- Worker locals/defaults moved to workers submodule

- Create separate defaults for node groups
- Workers IAM management left outside of module as both node_group and worker_groups uses them

Author: Grzegorz Lisowski

README.md

@@ -49,12 +49,12 @@ module "my-cluster" {
   subnets         = ["subnet-abcde012", "subnet-bcde012a", "subnet-fghi345a"]
   vpc_id          = "vpc-1234556abcdef"
 
-  worker_groups = [
-    {
+  worker_groups = {
+    group = {
       instance_type = "m4.large"
       asg_max_size  = 5
     }
-  ]
+  }
 }
 ```
 ## Conditional creation
@@ -149,7 +149,6 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | kubernetes | >= 1.11.1 |
 | local | >= 1.4 |
 | null | >= 2.1 |
-| random | >= 2.1 |
 
 ## Inputs
 
@@ -203,8 +202,6 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | worker\_create\_initial\_lifecycle\_hooks | Whether to create initial lifecycle hooks provided in worker groups. | `bool` | `false` | no |
 | worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | `bool` | `true` | no |
 | worker\_groups | A map of maps defining worker group configurations to be defined using AWS Launch Templates. See workers\_group\_defaults for valid keys. | `any` | `{}` | no |
-| worker\_groups\_launch\_template\_legacy | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers\_group\_defaults for valid keys. This field is deprecated please use/switch to var.worker\_groups | `any` | `[]` | no |
-| worker\_groups\_legacy | A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers\_group\_defaults for valid keys. This field is deprecated please use/switch to var.worker\_groups | `any` | `[]` | no |
 | worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster. | `string` | `""` | no |
 | worker\_sg\_ingress\_from\_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | `number` | `1025` | no |
 | workers\_additional\_policies | Additional policies to be added to workers | `list(string)` | `[]` | no |
@@ -233,17 +230,6 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a
 | node\_groups | Outputs from EKS node groups. Map of maps, keyed by var.node\_groups keys |
 | oidc\_provider\_arn | The ARN of the OIDC Provider if `enable_irsa = true`. |
 | worker\_groups | Outputs from EKS worker groups. Map of maps, keyed by var.worker\_groups keys |
-| worker\_iam\_instance\_profile\_arns | default IAM instance profile ARN for EKS worker groups |
-| worker\_iam\_instance\_profile\_names | default IAM instance profile name for EKS worker groups |
-| worker\_iam\_role\_arn | default IAM role ARN for EKS worker groups |
-| worker\_iam\_role\_name | default IAM role name for EKS worker groups |
 | worker\_security\_group\_id | Security group ID attached to the EKS workers. |
-| workers\_asg\_arns | IDs of the autoscaling groups containing workers. |
-| workers\_asg\_names | Names of the autoscaling groups containing workers. |
-| workers\_default\_ami\_id | ID of the default worker group AMI |
-| workers\_launch\_template\_arns | ARNs of the worker launch templates. |
-| workers\_launch\_template\_ids | IDs of the worker launch templates. |
-| workers\_launch\_template\_latest\_versions | Latest versions of the worker launch templates. |
-| workers\_user\_data | User data of worker groups |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/launch_templates/main.tf

@@ -24,7 +24,7 @@ data "aws_eks_cluster" "cluster" {
 }
 
 data "aws_eks_cluster_auth" "cluster" {
-  name = module.eks.cluster_id
+  name = "test-eks-lt-1oEOVXor" #module.eks.cluster_id
 }
 
 provider "kubernetes" {
@@ -38,7 +38,7 @@ provider "kubernetes" {
 data "aws_availability_zones" "available" {}
 
 locals {
-  cluster_name = "module-eks-lt-${random_string.suffix.result}"
+  cluster_name = "test-eks-lt-${random_string.suffix.result}"
 }
 
 resource "random_string" "suffix" {
@@ -71,73 +71,20 @@ module "eks" {
   subnets      = module.vpc.public_subnets
   vpc_id       = module.vpc.vpc_id
 
-  create_eks = true
-
-  cluster_enabled_log_types = [
-    "api",
-    "audit",
-    "authenticator",
-    "controllerManager",
-    "scheduler",
-  ]
+  workers_group_defaults = {
+    asg_recreate_on_change = true
+  }
 
   worker_groups = {
-    common-workload-group = {
-      instance_type      = "t2.small"
-      root_encrypted     = true
-      kubelet_extra_args = "--node-labels=node.kubernetes.io/role=node"
-
-      asg_desired_capacity  = 1
-      asg_max_size          = 3
-      asg_min_size          = 1
-      asg_force_delete      = false
-      protect_from_scale_in = false
-
-      enable_monitoring = true
-      enabled_metrics = [
-        "GroupMinSize",
-        "GroupMaxSize",
-        "GroupDesiredCapacity",
-        "GroupInServiceInstances",
-        "GroupPendingInstances",
-        "GroupStandbyInstances",
-        "GroupTerminatingInstances",
-        "GroupTotalInstances"
-      ]
-
-      public_ip = true
-      tags = [
-        {
-          key                 = "k8s.io/cluster-autoscaler/enabled"
-          propagate_at_launch = "false"
-          value               = "true"
-        },
-        {
-          key                 = "k8s.io/cluster-autoscaler/${local.cluster_name}"
-          propagate_at_launch = "false"
-          value               = "true"
-        }
-      ]
+    worker-group-1 = {
+      instance_type        = "t2.small"
+      asg_desired_capacity = 2
+      public_ip            = true
     },
     worker-group-2 = {
       instance_type        = "t2.medium"
