9d766bfe1 Mon Sep 17 00:00:00 2001 From: joey100 Date: Sun, 27 Oct 2024 08:12:25 +0800 Subject: [PATCH 15/26] fix: Use dynamic partition data source to determine DNS suffix for Karpenter EC2 pass role permission (#3193) * fix karpenter iam passrole to ec2 api bug, to support aws cn * fix: Use dyanmic partition value for DNS suffix --------- Co-authored-by: Shuiping Co-authored-by: Bryant Biggs --- modules/karpenter/policy.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf index 456a27f417..7fb04e47b2 100644 --- a/modules/karpenter/policy.tf +++ b/modules/karpenter/policy.tf @@ -195,7 +195,7 @@ data "aws_iam_policy_document" "v033" { condition { test = "StringEquals" variable = "iam:PassedToService" - values = ["ec2.amazonaws.com"] + values = ["ec2.${local.dns_suffix}"] } } @@ -584,7 +584,7 @@ data "aws_iam_policy_document" "v1" { condition { test = "StringEquals" variable = "iam:PassedToService" - values = ["ec2.amazonaws.com"] + values = ["ec2.${local.dns_suffix}"] } } From 769633253996237a79fe4c4cb49ec0eadfae5e69 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sun, 27 Oct 2024 00:13:02 +0000 Subject: [PATCH 16/26] chore(release): version 20.26.1 [skip ci] ## [20.26.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.26.0...v20.26.1) (2024-10-27) ### Bug Fixes * Use dynamic partition data source to determine DNS suffix for Karpenter EC2 pass role permission ([#3193](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3193)) ([dea6c44](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/dea6c44b459a546b1386563dfd497bc9d766bfe1)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 195f5c5c46..84131a93aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [20.26.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.26.0...v20.26.1) (2024-10-27) + + +### Bug Fixes + +* Use dynamic partition data source to determine DNS suffix for Karpenter EC2 pass role permission ([#3193](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3193)) ([dea6c44](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/dea6c44b459a546b1386563dfd497bc9d766bfe1)) + ## [20.26.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.25.0...v20.26.0) (2024-10-12) From 1b0ac832647dcf0425aedba119fa8276008cbe28 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 1 Nov 2024 21:50:19 +0000 Subject: [PATCH 17/26] feat: Add support for zonal shift (#3195) --- README.md | 5 +++-- examples/eks-managed-node-group/versions.tf | 2 +- examples/karpenter/README.md | 6 +++--- examples/karpenter/versions.tf | 2 +- examples/self-managed-node-group/versions.tf | 2 +- main.tf | 8 ++++++++ modules/eks-managed-node-group/README.md | 4 ++-- modules/eks-managed-node-group/versions.tf | 2 +- modules/fargate-profile/README.md | 4 ++-- modules/fargate-profile/versions.tf | 2 +- modules/karpenter/README.md | 4 ++-- modules/karpenter/versions.tf | 2 +- modules/self-managed-node-group/README.md | 4 ++-- modules/self-managed-node-group/versions.tf | 2 +- tests/eks-managed-node-group/README.md | 4 ++-- tests/eks-managed-node-group/main.tf | 4 ++++ tests/eks-managed-node-group/versions.tf | 2 +- tests/fargate-profile/README.md | 4 ++-- tests/fargate-profile/versions.tf | 2 +- tests/self-managed-node-group/README.md | 4 ++-- tests/self-managed-node-group/versions.tf | 2 +- variables.tf | 6 ++++++ versions.tf | 2 +- 23 files changed, 49 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 7d3ae81479..b272a6475d 100644 --- a/README.md +++ b/README.md @@ -175,7 +175,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.74 | | [time](#requirement\_time) | >= 0.9 | | [tls](#requirement\_tls) | >= 3.0 | @@ -183,7 +183,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.74 | | [time](#provider\_time) | >= 0.9 | | [tls](#provider\_tls) | >= 3.0 | @@ -268,6 +268,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | [cluster\_timeouts](#input\_cluster\_timeouts) | Create, update, and delete timeout configurations for the cluster | `map(string)` | `{}` | no | | [cluster\_upgrade\_policy](#input\_cluster\_upgrade\_policy) | Configuration block for the cluster upgrade policy | `any` | `{}` | no | | [cluster\_version](#input\_cluster\_version) | Kubernetes `.` version to use for the EKS cluster (i.e.: `1.27`) | `string` | `null` | no | +| [cluster\_zonal\_shift\_config](#input\_cluster\_zonal\_shift\_config) | Configuration block for the cluster zonal shift | `any` | `{}` | no | | [control\_plane\_subnet\_ids](#input\_control\_plane\_subnet\_ids) | A list of subnet IDs where the EKS cluster control plane (ENIs) will be provisioned. Used for expanding the pool of subnets used by nodes/node groups without replacing the EKS control plane | `list(string)` | `[]` | no | | [create](#input\_create) | Controls if resources should be created (affects nearly all resources) | `bool` | `true` | no | | [create\_cloudwatch\_log\_group](#input\_create\_cloudwatch\_log\_group) | Determines whether a log group is created by this module for the cluster logs. If not, AWS will automatically create one if logging is enabled | `bool` | `true` | no | diff --git a/examples/eks-managed-node-group/versions.tf b/examples/eks-managed-node-group/versions.tf index fe57b7a76f..3cc97fa038 100644 --- a/examples/eks-managed-node-group/versions.tf +++ b/examples/eks-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } } } diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md index 43d911a8b6..b621a36591 100644 --- a/examples/karpenter/README.md +++ b/examples/karpenter/README.md @@ -89,7 +89,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.74 | | [helm](#requirement\_helm) | >= 2.7 | | [kubectl](#requirement\_kubectl) | >= 2.0 | @@ -97,8 +97,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | -| [aws.virginia](#provider\_aws.virginia) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.74 | +| [aws.virginia](#provider\_aws.virginia) | >= 5.74 | | [helm](#provider\_helm) | >= 2.7 | | [kubectl](#provider\_kubectl) | >= 2.0 | diff --git a/examples/karpenter/versions.tf b/examples/karpenter/versions.tf index b5a6a82f39..0c0cc6c763 100644 --- a/examples/karpenter/versions.tf +++ b/examples/karpenter/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } helm = { source = "hashicorp/helm" diff --git a/examples/self-managed-node-group/versions.tf b/examples/self-managed-node-group/versions.tf index fe57b7a76f..3cc97fa038 100644 --- a/examples/self-managed-node-group/versions.tf +++ b/examples/self-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } } } diff --git a/main.tf b/main.tf index b891b26d0e..0b62869c24 100644 --- a/main.tf +++ b/main.tf @@ -92,6 +92,14 @@ resource "aws_eks_cluster" "this" { } } + dynamic "zonal_shift_config" { + for_each = length(var.cluster_zonal_shift_config) > 0 ? [var.cluster_zonal_shift_config] : [] + + content { + enabled = try(zonal_shift_config.value.enabled, null) + } + } + tags = merge( { terraform-aws-modules = "eks" }, var.tags, diff --git a/modules/eks-managed-node-group/README.md b/modules/eks-managed-node-group/README.md index c64f006fc9..709885898d 100644 --- a/modules/eks-managed-node-group/README.md +++ b/modules/eks-managed-node-group/README.md @@ -64,13 +64,13 @@ module "eks_managed_node_group" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.74 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.74 | ## Modules diff --git a/modules/eks-managed-node-group/versions.tf b/modules/eks-managed-node-group/versions.tf index fe57b7a76f..3cc97fa038 100644 --- a/modules/eks-managed-node-group/versions.tf +++ b/modules/eks-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } } } diff --git a/modules/fargate-profile/README.md b/modules/fargate-profile/README.md index a030f5ae07..732cd7b455 100644 --- a/modules/fargate-profile/README.md +++ b/modules/fargate-profile/README.md @@ -29,13 +29,13 @@ module "fargate_profile" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.74 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.74 | ## Modules diff --git a/modules/fargate-profile/versions.tf b/modules/fargate-profile/versions.tf index fe57b7a76f..3cc97fa038 100644 --- a/modules/fargate-profile/versions.tf +++ b/modules/fargate-profile/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } } } diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md index b2bcc1fc6f..2ca911d156 100644 --- a/modules/karpenter/README.md +++ b/modules/karpenter/README.md @@ -86,13 +86,13 @@ module "karpenter" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.74 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.74 | ## Modules diff --git a/modules/karpenter/versions.tf b/modules/karpenter/versions.tf index fe57b7a76f..3cc97fa038 100644 --- a/modules/karpenter/versions.tf +++ b/modules/karpenter/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } } } diff --git a/modules/self-managed-node-group/README.md b/modules/self-managed-node-group/README.md index 7b9ffc5a8b..c8961a104b 100644 --- a/modules/self-managed-node-group/README.md +++ b/modules/self-managed-node-group/README.md @@ -43,13 +43,13 @@ module "self_managed_node_group" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.74 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.74 | ## Modules diff --git a/modules/self-managed-node-group/versions.tf b/modules/self-managed-node-group/versions.tf index fe57b7a76f..3cc97fa038 100644 --- a/modules/self-managed-node-group/versions.tf +++ b/modules/self-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } } } diff --git a/tests/eks-managed-node-group/README.md b/tests/eks-managed-node-group/README.md index 70c3b10746..39af8f08ed 100644 --- a/tests/eks-managed-node-group/README.md +++ b/tests/eks-managed-node-group/README.md @@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.74 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.74 | ## Modules diff --git a/tests/eks-managed-node-group/main.tf b/tests/eks-managed-node-group/main.tf index 5cb5ccf8b5..9c59f30507 100644 --- a/tests/eks-managed-node-group/main.tf +++ b/tests/eks-managed-node-group/main.tf @@ -65,6 +65,10 @@ module "eks" { support_type = "STANDARD" } + cluster_zonal_shift_config = { + enabled = true + } + vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnets control_plane_subnet_ids = module.vpc.intra_subnets diff --git a/tests/eks-managed-node-group/versions.tf b/tests/eks-managed-node-group/versions.tf index fe57b7a76f..3cc97fa038 100644 --- a/tests/eks-managed-node-group/versions.tf +++ b/tests/eks-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } } } diff --git a/tests/fargate-profile/README.md b/tests/fargate-profile/README.md index 34872e8b1a..a7af7cd080 100644 --- a/tests/fargate-profile/README.md +++ b/tests/fargate-profile/README.md @@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.74 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.74 | ## Modules diff --git a/tests/fargate-profile/versions.tf b/tests/fargate-profile/versions.tf index fe57b7a76f..3cc97fa038 100644 --- a/tests/fargate-profile/versions.tf +++ b/tests/fargate-profile/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } } } diff --git a/tests/self-managed-node-group/README.md b/tests/self-managed-node-group/README.md index 1dbf43bac4..0691b7aa0b 100644 --- a/tests/self-managed-node-group/README.md +++ b/tests/self-managed-node-group/README.md @@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.70 | +| [aws](#requirement\_aws) | >= 5.74 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.70 | +| [aws](#provider\_aws) | >= 5.74 | ## Modules diff --git a/tests/self-managed-node-group/versions.tf b/tests/self-managed-node-group/versions.tf index fe57b7a76f..3cc97fa038 100644 --- a/tests/self-managed-node-group/versions.tf +++ b/tests/self-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } } } diff --git a/variables.tf b/variables.tf index 420248c744..7a7226b96a 100644 --- a/variables.tf +++ b/variables.tf @@ -50,6 +50,12 @@ variable "cluster_upgrade_policy" { default = {} } +variable "cluster_zonal_shift_config" { + description = "Configuration block for the cluster zonal shift" + type = any + default = {} +} + variable "cluster_additional_security_group_ids" { description = "List of additional, externally created security group IDs to attach to the cluster control plane" type = list(string) diff --git a/versions.tf b/versions.tf index 4717288ded..090ca7b00b 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.70" + version = ">= 5.74" } tls = { source = "hashicorp/tls" From ac14562541844ffd1646a84e90b68b15fab26ecd Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 1 Nov 2024 21:50:50 +0000 Subject: [PATCH 18/26] chore(release): version 20.27.0 [skip ci] ## [20.27.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.26.1...v20.27.0) (2024-11-01) ### Features * Add support for zonal shift ([#3195](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3195)) ([1b0ac83](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/1b0ac832647dcf0425aedba119fa8276008cbe28)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 84131a93aa..6169e0c148 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [20.27.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.26.1...v20.27.0) (2024-11-01) + + +### Features + +* Add support for zonal shift ([#3195](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3195)) ([1b0ac83](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/1b0ac832647dcf0425aedba119fa8276008cbe28)) + ## [20.26.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.26.0...v20.26.1) (2024-10-27) From c6da22c78f60a8643a6c76f97c93724f4e1f4e5a Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 2 Nov 2024 13:33:13 +0000 Subject: [PATCH 19/26] feat: Add support for creating `efa-only` network interfaces (#3196) --- .pre-commit-config.yaml | 2 +- modules/eks-managed-node-group/README.md | 2 + modules/eks-managed-node-group/main.tf | 3 +- modules/eks-managed-node-group/variables.tf | 13 ++ modules/self-managed-node-group/README.md | 2 + modules/self-managed-node-group/main.tf | 5 +- modules/self-managed-node-group/variables.tf | 13 ++ node_groups.tf | 4 + tests/eks-managed-node-group/main.tf | 101 +++++++++----- tests/self-managed-node-group/main.tf | 130 ++++++++++++------- 10 files changed, 196 insertions(+), 79 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4f0721881c..baacea01bb 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.96.1 + rev: v1.96.2 hooks: - id: terraform_fmt - id: terraform_docs diff --git a/modules/eks-managed-node-group/README.md b/modules/eks-managed-node-group/README.md index 709885898d..ace9106c3d 100644 --- a/modules/eks-managed-node-group/README.md +++ b/modules/eks-managed-node-group/README.md @@ -132,9 +132,11 @@ module "eks_managed_node_group" { | [disable\_api\_termination](#input\_disable\_api\_termination) | If true, enables EC2 instance termination protection | `bool` | `null` | no | | [disk\_size](#input\_disk\_size) | Disk size in GiB for nodes. Defaults to `20`. Only valid when `use_custom_launch_template` = `false` | `number` | `null` | no | | [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance(s) will be EBS-optimized | `bool` | `null` | no | +| [efa\_indices](#input\_efa\_indices) | The indices of the network interfaces that should be EFA-enabled. Only valid when `enable_efa_support` = `true` | `list(number)` | 
[
  0
]
| no | | [elastic\_gpu\_specifications](#input\_elastic\_gpu\_specifications) | The elastic GPU to attach to the instance | `any` | `{}` | no | | [elastic\_inference\_accelerator](#input\_elastic\_inference\_accelerator) | Configuration block containing an Elastic Inference Accelerator to attach to the instance | `map(string)` | `{}` | no | | [enable\_bootstrap\_user\_data](#input\_enable\_bootstrap\_user\_data) | Determines whether the bootstrap configurations are populated within the user data template. Only valid when using a custom AMI via `ami_id` | `bool` | `false` | no | +| [enable\_efa\_only](#input\_enable\_efa\_only) | Determines whether to enable EFA (`false`, default) or EFA and EFA-only (`true`) network interfaces. Note: requires vpc-cni version `v1.18.4` or later | `bool` | `false` | no | | [enable\_efa\_support](#input\_enable\_efa\_support) | Determines whether to enable Elastic Fabric Adapter (EFA) support | `bool` | `false` | no | | [enable\_monitoring](#input\_enable\_monitoring) | Enables/disables detailed monitoring | `bool` | `true` | no | | [enclave\_options](#input\_enclave\_options) | Enable Nitro Enclaves on launched instances | `map(string)` | `{}` | no | diff --git a/modules/eks-managed-node-group/main.tf b/modules/eks-managed-node-group/main.tf index 42c221dc91..c1581439d2 100644 --- a/modules/eks-managed-node-group/main.tf +++ b/modules/eks-managed-node-group/main.tf @@ -44,13 +44,14 @@ locals { efa_instance_type = try(element(var.instance_types, 0), "") num_network_cards = try(data.aws_ec2_instance_type.this[0].maximum_network_cards, 0) + # Primary network interface must be EFA, remaining can be EFA or EFA-only efa_network_interfaces = [ for i in range(local.num_network_cards) : { associate_public_ip_address = false delete_on_termination = true device_index = i == 0 ? 0 : 1 network_card_index = i - interface_type = "efa" + interface_type = var.enable_efa_only ? contains(concat([0], var.efa_indices), i) ? "efa" : "efa-only" : "efa" } ] diff --git a/modules/eks-managed-node-group/variables.tf b/modules/eks-managed-node-group/variables.tf index bb60b85665..e0ee435785 100644 --- a/modules/eks-managed-node-group/variables.tf +++ b/modules/eks-managed-node-group/variables.tf @@ -285,6 +285,19 @@ variable "enable_efa_support" { default = false } +# TODO - make this true by default at next breaking change (remove variable, only pass indices) +variable "enable_efa_only" { + description = "Determines whether to enable EFA (`false`, default) or EFA and EFA-only (`true`) network interfaces. Note: requires vpc-cni version `v1.18.4` or later" + type = bool + default = false +} + +variable "efa_indices" { + description = "The indices of the network interfaces that should be EFA-enabled. Only valid when `enable_efa_support` = `true`" + type = list(number) + default = [0] +} + variable "network_interfaces" { description = "Customize network interfaces to be attached at instance boot time" type = list(any) diff --git a/modules/self-managed-node-group/README.md b/modules/self-managed-node-group/README.md index c8961a104b..d2c53be59a 100644 --- a/modules/self-managed-node-group/README.md +++ b/modules/self-managed-node-group/README.md @@ -120,8 +120,10 @@ module "self_managed_node_group" { | [desired\_size\_type](#input\_desired\_size\_type) | The unit of measurement for the value specified for `desired_size`. Supported for attribute-based instance type selection only. Valid values: `units`, `vcpu`, `memory-mib` | `string` | `null` | no | | [disable\_api\_termination](#input\_disable\_api\_termination) | If true, enables EC2 instance termination protection | `bool` | `null` | no | | [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `null` | no | +| [efa\_indices](#input\_efa\_indices) | The indices of the network interfaces that should be EFA-enabled. Only valid when `enable_efa_support` = `true` | `list(number)` | 
[
  0
]