       asg_desired_capacity = 1
       public_ip            = true
-
-      additional_ebs_volumes = [
-        {
-          block_device_name = "/dev/sdf"
-          volume_size       = 50
-        }
-      ]
-    },
-    worker-group-spot = {
-      override_instance_types = ["m5.large", "m5a.large", "m5d.large"]
-      spot_instance_pools     = 3
-      asg_max_size            = 3
-      asg_desired_capacity    = 1
-      kubelet_extra_args      = "--node-labels=node.kubernetes.io/lifecycle=spot"
-      public_ip               = true
     },
   }
 

examples/launch_templates/variables.tf

@@ -1,5 +1,4 @@
 variable "region" {
-  //  default = "us-west-2"
   default = "eu-central-1"
 }
 

modules/node_groups/README.md

@@ -54,6 +54,7 @@ No requirements.
 | default\_iam\_role\_arn | ARN of the default IAM worker role to use if one is not specified in `var.node_groups` or `var.node_groups_defaults` | `string` | n/a | yes |
 | node\_groups | Map of maps of `eks_node_groups` to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | `{}` | no |
 | node\_groups\_defaults | map of maps of node groups to create. See "`node_groups` and `node_groups_defaults` keys" section in README.md for more details | `any` | n/a | yes |
+| subnets | A list of subnets to place the EKS cluster and workers within. | `list(string)` | n/a | yes |
 | tags | A map of tags to add to all resources | `map(string)` | n/a | yes |
 | workers\_group\_defaults | Workers group defaults from parent | `any` | n/a | yes |
 

modules/worker_groups/README.md

@@ -37,17 +37,25 @@ No requirements.
 | cluster\_auth\_base64 | Cluster auth data | `string` | n/a | yes |
 | cluster\_endpoint | Cluster endpojnt | `string` | n/a | yes |
 | cluster\_name | Cluster name | `string` | n/a | yes |
-| create\_eks | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no |
-| default\_ami\_id\_linux | Default Linux AMI id. | `string` | n/a | yes |
-| default\_ami\_id\_windows | Default Windows AMI id. | `string` | n/a | yes |
+| cluster\_security\_group\_id | EKS cluster security group id. | `string` | n/a | yes |
+| cluster\_version | Kubernetes version to use for the EKS cluster. | `string` | n/a | yes |
+| create\_workers | Controls if EKS resources should be created (it affects almost all resources) | `bool` | `true` | no |
 | default\_iam\_role\_id | ARN of the default IAM worker role to use if one is not specified in `var.node_groups` or `var.node_groups_defaults` | `string` | n/a | yes |
-| ebs\_optimized\_not\_supported | List of instance types where ebs optimized is not supported. | `list(string)` | n/a | yes |
 | iam\_path | If provided, all IAM roles will be created on this path. | `string` | `"/"` | no |
 | manage\_worker\_iam\_resources | Whether to let the module manage worker IAM resources. If set to false, iam\_instance\_profile\_name must be specified for workers. | `bool` | `true` | no |
+| subnets | A list of subnets to place the EKS cluster and workers within. | `list(string)` | n/a | yes |
 | tags | A map of tags to add to all resources | `map(string)` | n/a | yes |
+| vpc\_id | VPC where the cluster and workers will be deployed. | `string` | n/a | yes |
+| worker\_additional\_security\_group\_ids | A list of additional security group ids to attach to worker instances | `list(string)` | `[]` | no |
+| worker\_ami\_name\_filter | Name filter for AWS EKS worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no |
+| worker\_ami\_name\_filter\_windows | Name filter for AWS EKS Windows worker AMI. If not provided, the latest official AMI for the specified 'cluster\_version' is used. | `string` | `""` | no |
+| worker\_ami\_owner\_id | The ID of the owner for the AMI to use for the AWS EKS workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"602401143452"` | no |
+| worker\_ami\_owner\_id\_windows | The ID of the owner for the AMI to use for the AWS EKS Windows workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft'). | `string` | `"801119661308"` | no |
 | worker\_create\_initial\_lifecycle\_hooks | Whether to create initial lifecycle hooks provided in worker groups. | `bool` | `false` | no |
+| worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | `bool` | `true` | no |
 | worker\_groups | A map of maps defining worker group configurations to be defined using AWS Launch Templates. See workers\_group\_defaults for valid keys. | `any` | `{}` | no |
-| worker\_security\_group\_ids | A list of security group ids to attach to worker instances. | `list(string)` | `[]` | no |
+| worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster. | `string` | `""` | no |
+| worker\_sg\_ingress\_from\_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | `number` | `1025` | no |
 | workers\_group\_defaults | Workers group defaults from parent | `any` | n/a | yes |
 
 ## Outputs
@@ -56,5 +64,6 @@ No requirements.
 |------|-------------|
 | aws\_auth\_roles | Roles for use in aws-auth ConfigMap |
 | worker\_groups | Outputs from EKS worker groups. Map of maps, keyed by `var.worker_groups` keys. |
+| worker\_security\_group\_id | Security group ID attached to the EKS workers. |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/worker_groups/main.tf

@@ -7,7 +7,7 @@ resource "aws_autoscaling_group" "workers" {
       [
         var.cluster_name,
         each.key,
-        each.value["asg_recreate_on_change"] ? random_pet.workers[each.key].id : ""
+        true ? random_pet.workers[each.key].id : "kk"
       ]
     )
   )