| no | | [elastic\_gpu\_specifications](#input\_elastic\_gpu\_specifications) | The elastic GPU to attach to the instance | `any` | `{}` | no | | [elastic\_inference\_accelerator](#input\_elastic\_inference\_accelerator) | Configuration block containing an Elastic Inference Accelerator to attach to the instance | `map(string)` | `{}` | no | +| [enable\_efa\_only](#input\_enable\_efa\_only) | Determines whether to enable EFA (`false`, default) or EFA and EFA-only (`true`) network interfaces. Note: requires vpc-cni version `v1.18.4` or later | `bool` | `false` | no | | [enable\_efa\_support](#input\_enable\_efa\_support) | Determines whether to enable Elastic Fabric Adapter (EFA) support | `bool` | `false` | no | | [enable\_monitoring](#input\_enable\_monitoring) | Enables/disables detailed monitoring | `bool` | `true` | no | | [enabled\_metrics](#input\_enabled\_metrics) | A list of metrics to collect. The allowed values are `GroupDesiredCapacity`, `GroupInServiceCapacity`, `GroupPendingCapacity`, `GroupMinSize`, `GroupMaxSize`, `GroupInServiceInstances`, `GroupPendingInstances`, `GroupStandbyInstances`, `GroupStandbyCapacity`, `GroupTerminatingCapacity`, `GroupTerminatingInstances`, `GroupTotalCapacity`, `GroupTotalInstances` | `list(string)` | `[]` | no | diff --git a/modules/self-managed-node-group/main.tf b/modules/self-managed-node-group/main.tf index 127591081b..484a92e340 100644 --- a/modules/self-managed-node-group/main.tf +++ b/modules/self-managed-node-group/main.tf @@ -90,7 +90,7 @@ module "user_data" { ################################################################################ data "aws_ec2_instance_type" "this" { - count = local.enable_efa_support ? 1 : 0 + count = var.create && var.enable_efa_support ? 1 : 0 instance_type = var.instance_type } @@ -101,13 +101,14 @@ locals { instance_type_provided = var.instance_type != "" num_network_cards = try(data.aws_ec2_instance_type.this[0].maximum_network_cards, 0) + # Primary network interface must be EFA, remaining can be EFA or EFA-only efa_network_interfaces = [ for i in range(local.num_network_cards) : { associate_public_ip_address = false delete_on_termination = true device_index = i == 0 ? 0 : 1 network_card_index = i - interface_type = "efa" + interface_type = var.enable_efa_only ? contains(concat([0], var.efa_indices), i) ? "efa" : "efa-only" : "efa" } ] diff --git a/modules/self-managed-node-group/variables.tf b/modules/self-managed-node-group/variables.tf index fd2216d300..9076dab5af 100644 --- a/modules/self-managed-node-group/variables.tf +++ b/modules/self-managed-node-group/variables.tf @@ -334,6 +334,19 @@ variable "enable_efa_support" { default = false } +# TODO - make this true by default at next breaking change (remove variable, only pass indices) +variable "enable_efa_only" { + description = "Determines whether to enable EFA (`false`, default) or EFA and EFA-only (`true`) network interfaces. Note: requires vpc-cni version `v1.18.4` or later" + type = bool + default = false +} + +variable "efa_indices" { + description = "The indices of the network interfaces that should be EFA-enabled. Only valid when `enable_efa_support` = `true`" + type = list(number) + default = [0] +} + variable "metadata_options" { description = "Customize the metadata options for the instance" type = map(string) diff --git a/node_groups.tf b/node_groups.tf index 4ac638100a..a8e499abfa 100644 --- a/node_groups.tf +++ b/node_groups.tf @@ -375,6 +375,8 @@ module "eks_managed_node_group" { metadata_options = try(each.value.metadata_options, var.eks_managed_node_group_defaults.metadata_options, local.metadata_options) enable_monitoring = try(each.value.enable_monitoring, var.eks_managed_node_group_defaults.enable_monitoring, true) enable_efa_support = try(each.value.enable_efa_support, var.eks_managed_node_group_defaults.enable_efa_support, false) + enable_efa_only = try(each.value.enable_efa_only, var.eks_managed_node_group_defaults.enable_efa_only, false) + efa_indices = try(each.value.efa_indices, var.eks_managed_node_group_defaults.efa_indices, [0]) create_placement_group = try(each.value.create_placement_group, var.eks_managed_node_group_defaults.create_placement_group, false) placement = try(each.value.placement, var.eks_managed_node_group_defaults.placement, {}) placement_group_az = try(each.value.placement_group_az, var.eks_managed_node_group_defaults.placement_group_az, null) @@ -526,6 +528,8 @@ module "self_managed_node_group" { metadata_options = try(each.value.metadata_options, var.self_managed_node_group_defaults.metadata_options, local.metadata_options) enable_monitoring = try(each.value.enable_monitoring, var.self_managed_node_group_defaults.enable_monitoring, true) enable_efa_support = try(each.value.enable_efa_support, var.self_managed_node_group_defaults.enable_efa_support, false) + enable_efa_only = try(each.value.enable_efa_only, var.self_managed_node_group_defaults.enable_efa_only, false) + efa_indices = try(each.value.efa_indices, var.self_managed_node_group_defaults.efa_indices, [0]) network_interfaces = try(each.value.network_interfaces, var.self_managed_node_group_defaults.network_interfaces, []) placement = try(each.value.placement, var.self_managed_node_group_defaults.placement, {}) maintenance_options = try(each.value.maintenance_options, var.self_managed_node_group_defaults.maintenance_options, {}) diff --git a/tests/eks-managed-node-group/main.tf b/tests/eks-managed-node-group/main.tf index 9c59f30507..7292e765dc 100644 --- a/tests/eks-managed-node-group/main.tf +++ b/tests/eks-managed-node-group/main.tf @@ -74,7 +74,7 @@ module "eks" { control_plane_subnet_ids = module.vpc.intra_subnets eks_managed_node_group_defaults = { - ami_type = "AL2_x86_64" + ami_type = "AL2023_x86_64_STANDARD" instance_types = ["m6i.large", "m5.large", "m5n.large", "m5zn.large"] } @@ -184,7 +184,7 @@ module "eks" { # Use a custom AMI custom_ami = { - ami_type = "AL2_ARM_64" + ami_type = "AL2023_ARM_64_STANDARD" # Current default AMI used by managed node groups - pseudo "custom" ami_id = data.aws_ami.eks_default_arm.image_id @@ -211,13 +211,28 @@ module "eks" { ami_id = data.aws_ami.eks_default.image_id enable_bootstrap_user_data = true - pre_bootstrap_user_data = <<-EOT - export FOO=bar - EOT - - post_bootstrap_user_data = <<-EOT - echo "you are free little kubelet!" - EOT + cloudinit_pre_nodeadm = [{ + content = <<-EOT + --- + apiVersion: node.eks.aws/v1alpha1 + kind: NodeConfig + spec: + kubelet: + config: + shutdownGracePeriod: 30s + featureGates: + DisableKubeletCloudCredentialProviders: true + EOT + content_type = "application/node.eks.aws" + }] + + # This is only possible with a custom AMI or self-managed node group + cloudinit_post_nodeadm = [{ + content = <<-EOT + echo "All done" + EOT + content_type = "text/x-shellscript; charset=\"us-ascii\"" + }] capacity_type = "SPOT" force_update_version = true @@ -227,14 +242,6 @@ module "eks" { GithubOrg = "terraform-aws-modules" } - taints = [ - { - key = "dedicated" - value = "gpuGroup" - effect = "NO_SCHEDULE" - } - ] - update_config = { max_unavailable_percentage = 33 # or set `max_unavailable` } @@ -306,19 +313,53 @@ module "eks" { # Can be enabled when appropriate for testing/validation create = false - ami_type = "AL2_x86_64_GPU" - instance_types = ["trn1n.32xlarge"] + # The EKS AL2023 NVIDIA AMI provides all of the necessary components + # for accelerated workloads w/ EFA + ami_type = "AL2023_x86_64_NVIDIA" + instance_types = ["p5e.48xlarge"] - enable_efa_support = true - pre_bootstrap_user_data = <<-EOT - # Mount NVME instance store volumes since they are typically - # available on instances that support EFA - setup-local-disks raid0 - EOT + # Mount instance store volumes in RAID-0 for kubelet and containerd + # https://github.com/awslabs/amazon-eks-ami/blob/master/doc/USER_GUIDE.md#raid-0-for-kubelet-and-containerd-raid0 + cloudinit_pre_nodeadm = [ + { + content_type = "application/node.eks.aws" + content = <<-EOT + --- + apiVersion: node.eks.aws/v1alpha1 + kind: NodeConfig + spec: + instance: + localStorage: + strategy: RAID0 + EOT + } + ] + + # This will: + # 1. Create a placement group to place the instances close to one another + # 2. Ignore subnets that reside in AZs that do not support the instance type + # 3. Expose all of the available EFA interfaces on the launch template + enable_efa_support = true + enable_efa_only = true + efa_indices = [0, 4, 8, 12] - min_size = 2 - max_size = 2 - desired_size = 2 + min_size = 1 + max_size = 1 + desired_size = 1 + + labels = { + "vpc.amazonaws.com/efa.present" = "true" + "nvidia.com/gpu.present" = "true" + } + + taints = { + # Ensure only GPU workloads are scheduled on this node group + gpu = { + key = "nvidia.com/gpu" + value = "true" + effect = "NO_SCHEDULE" + } + } } } @@ -532,7 +573,7 @@ data "aws_ami" "eks_default" { filter { name = "name" - values = ["amazon-eks-node-${local.cluster_version}-v*"] + values = ["amazon-eks-node-al2023-x86_64-standard-${local.cluster_version}-v*"] } } @@ -542,7 +583,7 @@ data "aws_ami" "eks_default_arm" { filter { name = "name" - values = ["amazon-eks-arm64-node-${local.cluster_version}-v*"] + values = ["amazon-eks-node-al2023-arm64-standard-${local.cluster_version}-v*"] } } diff --git a/tests/self-managed-node-group/main.tf b/tests/self-managed-node-group/main.tf index b2c1423445..dee3274dc4 100644 --- a/tests/self-managed-node-group/main.tf +++ b/tests/self-managed-node-group/main.tf @@ -61,6 +61,9 @@ module "eks" { } self_managed_node_group_defaults = { + ami_type = "AL2023_x86_64_STANDARD" + ami_id = data.aws_ami.eks_default.image_id + # enable discovery of autoscaling groups by cluster-autoscaler autoscaling_group_tags = { "k8s.io/cluster-autoscaler/enabled" : true, @@ -72,29 +75,6 @@ module "eks" { # Default node group - as provisioned by the module defaults default_node_group = {} - # AL2023 node group utilizing new user data format which utilizes nodeadm - # to join nodes to the cluster (instead of /etc/eks/bootstrap.sh) - al2023_nodeadm = { - ami_type = "AL2023_x86_64_STANDARD" - - cloudinit_pre_nodeadm = [ - { - content_type = "application/node.eks.aws" - content = <<-EOT - --- - apiVersion: node.eks.aws/v1alpha1 - kind: NodeConfig - spec: - kubelet: - config: - shutdownGracePeriod: 30s - featureGates: - DisableKubeletCloudCredentialProviders: true - EOT - } - ] - } - # Bottlerocket node group bottlerocket = { name = "bottlerocket-self-mng" @@ -138,8 +118,18 @@ module "eks" { max_size = 5 desired_size = 2 - ami_type = "AL2_x86_64" - bootstrap_extra_args = "--kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot'" + cloudinit_pre_nodeadm = [{ + content = <<-EOT + --- + apiVersion: node.eks.aws/v1alpha1 + kind: NodeConfig + spec: + kubelet: + flags: + - --node-labels=node.kubernetes.io/lifecycle=spot + EOT + content_type = "application/node.eks.aws" + }] use_mixed_instances_policy = true mixed_instances_policy = { @@ -173,16 +163,18 @@ module "eks" { max_size = 7 desired_size = 1 - ami_id = data.aws_ami.eks_default.id - ami_type = "AL2_x86_64" - - pre_bootstrap_user_data = <<-EOT - export FOO=bar - EOT - - post_bootstrap_user_data = <<-EOT - echo "you are free little kubelet!" - EOT + cloudinit_pre_nodeadm = [{ + content = <<-EOT + --- + apiVersion: node.eks.aws/v1alpha1 + kind: NodeConfig + spec: + kubelet: + flags: + - --node-labels=node.kubernetes.io/lifecycle=spot + EOT + content_type = "application/node.eks.aws" + }] instance_type = "m6i.large" @@ -215,9 +207,23 @@ module "eks" { max_size = 2 desired_size = 1 - ami_type = "AL2_x86_64" bootstrap_extra_args = "--kubelet-extra-args '--node-labels=node.kubernetes.io/lifecycle=spot'" + cloudinit_pre_nodeadm = [{ + content = <<-EOT + --- + apiVersion: node.eks.aws/v1alpha1 + kind: NodeConfig + spec: + kubelet: + config: + shutdownGracePeriod: 30s + featureGates: + DisableKubeletCloudCredentialProviders: true + EOT + content_type = "application/node.eks.aws" + }] + instance_type = null # launch template configuration @@ -290,19 +296,53 @@ module "eks" { # Can be enabled when appropriate for testing/validation create = false - ami_type = "AL2_x86_64_GPU" - instance_type = "trn1n.32xlarge" + # The EKS AL2023 NVIDIA AMI provides all of the necessary components + # for accelerated workloads w/ EFA + ami_type = "AL2023_x86_64_NVIDIA" + instance_types = ["p5e.48xlarge"] - enable_efa_support = true - pre_bootstrap_user_data = <<-EOT - # Mount NVME instance store volumes since they are typically - # available on instances that support EFA - setup-local-disks raid0 - EOT + # Mount instance store volumes in RAID-0 for kubelet and containerd + # https://github.com/awslabs/amazon-eks-ami/blob/master/doc/USER_GUIDE.md#raid-0-for-kubelet-and-containerd-raid0 + cloudinit_pre_nodeadm = [ + { + content_type = "application/node.eks.aws" + content = <<-EOT + --- + apiVersion: node.eks.aws/v1alpha1 + kind: NodeConfig + spec: + instance: + localStorage: + strategy: RAID0 + EOT + } + ] + + # This will: + # 1. Create a placement group to place the instances close to one another + # 2. Ignore subnets that reside in AZs that do not support the instance type + # 3. Expose all of the available EFA interfaces on the launch template + enable_efa_support = true + enable_efa_only = true + efa_indices = [0, 4, 8, 12] min_size = 2 max_size = 2 desired_size = 2 + + labels = { + "vpc.amazonaws.com/efa.present" = "true" + "nvidia.com/gpu.present" = "true" + } + + taints = { + # Ensure only GPU workloads are scheduled on this node group + gpu = { + key = "nvidia.com/gpu" + value = "true" + effect = "NO_SCHEDULE" + } + } } } @@ -354,7 +394,7 @@ data "aws_ami" "eks_default" { filter { name = "name" - values = ["amazon-eks-node-${local.cluster_version}-v*"] + values = ["amazon-eks-node-al2023-x86_64-standard-${local.cluster_version}-v*"] } } From d2e6262188aa706c8315ddcd1cc23ae2749edca9 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Sat, 2 Nov 2024 13:33:40 +0000 Subject: [PATCH 20/26] chore(release): version 20.28.0 [skip ci] ## [20.28.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.27.0...v20.28.0) (2024-11-02) ### Features * Add support for creating `efa-only` network interfaces ([#3196](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3196)) ([c6da22c](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/c6da22c78f60a8643a6c76f97c93724f4e1f4e5a)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6169e0c148..4c0c115d20 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [20.28.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.27.0...v20.28.0) (2024-11-02) + + +### Features + +* Add support for creating `efa-only` network interfaces ([#3196](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3196)) ([c6da22c](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/c6da22c78f60a8643a6c76f97c93724f4e1f4e5a)) + ## [20.27.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.26.1...v20.27.0) (2024-11-01) From a224334fc8000dc8728971dff8adad46ceb7a8a1 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 8 Nov 2024 21:56:56 +0000 Subject: [PATCH 21/26] feat: Add support for pod identity association on EKS addons (#3203) --- README.md | 5 ++-- examples/eks-managed-node-group/versions.tf | 2 +- examples/karpenter/README.md | 6 ++--- examples/karpenter/versions.tf | 2 +- examples/self-managed-node-group/versions.tf | 2 +- main.tf | 28 +++++++++++++++++--- modules/eks-managed-node-group/README.md | 4 +-- modules/eks-managed-node-group/versions.tf | 2 +- modules/fargate-profile/README.md | 4 +-- modules/fargate-profile/versions.tf | 2 +- modules/karpenter/README.md | 4 +-- modules/karpenter/versions.tf | 2 +- modules/self-managed-node-group/README.md | 4 +-- modules/self-managed-node-group/versions.tf | 2 +- tests/eks-managed-node-group/README.md | 5 ++-- tests/eks-managed-node-group/main.tf | 26 +++++++++++++++--- tests/eks-managed-node-group/versions.tf | 2 +- tests/fargate-profile/README.md | 4 +-- tests/fargate-profile/versions.tf | 2 +- tests/self-managed-node-group/README.md | 5 ++-- tests/self-managed-node-group/main.tf | 19 +++++++++++++ tests/self-managed-node-group/versions.tf | 2 +- versions.tf | 2 +- 23 files changed, 97 insertions(+), 39 deletions(-) diff --git a/README.md b/README.md index b272a6475d..5a074b966d 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,6 @@ module "eks" { access_entries = { # One access entry with a policy associated example = { - kubernetes_groups = [] principal_arn = "arn:aws:iam::123456789012:role/something" policy_associations = { @@ -175,7 +174,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.74 | +| [aws](#requirement\_aws) | >= 5.75 | | [time](#requirement\_time) | >= 0.9 | | [tls](#requirement\_tls) | >= 3.0 | @@ -183,7 +182,7 @@ We are grateful to the community for contributing bugfixes and improvements! Ple | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.74 | +| [aws](#provider\_aws) | >= 5.75 | | [time](#provider\_time) | >= 0.9 | | [tls](#provider\_tls) | >= 3.0 | diff --git a/examples/eks-managed-node-group/versions.tf b/examples/eks-managed-node-group/versions.tf index 3cc97fa038..0099e6baaf 100644 --- a/examples/eks-managed-node-group/versions.tf +++ b/examples/eks-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } } } diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md index b621a36591..15d51bcdb9 100644 --- a/examples/karpenter/README.md +++ b/examples/karpenter/README.md @@ -89,7 +89,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.74 | +| [aws](#requirement\_aws) | >= 5.75 | | [helm](#requirement\_helm) | >= 2.7 | | [kubectl](#requirement\_kubectl) | >= 2.0 | @@ -97,8 +97,8 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.74 | -| [aws.virginia](#provider\_aws.virginia) | >= 5.74 | +| [aws](#provider\_aws) | >= 5.75 | +| [aws.virginia](#provider\_aws.virginia) | >= 5.75 | | [helm](#provider\_helm) | >= 2.7 | | [kubectl](#provider\_kubectl) | >= 2.0 | diff --git a/examples/karpenter/versions.tf b/examples/karpenter/versions.tf index 0c0cc6c763..5caab8394a 100644 --- a/examples/karpenter/versions.tf +++ b/examples/karpenter/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } helm = { source = "hashicorp/helm" diff --git a/examples/self-managed-node-group/versions.tf b/examples/self-managed-node-group/versions.tf index 3cc97fa038..0099e6baaf 100644 --- a/examples/self-managed-node-group/versions.tf +++ b/examples/self-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } } } diff --git a/main.tf b/main.tf index 0b62869c24..037de7b5d8 100644 --- a/main.tf +++ b/main.tf @@ -496,8 +496,18 @@ resource "aws_eks_addon" "this" { cluster_name = aws_eks_cluster.this[0].name addon_name = try(each.value.name, each.key) - addon_version = coalesce(try(each.value.addon_version, null), data.aws_eks_addon_version.this[each.key].version) - configuration_values = try(each.value.configuration_values, null) + addon_version = coalesce(try(each.value.addon_version, null), data.aws_eks_addon_version.this[each.key].version) + configuration_values = try(each.value.configuration_values, null) + + dynamic "pod_identity_association" { + for_each = try(each.value.pod_identity_association, []) + + content { + role_arn = pod_identity_association.value.role_arn + service_account = pod_identity_association.value.service_account + } + } + preserve = try(each.value.preserve, true) resolve_conflicts_on_create = try(each.value.resolve_conflicts_on_create, "OVERWRITE") resolve_conflicts_on_update = try(each.value.resolve_conflicts_on_update, "OVERWRITE") @@ -525,8 +535,18 @@ resource "aws_eks_addon" "before_compute" { cluster_name = aws_eks_cluster.this[0].name addon_name = try(each.value.name, each.key) - addon_version = coalesce(try(each.value.addon_version, null), data.aws_eks_addon_version.this[each.key].version) - configuration_values = try(each.value.configuration_values, null) + addon_version = coalesce(try(each.value.addon_version, null), data.aws_eks_addon_version.this[each.key].version) + configuration_values = try(each.value.configuration_values, null) + + dynamic "pod_identity_association" { + for_each = try(each.value.pod_identity_association, []) + + content { + role_arn = pod_identity_association.value.role_arn + service_account = pod_identity_association.value.service_account + } + } + preserve = try(each.value.preserve, true) resolve_conflicts_on_create = try(each.value.resolve_conflicts_on_create, "OVERWRITE") resolve_conflicts_on_update = try(each.value.resolve_conflicts_on_update, "OVERWRITE") diff --git a/modules/eks-managed-node-group/README.md b/modules/eks-managed-node-group/README.md index ace9106c3d..23df973444 100644 --- a/modules/eks-managed-node-group/README.md +++ b/modules/eks-managed-node-group/README.md @@ -64,13 +64,13 @@ module "eks_managed_node_group" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.74 | +| [aws](#requirement\_aws) | >= 5.75 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.74 | +| [aws](#provider\_aws) | >= 5.75 | ## Modules diff --git a/modules/eks-managed-node-group/versions.tf b/modules/eks-managed-node-group/versions.tf index 3cc97fa038..0099e6baaf 100644 --- a/modules/eks-managed-node-group/versions.tf +++ b/modules/eks-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } } } diff --git a/modules/fargate-profile/README.md b/modules/fargate-profile/README.md index 732cd7b455..a7b12553ff 100644 --- a/modules/fargate-profile/README.md +++ b/modules/fargate-profile/README.md @@ -29,13 +29,13 @@ module "fargate_profile" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.74 | +| [aws](#requirement\_aws) | >= 5.75 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.74 | +| [aws](#provider\_aws) | >= 5.75 | ## Modules diff --git a/modules/fargate-profile/versions.tf b/modules/fargate-profile/versions.tf index 3cc97fa038..0099e6baaf 100644 --- a/modules/fargate-profile/versions.tf +++ b/modules/fargate-profile/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } } } diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md index 2ca911d156..ef2be2099c 100644 --- a/modules/karpenter/README.md +++ b/modules/karpenter/README.md @@ -86,13 +86,13 @@ module "karpenter" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.74 | +| [aws](#requirement\_aws) | >= 5.75 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.74 | +| [aws](#provider\_aws) | >= 5.75 | ## Modules diff --git a/modules/karpenter/versions.tf b/modules/karpenter/versions.tf index 3cc97fa038..0099e6baaf 100644 --- a/modules/karpenter/versions.tf +++ b/modules/karpenter/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } } } diff --git a/modules/self-managed-node-group/README.md b/modules/self-managed-node-group/README.md index d2c53be59a..7c76477049 100644 --- a/modules/self-managed-node-group/README.md +++ b/modules/self-managed-node-group/README.md @@ -43,13 +43,13 @@ module "self_managed_node_group" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.74 | +| [aws](#requirement\_aws) | >= 5.75 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.74 | +| [aws](#provider\_aws) | >= 5.75 | ## Modules diff --git a/modules/self-managed-node-group/versions.tf b/modules/self-managed-node-group/versions.tf index 3cc97fa038..0099e6baaf 100644 --- a/modules/self-managed-node-group/versions.tf +++ b/modules/self-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } } } diff --git a/tests/eks-managed-node-group/README.md b/tests/eks-managed-node-group/README.md index 39af8f08ed..b1f4ab1398 100644 --- a/tests/eks-managed-node-group/README.md +++ b/tests/eks-managed-node-group/README.md @@ -18,18 +18,19 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.74 | +| [aws](#requirement\_aws) | >= 5.75 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.74 | +| [aws](#provider\_aws) | >= 5.75 | ## Modules | Name | Source | Version | |------|--------|---------| +| [aws\_vpc\_cni\_ipv6\_pod\_identity](#module\_aws\_vpc\_cni\_ipv6\_pod\_identity) | terraform-aws-modules/eks-pod-identity/aws | ~> 1.6 | | [disabled\_eks](#module\_disabled\_eks) | ../.. | n/a | | [disabled\_eks\_managed\_node\_group](#module\_disabled\_eks\_managed\_node\_group) | ../../modules/eks-managed-node-group | n/a | | [ebs\_kms\_key](#module\_ebs\_kms\_key) | terraform-aws-modules/kms/aws | ~> 2.1 | diff --git a/tests/eks-managed-node-group/main.tf b/tests/eks-managed-node-group/main.tf index 7292e765dc..8a4d48c7f0 100644 --- a/tests/eks-managed-node-group/main.tf +++ b/tests/eks-managed-node-group/main.tf @@ -45,6 +45,10 @@ module "eks" { coredns = { most_recent = true } + eks-pod-identity-agent = { + before_compute = true + most_recent = true + } kube-proxy = { most_recent = true } @@ -58,6 +62,10 @@ module "eks" { WARM_PREFIX_TARGET = "1" } }) + pod_identity_association = [{ + role_arn = module.aws_vpc_cni_ipv6_pod_identity.iam_role_arn + service_account = "aws-node" + }] } } @@ -366,8 +374,7 @@ module "eks" { access_entries = { # One access entry with a policy associated ex-single = { - kubernetes_groups = [] - principal_arn = aws_iam_role.this["single"].arn + principal_arn = aws_iam_role.this["single"].arn policy_associations = { single = { @@ -382,8 +389,7 @@ module "eks" { # Example of adding multiple policies to a single access entry ex-multiple = { - kubernetes_groups = [] - principal_arn = aws_iam_role.this["multiple"].arn + principal_arn = aws_iam_role.this["multiple"].arn policy_associations = { ex-one = { @@ -489,6 +495,18 @@ module "vpc" { tags = local.tags } +module "aws_vpc_cni_ipv6_pod_identity" { + source = "terraform-aws-modules/eks-pod-identity/aws" + version = "~> 1.6" + + name = "aws-vpc-cni-ipv6" + + attach_aws_vpc_cni_policy = true + aws_vpc_cni_enable_ipv6 = true + + tags = local.tags +} + module "ebs_kms_key" { source = "terraform-aws-modules/kms/aws" version = "~> 2.1" diff --git a/tests/eks-managed-node-group/versions.tf b/tests/eks-managed-node-group/versions.tf index 3cc97fa038..0099e6baaf 100644 --- a/tests/eks-managed-node-group/versions.tf +++ b/tests/eks-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } } } diff --git a/tests/fargate-profile/README.md b/tests/fargate-profile/README.md index a7af7cd080..a50029c722 100644 --- a/tests/fargate-profile/README.md +++ b/tests/fargate-profile/README.md @@ -18,13 +18,13 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.74 | +| [aws](#requirement\_aws) | >= 5.75 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.74 | +| [aws](#provider\_aws) | >= 5.75 | ## Modules diff --git a/tests/fargate-profile/versions.tf b/tests/fargate-profile/versions.tf index 3cc97fa038..0099e6baaf 100644 --- a/tests/fargate-profile/versions.tf +++ b/tests/fargate-profile/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } } } diff --git a/tests/self-managed-node-group/README.md b/tests/self-managed-node-group/README.md index 0691b7aa0b..1587f7c177 100644 --- a/tests/self-managed-node-group/README.md +++ b/tests/self-managed-node-group/README.md @@ -18,18 +18,19 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.2 | -| [aws](#requirement\_aws) | >= 5.74 | +| [aws](#requirement\_aws) | >= 5.75 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 5.74 | +| [aws](#provider\_aws) | >= 5.75 | ## Modules | Name | Source | Version | |------|--------|---------| +| [aws\_vpc\_cni\_ipv4\_pod\_identity](#module\_aws\_vpc\_cni\_ipv4\_pod\_identity) | terraform-aws-modules/eks-pod-identity/aws | ~> 1.6 | | [disabled\_self\_managed\_node\_group](#module\_disabled\_self\_managed\_node\_group) | ../../modules/self-managed-node-group | n/a | | [ebs\_kms\_key](#module\_ebs\_kms\_key) | terraform-aws-modules/kms/aws | ~> 2.0 | | [eks](#module\_eks) | ../.. | n/a | diff --git a/tests/self-managed-node-group/main.tf b/tests/self-managed-node-group/main.tf index dee3274dc4..afe7aac9a1 100644 --- a/tests/self-managed-node-group/main.tf +++ b/tests/self-managed-node-group/main.tf @@ -41,11 +41,18 @@ module "eks" { coredns = { most_recent = true } + eks-pod-identity-agent = { + most_recent = true + } kube-proxy = { most_recent = true } vpc-cni = { most_recent = true + pod_identity_association = [{ + role_arn = module.aws_vpc_cni_ipv4_pod_identity.iam_role_arn + service_account = "aws-node" + }] } } @@ -388,6 +395,18 @@ module "vpc" { tags = local.tags } +module "aws_vpc_cni_ipv4_pod_identity" { + source = "terraform-aws-modules/eks-pod-identity/aws" + version = "~> 1.6" + + name = "aws-vpc-cni-ipv4" + + attach_aws_vpc_cni_policy = true + aws_vpc_cni_enable_ipv4 = true + + tags = local.tags +} + data "aws_ami" "eks_default" { most_recent = true owners = ["amazon"] diff --git a/tests/self-managed-node-group/versions.tf b/tests/self-managed-node-group/versions.tf index 3cc97fa038..0099e6baaf 100644 --- a/tests/self-managed-node-group/versions.tf +++ b/tests/self-managed-node-group/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } } } diff --git a/versions.tf b/versions.tf index 090ca7b00b..fc9dadd253 100644 --- a/versions.tf +++ b/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 5.74" + version = ">= 5.75" } tls = { source = "hashicorp/tls" From 97a08c8aff5dbf51a86b4c8cd88a858336cd0208 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Fri, 8 Nov 2024 21:57:23 +0000 Subject: [PATCH 22/26] chore(release): version 20.29.0 [skip ci] ## [20.29.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.28.0...v20.29.0) (2024-11-08) ### Features * Add support for pod identity association on EKS addons ([#3203](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3203)) ([a224334](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/a224334fc8000dc8728971dff8adad46ceb7a8a1)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4c0c115d20..d8aee823f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [20.29.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.28.0...v20.29.0) (2024-11-08) + + +### Features + +* Add support for pod identity association on EKS addons ([#3203](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3203)) ([a224334](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/a224334fc8000dc8728971dff8adad46ceb7a8a1)) + ## [20.28.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.27.0...v20.28.0) (2024-11-02) From ab2207d50949079d5dd97c976c6f7a8f5b668f0c Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 26 Nov 2024 13:31:42 -0600 Subject: [PATCH 23/26] feat: Improve addon dependency chain and decrease time to provision addons (due to retries) (#3218) * feat: Improve addon dependency chain and decrease time to provision addons (due to retries) * fix: Run pre-commit to clean up docs --- main.tf | 29 +++-- node_groups.tf | 2 +- tests/fast-addons/README.md | 92 ++++++++++++++ tests/fast-addons/main.tf | 159 +++++++++++++++++++++++ tests/fast-addons/outputs.tf | 226 +++++++++++++++++++++++++++++++++ tests/fast-addons/variables.tf | 0 tests/fast-addons/versions.tf | 10 ++ variables.tf | 1 + 8 files changed, 508 insertions(+), 11 deletions(-) create mode 100644 tests/fast-addons/README.md create mode 100644 tests/fast-addons/main.tf create mode 100644 tests/fast-addons/outputs.tf create mode 100644 tests/fast-addons/variables.tf create mode 100644 tests/fast-addons/versions.tf diff --git a/main.tf b/main.tf index 037de7b5d8..0046aa0c6b 100644 --- a/main.tf +++ b/main.tf @@ -208,7 +208,7 @@ locals { resource "aws_eks_access_entry" "this" { for_each = { for k, v in local.merged_access_entries : k => v if local.create } - cluster_name = aws_eks_cluster.this[0].name + cluster_name = aws_eks_cluster.this[0].id kubernetes_groups = try(each.value.kubernetes_groups, null) principal_arn = each.value.principal_arn type = try(each.value.type, "STANDARD") @@ -225,7 +225,7 @@ resource "aws_eks_access_policy_association" "this" { type = each.value.association_access_scope_type } - cluster_name = aws_eks_cluster.this[0].name + cluster_name = aws_eks_cluster.this[0].id policy_arn = each.value.association_policy_arn principal_arn = each.value.principal_arn @@ -481,19 +481,25 @@ resource "aws_iam_policy" "cluster_encryption" { # EKS Addons ################################################################################ +locals { + # TODO - Set to `NONE` on next breaking change when default addons are disabled + resolve_conflicts_on_create_default = var.bootstrap_self_managed_addons ? "OVERWRITE" : "NONE" +} + data "aws_eks_addon_version" "this" { for_each = { for k, v in var.cluster_addons : k => v if local.create && !local.create_outposts_local_cluster } addon_name = try(each.value.name, each.key) kubernetes_version = coalesce(var.cluster_version, aws_eks_cluster.this[0].version) - most_recent = try(each.value.most_recent, null) + # TODO - Set default fallback to `true` on next breaking change + most_recent = try(each.value.most_recent, null) } resource "aws_eks_addon" "this" { # Not supported on outposts for_each = { for k, v in var.cluster_addons : k => v if !try(v.before_compute, false) && local.create && !local.create_outposts_local_cluster } - cluster_name = aws_eks_cluster.this[0].name + cluster_name = aws_eks_cluster.this[0].id addon_name = try(each.value.name, each.key) addon_version = coalesce(try(each.value.addon_version, null), data.aws_eks_addon_version.this[each.key].version) @@ -508,8 +514,9 @@ resource "aws_eks_addon" "this" { } } - preserve = try(each.value.preserve, true) - resolve_conflicts_on_create = try(each.value.resolve_conflicts_on_create, "OVERWRITE") + preserve = try(each.value.preserve, true) + # TODO - Set to `NONE` on next breaking change when default addons are disabled + resolve_conflicts_on_create = try(each.value.resolve_conflicts_on_create, local.resolve_conflicts_on_create_default) resolve_conflicts_on_update = try(each.value.resolve_conflicts_on_update, "OVERWRITE") service_account_role_arn = try(each.value.service_account_role_arn, null) @@ -532,7 +539,7 @@ resource "aws_eks_addon" "before_compute" { # Not supported on outposts for_each = { for k, v in var.cluster_addons : k => v if try(v.before_compute, false) && local.create && !local.create_outposts_local_cluster } - cluster_name = aws_eks_cluster.this[0].name + cluster_name = aws_eks_cluster.this[0].id addon_name = try(each.value.name, each.key) addon_version = coalesce(try(each.value.addon_version, null), data.aws_eks_addon_version.this[each.key].version) @@ -547,8 +554,9 @@ resource "aws_eks_addon" "before_compute" { } } - preserve = try(each.value.preserve, true) - resolve_conflicts_on_create = try(each.value.resolve_conflicts_on_create, "OVERWRITE") + preserve = try(each.value.preserve, true) + # TODO - Set to `NONE` on next breaking change when default addons are disabled + resolve_conflicts_on_create = try(each.value.resolve_conflicts_on_create, local.resolve_conflicts_on_create_default) resolve_conflicts_on_update = try(each.value.resolve_conflicts_on_update, "OVERWRITE") service_account_role_arn = try(each.value.service_account_role_arn, null) @@ -570,6 +578,7 @@ locals { # Maintain current behavior for <= 1.29, remove default for >= 1.30 # `null` will return the latest Kubernetes version from the EKS API, which at time of writing is 1.30 # https://github.com/kubernetes/kubernetes/pull/123561 + # TODO - remove on next breaking change in conjunction with issuer URL change below idpc_backwards_compat_version = contains(["1.21", "1.22", "1.23", "1.24", "1.25", "1.26", "1.27", "1.28", "1.29"], coalesce(var.cluster_version, "1.30")) idpc_issuer_url = local.idpc_backwards_compat_version ? try(aws_eks_cluster.this[0].identity[0].oidc[0].issuer, null) : null } @@ -577,7 +586,7 @@ locals { resource "aws_eks_identity_provider_config" "this" { for_each = { for k, v in var.cluster_identity_providers : k => v if local.create && !local.create_outposts_local_cluster } - cluster_name = aws_eks_cluster.this[0].name + cluster_name = aws_eks_cluster.this[0].id oidc { client_id = each.value.client_id diff --git a/node_groups.tf b/node_groups.tf index a8e499abfa..d18101253b 100644 --- a/node_groups.tf +++ b/node_groups.tf @@ -32,7 +32,7 @@ resource "time_sleep" "this" { create_duration = var.dataplane_wait_duration triggers = { - cluster_name = aws_eks_cluster.this[0].name + cluster_name = aws_eks_cluster.this[0].id cluster_endpoint = aws_eks_cluster.this[0].endpoint cluster_version = aws_eks_cluster.this[0].version cluster_service_cidr = var.cluster_ip_family == "ipv6" ? try(local.kubernetes_network_config.service_ipv6_cidr, "") : try(local.kubernetes_network_config.service_ipv4_cidr, "") diff --git a/tests/fast-addons/README.md b/tests/fast-addons/README.md new file mode 100644 index 0000000000..693784e79d --- /dev/null +++ b/tests/fast-addons/README.md @@ -0,0 +1,92 @@ +# Fast Addons + +Refer to https://github.com/terraform-aws-modules/terraform-aws-eks/pull/3214 for additional information. + + + +## Usage + +To provision the provided configurations you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply --auto-approve +``` + +Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3.2 | +| [aws](#requirement\_aws) | >= 5.75 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 5.75 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [eks](#module\_eks) | ../.. | n/a | +| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 5.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_route_table_association.custom_network](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table_association) | resource | +| [aws_subnet.custom_network](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | +| [aws_vpc_ipv4_cidr_block_association.custom_network](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_ipv4_cidr_block_association) | resource | +| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | + +## Inputs + +No inputs. + +## Outputs + +| Name | Description | +|------|-------------| +| [access\_entries](#output\_access\_entries) | Map of access entries created and their attributes | +| [cloudwatch\_log\_group\_arn](#output\_cloudwatch\_log\_group\_arn) | Arn of cloudwatch log group created | +| [cloudwatch\_log\_group\_name](#output\_cloudwatch\_log\_group\_name) | Name of cloudwatch log group created | +| [cluster\_addons](#output\_cluster\_addons) | Map of attribute maps for all EKS cluster addons enabled | +| [cluster\_arn](#output\_cluster\_arn) | The Amazon Resource Name (ARN) of the cluster | +| [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster | +| [cluster\_dualstack\_oidc\_issuer\_url](#output\_cluster\_dualstack\_oidc\_issuer\_url) | Dual-stack compatible URL on the EKS cluster for the OpenID Connect identity provider | +| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server | +| [cluster\_iam\_role\_arn](#output\_cluster\_iam\_role\_arn) | IAM role ARN of the EKS cluster | +| [cluster\_iam\_role\_name](#output\_cluster\_iam\_role\_name) | IAM role name of the EKS cluster | +| [cluster\_iam\_role\_unique\_id](#output\_cluster\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role | +| [cluster\_id](#output\_cluster\_id) | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts | +| [cluster\_identity\_providers](#output\_cluster\_identity\_providers) | Map of attribute maps for all EKS identity providers enabled | +| [cluster\_ip\_family](#output\_cluster\_ip\_family) | The IP family used by the cluster (e.g. `ipv4` or `ipv6`) | +| [cluster\_name](#output\_cluster\_name) | The name of the EKS cluster | +| [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL on the EKS cluster for the OpenID Connect identity provider | +| [cluster\_platform\_version](#output\_cluster\_platform\_version) | Platform version for the cluster | +| [cluster\_primary\_security\_group\_id](#output\_cluster\_primary\_security\_group\_id) | Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console | +| [cluster\_security\_group\_arn](#output\_cluster\_security\_group\_arn) | Amazon Resource Name (ARN) of the cluster security group | +| [cluster\_security\_group\_id](#output\_cluster\_security\_group\_id) | ID of the cluster security group | +| [cluster\_service\_cidr](#output\_cluster\_service\_cidr) | The CIDR block where Kubernetes pod and service IP addresses are assigned from | +| [cluster\_status](#output\_cluster\_status) | Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED` | +| [cluster\_tls\_certificate\_sha1\_fingerprint](#output\_cluster\_tls\_certificate\_sha1\_fingerprint) | The SHA1 fingerprint of the public key of the cluster's certificate | +| [eks\_managed\_node\_groups](#output\_eks\_managed\_node\_groups) | Map of attribute maps for all EKS managed node groups created | +| [eks\_managed\_node\_groups\_autoscaling\_group\_names](#output\_eks\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by EKS managed node groups | +| [fargate\_profiles](#output\_fargate\_profiles) | Map of attribute maps for all EKS Fargate Profiles created | +| [kms\_key\_arn](#output\_kms\_key\_arn) | The Amazon Resource Name (ARN) of the key | +| [kms\_key\_id](#output\_kms\_key\_id) | The globally unique identifier for the key | +| [kms\_key\_policy](#output\_kms\_key\_policy) | The IAM resource policy set on the key | +| [node\_security\_group\_arn](#output\_node\_security\_group\_arn) | Amazon Resource Name (ARN) of the node shared security group | +| [node\_security\_group\_id](#output\_node\_security\_group\_id) | ID of the node shared security group | +| [oidc\_provider](#output\_oidc\_provider) | The OpenID Connect identity provider (issuer URL without leading `https://`) | +| [oidc\_provider\_arn](#output\_oidc\_provider\_arn) | The ARN of the OIDC Provider if `enable_irsa = true` | +| [self\_managed\_node\_groups](#output\_self\_managed\_node\_groups) | Map of attribute maps for all self managed node groups created | +| [self\_managed\_node\_groups\_autoscaling\_group\_names](#output\_self\_managed\_node\_groups\_autoscaling\_group\_names) | List of the autoscaling group names created by self-managed node groups | + diff --git a/tests/fast-addons/main.tf b/tests/fast-addons/main.tf new file mode 100644 index 0000000000..12d2a41f8c --- /dev/null +++ b/tests/fast-addons/main.tf @@ -0,0 +1,159 @@ +provider "aws" { + region = local.region +} + +locals { + name = "ex-${basename(path.cwd)}" + cluster_version = "1.31" + region = "eu-west-1" + + tags = { + Test = local.name + GithubRepo = "terraform-aws-eks" + GithubOrg = "terraform-aws-modules" + } +} + +################################################################################ +# EKS Module +################################################################################ + +module "eks" { + source = "../.." + + cluster_name = local.name + cluster_version = local.cluster_version + cluster_endpoint_public_access = true + + enable_cluster_creator_admin_permissions = true + + # Disable the default self-managed addons to avoid the penalty of adopting them later + bootstrap_self_managed_addons = false + + # Addons will be provisioned net new via the EKS addon API + cluster_addons = { + coredns = { + most_recent = true + } + eks-pod-identity-agent = { + before_compute = true + most_recent = true + } + kube-proxy = { + most_recent = true + } + vpc-cni = { + most_recent = true + before_compute = true + configuration_values = jsonencode({ + env = { + # Use subnet tags to avoid the need to inject the ENIConfig + # which requires a live API server endpoint which leads to a dependency of: + # Control plane -> API request to create ENIConfig -> VPC CNI addon -> nodes/compute + # With the subnet discovery feature, we can avoid this dependency: + # Control plane -> VPC CNI addon -> nodes/compute + ENABLE_SUBNET_DISCOVERY = "true" + } + }) + } + } + + vpc_id = module.vpc.vpc_id + subnet_ids = module.vpc.private_subnets + + eks_managed_node_groups = { + example = { + instance_types = ["m6i.large"] + + min_size = 2 + max_size = 5 + desired_size = 2 + } + } + + tags = local.tags +} + +################################################################################ +# VPC +################################################################################ + +data "aws_availability_zones" "available" { + # Exclude local zones + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} + +locals { + vpc_cidr = "10.0.0.0/16" + azs = slice(data.aws_availability_zones.available.names, 0, 3) +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "~> 5.0" + + name = local.name + cidr = local.vpc_cidr + + azs = local.azs + private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)] + public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)] + + enable_nat_gateway = true + single_nat_gateway = true + + public_subnet_tags = { + "kubernetes.io/role/elb" = 1 + } + + tags = local.tags +} + +################################################################################ +# Custom Networking +################################################################################ + +locals { + custom_network_vpc_cidr = "10.99.0.0/16" + + custom_network_subnets = [for k, v in local.azs : cidrsubnet(local.custom_network_vpc_cidr, 4, k)] +} + +resource "aws_vpc_ipv4_cidr_block_association" "custom_network" { + vpc_id = module.vpc.vpc_id + cidr_block = local.custom_network_vpc_cidr +} + +resource "aws_subnet" "custom_network" { + count = length(local.custom_network_subnets) + + vpc_id = module.vpc.vpc_id + cidr_block = element(local.custom_network_subnets, count.index) + + tags = merge( + local.tags, + { + # Tag for subnet discovery + "kubernetes.io/role/cni" = 1 + "kubernetes.io/role/internal-elb" = 1 + } + ) + + depends_on = [ + aws_vpc_ipv4_cidr_block_association.custom_network + ] +} + +resource "aws_route_table_association" "custom_network" { + count = length(local.custom_network_subnets) + + subnet_id = element(aws_subnet.custom_network[*].id, count.index) + route_table_id = element(module.vpc.private_route_table_ids, 0) + + depends_on = [ + aws_vpc_ipv4_cidr_block_association.custom_network + ] +} diff --git a/tests/fast-addons/outputs.tf b/tests/fast-addons/outputs.tf new file mode 100644 index 0000000000..9357464c29 --- /dev/null +++ b/tests/fast-addons/outputs.tf @@ -0,0 +1,226 @@ +################################################################################ +# Cluster +################################################################################ + +output "cluster_arn" { + description = "The Amazon Resource Name (ARN) of the cluster" + value = module.eks.cluster_arn +} + +output "cluster_certificate_authority_data" { + description = "Base64 encoded certificate data required to communicate with the cluster" + value = module.eks.cluster_certificate_authority_data +} + +output "cluster_endpoint" { + description = "Endpoint for your Kubernetes API server" + value = module.eks.cluster_endpoint +} + +output "cluster_id" { + description = "The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts" + value = module.eks.cluster_id +} + +output "cluster_name" { + description = "The name of the EKS cluster" + value = module.eks.cluster_name +} + +output "cluster_oidc_issuer_url" { + description = "The URL on the EKS cluster for the OpenID Connect identity provider" + value = module.eks.cluster_oidc_issuer_url +} + +output "cluster_dualstack_oidc_issuer_url" { + description = "Dual-stack compatible URL on the EKS cluster for the OpenID Connect identity provider" + value = module.eks.cluster_dualstack_oidc_issuer_url +} + +output "cluster_platform_version" { + description = "Platform version for the cluster" + value = module.eks.cluster_platform_version +} + +output "cluster_status" { + description = "Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`" + value = module.eks.cluster_status +} + +output "cluster_primary_security_group_id" { + description = "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication. Referred to as 'Cluster security group' in the EKS console" + value = module.eks.cluster_primary_security_group_id +} + +output "cluster_service_cidr" { + description = "The CIDR block where Kubernetes pod and service IP addresses are assigned from" + value = module.eks.cluster_service_cidr +} + +output "cluster_ip_family" { + description = "The IP family used by the cluster (e.g. `ipv4` or `ipv6`)" + value = module.eks.cluster_ip_family +} + +################################################################################ +# Access Entry +################################################################################ + +output "access_entries" { + description = "Map of access entries created and their attributes" + value = module.eks.access_entries +} + +################################################################################ +# KMS Key +################################################################################ + +output "kms_key_arn" { + description = "The Amazon Resource Name (ARN) of the key" + value = module.eks.kms_key_arn +} + +output "kms_key_id" { + description = "The globally unique identifier for the key" + value = module.eks.kms_key_id +} + +output "kms_key_policy" { + description = "The IAM resource policy set on the key" + value = module.eks.kms_key_policy +} + +################################################################################ +# Security Group +################################################################################ + +output "cluster_security_group_arn" { + description = "Amazon Resource Name (ARN) of the cluster security group" + value = module.eks.cluster_security_group_arn +} + +output "cluster_security_group_id" { + description = "ID of the cluster security group" + value = module.eks.cluster_security_group_id +} + +################################################################################ +# Node Security Group +################################################################################ + +output "node_security_group_arn" { + description = "Amazon Resource Name (ARN) of the node shared security group" + value = module.eks.node_security_group_arn +} + +output "node_security_group_id" { + description = "ID of the node shared security group" + value = module.eks.node_security_group_id +} + +################################################################################ +# IRSA +################################################################################ + +output "oidc_provider" { + description = "The OpenID Connect identity provider (issuer URL without leading `https://`)" + value = module.eks.oidc_provider +} + +output "oidc_provider_arn" { + description = "The ARN of the OIDC Provider if `enable_irsa = true`" + value = module.eks.oidc_provider_arn +} + +output "cluster_tls_certificate_sha1_fingerprint" { + description = "The SHA1 fingerprint of the public key of the cluster's certificate" + value = module.eks.cluster_tls_certificate_sha1_fingerprint +} + +################################################################################ +# IAM Role +################################################################################ + +output "cluster_iam_role_name" { + description = "IAM role name of the EKS cluster" + value = module.eks.cluster_iam_role_name +} + +output "cluster_iam_role_arn" { + description = "IAM role ARN of the EKS cluster" + value = module.eks.cluster_iam_role_arn +} + +output "cluster_iam_role_unique_id" { + description = "Stable and unique string identifying the IAM role" + value = module.eks.cluster_iam_role_unique_id +} + +################################################################################ +# EKS Addons +################################################################################ + +output "cluster_addons" { + description = "Map of attribute maps for all EKS cluster addons enabled" + value = module.eks.cluster_addons +} + +################################################################################ +# EKS Identity Provider +################################################################################ + +output "cluster_identity_providers" { + description = "Map of attribute maps for all EKS identity providers enabled" + value = module.eks.cluster_identity_providers +} + +################################################################################ +# CloudWatch Log Group +################################################################################ + +output "cloudwatch_log_group_name" { + description = "Name of cloudwatch log group created" + value = module.eks.cloudwatch_log_group_name +} + +output "cloudwatch_log_group_arn" { + description = "Arn of cloudwatch log group created" + value = module.eks.cloudwatch_log_group_arn +} + +################################################################################ +# Fargate Profile +################################################################################ + +output "fargate_profiles" { + description = "Map of attribute maps for all EKS Fargate Profiles created" + value = module.eks.fargate_profiles +} + +################################################################################ +# EKS Managed Node Group +################################################################################ + +output "eks_managed_node_groups" { + description = "Map of attribute maps for all EKS managed node groups created" + value = module.eks.eks_managed_node_groups +} + +output "eks_managed_node_groups_autoscaling_group_names" { + description = "List of the autoscaling group names created by EKS managed node groups" + value = module.eks.eks_managed_node_groups_autoscaling_group_names +} + +################################################################################ +# Self Managed Node Group +################################################################################ + +output "self_managed_node_groups" { + description = "Map of attribute maps for all self managed node groups created" + value = module.eks.self_managed_node_groups +} + +output "self_managed_node_groups_autoscaling_group_names" { + description = "List of the autoscaling group names created by self-managed node groups" + value = module.eks.self_managed_node_groups_autoscaling_group_names +} diff --git a/tests/fast-addons/variables.tf b/tests/fast-addons/variables.tf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/tests/fast-addons/versions.tf b/tests/fast-addons/versions.tf new file mode 100644 index 0000000000..0099e6baaf --- /dev/null +++ b/tests/fast-addons/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.2" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.75" + } + } +} diff --git a/variables.tf b/variables.tf index 7a7226b96a..edd0d938a6 100644 --- a/variables.tf +++ b/variables.tf @@ -148,6 +148,7 @@ variable "cluster_timeouts" { default = {} } +# TODO - hard code to false on next breaking change variable "bootstrap_self_managed_addons" { description = "Indicates whether or not to bootstrap self-managed addons after the cluster has been created" type = bool From b468ead1d97d3c9a83fad227884b3cc689f2b200 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 26 Nov 2024 19:32:13 +0000 Subject: [PATCH 24/26] chore(release): version 20.30.0 [skip ci] ## [20.30.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.29.0...v20.30.0) (2024-11-26) ### Features * Improve addon dependency chain and decrease time to provision addons (due to retries) ([#3218](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3218)) ([ab2207d](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/ab2207d50949079d5dd97c976c6f7a8f5b668f0c)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d8aee823f6..cc895c9dd4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [20.30.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.29.0...v20.30.0) (2024-11-26) + + +### Features + +* Improve addon dependency chain and decrease time to provision addons (due to retries) ([#3218](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3218)) ([ab2207d](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/ab2207d50949079d5dd97c976c6f7a8f5b668f0c)) + ## [20.29.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.28.0...v20.29.0) (2024-11-08) From 35388bb8c4cfa0c351427c133490b914b9944b07 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Tue, 26 Nov 2024 14:35:31 -0600 Subject: [PATCH 25/26] fix: Coalesce local `resolve_conflicts_on_create_default` value to a boolean since default is `null` (#3221) --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 0046aa0c6b..50f4323c24 100644 --- a/main.tf +++ b/main.tf @@ -483,7 +483,7 @@ resource "aws_iam_policy" "cluster_encryption" { locals { # TODO - Set to `NONE` on next breaking change when default addons are disabled - resolve_conflicts_on_create_default = var.bootstrap_self_managed_addons ? "OVERWRITE" : "NONE" + resolve_conflicts_on_create_default = coalesce(var.bootstrap_self_managed_addons, true) ? "OVERWRITE" : "NONE" } data "aws_eks_addon_version" "this" { From 6866b40becaddeca60638096da919732b8b52902 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 26 Nov 2024 20:36:02 +0000 Subject: [PATCH 26/26] chore(release): version 20.30.1 [skip ci] ## [20.30.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.30.0...v20.30.1) (2024-11-26) ### Bug Fixes * Coalesce local `resolve_conflicts_on_create_default` value to a boolean since default is `null` ([#3221](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3221)) ([35388bb](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/35388bb8c4cfa0c351427c133490b914b9944b07)) --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc895c9dd4..2c7b9ec0ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ All notable changes to this project will be documented in this file. +## [20.30.1](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.30.0...v20.30.1) (2024-11-26) + + +### Bug Fixes + +* Coalesce local `resolve_conflicts_on_create_default` value to a boolean since default is `null` ([#3221](https://github.com/terraform-aws-modules/terraform-aws-eks/issues/3221)) ([35388bb](https://github.com/terraform-aws-modules/terraform-aws-eks/commit/35388bb8c4cfa0c351427c133490b914b9944b07)) + ## [20.30.0](https://github.com/terraform-aws-modules/terraform-aws-eks/compare/v20.29.0...v20.30.0) (2024-11-26)