From 2569f6de157321c91ab6b26543eca58f1bd8f15e Mon Sep 17 00:00:00 2001 From: Miguel Harmant <98769216+miguelhar@users.noreply.github.com> Date: Tue, 3 Dec 2024 16:18:40 -0500 Subject: [PATCH] Define kubernetes_network_config explicitly (#306) --- modules/eks/main.tf | 20 +++++++++++++++----- modules/nodes/README.md | 2 +- modules/nodes/nodes.tf | 2 +- modules/nodes/variables.tf | 15 +++++++++++---- modules/single-node/README.md | 2 +- modules/single-node/single-node.tf | 2 +- modules/single-node/variables.tf | 15 +++++++++++---- 7 files changed, 41 insertions(+), 17 deletions(-) diff --git a/modules/eks/main.tf b/modules/eks/main.tf index 5da96506..74c37b82 100644 --- a/modules/eks/main.tf +++ b/modules/eks/main.tf @@ -213,14 +213,24 @@ locals { } : {}) + eks_network_config = aws_eks_cluster.this.kubernetes_network_config[0] + eks_info = { cluster = { specs = { - name = aws_eks_cluster.this.name - endpoint = aws_eks_cluster.this.endpoint - certificate_authority = aws_eks_cluster.this.certificate_authority - kubernetes_network_config = aws_eks_cluster.this.kubernetes_network_config - account_id = data.aws_caller_identity.cluster_aws_account.account_id + name = aws_eks_cluster.this.name + endpoint = aws_eks_cluster.this.endpoint + certificate_authority = aws_eks_cluster.this.certificate_authority + kubernetes_network_config = { + elastic_load_balancing = { + enabled = try(local.eks_network_config.elastic_load_balancing[0].enabled, false) + } + ip_family = local.eks_network_config.ip_family + service_ipv4_cidr = local.eks_network_config.service_ipv4_cidr + service_ipv6_cidr = local.eks_network_config.service_ipv6_cidr + + } + account_id = data.aws_caller_identity.cluster_aws_account.account_id } addons = var.eks.cluster_addons vpc_cni = var.eks.vpc_cni diff --git a/modules/nodes/README.md b/modules/nodes/README.md index 33b774c0..495f14e6 100644 --- a/modules/nodes/README.md +++ b/modules/nodes/README.md @@ -45,7 +45,7 @@ No modules. |------|-------------|------|---------|:--------:| | [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. |
map(object({| `{}` | no | | [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. |
ami = optional(string, null)
bootstrap_extra_args = optional(string, "")
instance_types = list(string)
spot = optional(bool, false)
min_per_az = number
max_per_az = number
max_unavailable_percentage = optional(number, 50)
max_unavailable = optional(number)
desired_per_az = number
availability_zone_ids = list(string)
labels = map(string)
taints = optional(list(object({
key = string
value = optional(string)
effect = string
})), [
{
key = "ebs.csi.aws.com/agent-not-ready",
value = "true",
effect = "NO_EXECUTE"
}
])
tags = optional(map(string), {})
gpu = optional(bool, null)
volume = object({
size = string
type = string
iops = optional(number)
throughput = optional(number, 500)
})
}))
object(| n/a | yes | -| [eks\_info](#input\_eks\_info) | cluster = {
{
compute = object(
{
ami = optional(string, null)
bootstrap_extra_args = optional(string, "")
instance_types = optional(list(string), ["m6i.2xlarge"])
spot = optional(bool, false)
min_per_az = optional(number, 0)
max_per_az = optional(number, 10)
max_unavailable_percentage = optional(number, 50)
max_unavailable = optional(number, null)
desired_per_az = optional(number, 0)
availability_zone_ids = list(string)
labels = optional(map(string), {
"dominodatalab.com/node-pool" = "default"
})
taints = optional(list(object({
key = string
value = optional(string)
effect = string
})), [
{
key = "ebs.csi.aws.com/agent-not-ready",
value = "true",
effect = "NO_EXECUTE"
}
])
tags = optional(map(string), {})
gpu = optional(bool, null)
volume = optional(object({
size = optional(number, 1000)
type = optional(string, "gp3")
iops = optional(number)
throughput = optional(number, 500)
}), {
size = 1000
type = "gp3"
iops = null
throughput = 500
}
)
}),
platform = object(
{
ami = optional(string, null)
bootstrap_extra_args = optional(string, "")
instance_types = optional(list(string), ["m7i-flex.2xlarge"])
spot = optional(bool, false)
min_per_az = optional(number, 1)
max_per_az = optional(number, 10)
max_unavailable_percentage = optional(number, null)
max_unavailable = optional(number, 1)
desired_per_az = optional(number, 1)
availability_zone_ids = list(string)
labels = optional(map(string), {
"dominodatalab.com/node-pool" = "platform"
})
taints = optional(list(object({
key = string
value = optional(string)
effect = string
})), []
)
tags = optional(map(string), {})
gpu = optional(bool, null)
volume = optional(object({
size = optional(number, 100)
type = optional(string, "gp3")
iops = optional(number)
throughput = optional(number)
}), {
size = 100
type = "gp3"
iops = null
throughput = null
}
)
}),
gpu = object(
{
ami = optional(string, null)
bootstrap_extra_args = optional(string, "")
instance_types = optional(list(string), ["g5.2xlarge"])
spot = optional(bool, false)
min_per_az = optional(number, 0)
max_per_az = optional(number, 10)
max_unavailable_percentage = optional(number, 50)
max_unavailable = optional(number, null)
desired_per_az = optional(number, 0)
availability_zone_ids = list(string)
labels = optional(map(string), {
"dominodatalab.com/node-pool" = "default-gpu"
"nvidia.com/gpu" = true
})
taints = optional(list(object({
key = string
value = optional(string)
effect = string
})), [{
key = "nvidia.com/gpu"
value = "true"
effect = "NO_SCHEDULE"
},
{
key = "ebs.csi.aws.com/agent-not-ready",
value = "true",
effect = "NO_EXECUTE"
}
])
tags = optional(map(string), {})
gpu = optional(bool, null)
volume = optional(object({
size = optional(number, 1000)
type = optional(string, "gp3")
iops = optional(number)
throughput = optional(number, 500)
}), {
size = 1000
type = "gp3"
iops = null
throughput = 500
}
)
})
})
object({| n/a | yes | +| [eks\_info](#input\_eks\_info) | cluster = {
k8s_pre_setup_sh_file = string
cluster = object({
addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])
vpc_cni = optional(object({
prefix_delegation = optional(bool, false)
annotate_pod_ip = optional(bool, true)
}))
specs = object({
name = string
endpoint = string
kubernetes_network_config = list(map(any))
certificate_authority = list(map(any))
})
version = string
arn = string
security_group_id = string
endpoint = string
roles = list(object({
name = string
arn = string
}))
custom_roles = list(object({
rolearn = string
username = string
groups = list(string)
}))
oidc = object({
arn = string
url = string
})
})
nodes = object({
security_group_id = string
roles = list(object({
name = string
arn = string
}))
})
kubeconfig = object({
path = string
extra_args = string
})
})
object({| n/a | yes | | [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no | | [kms\_info](#input\_kms\_info) | key\_id = KMS key id.
k8s_pre_setup_sh_file = string
cluster = object({
addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])
vpc_cni = optional(object({
prefix_delegation = optional(bool, false)
annotate_pod_ip = optional(bool, true)
}))
specs = object({
name = string
endpoint = string
kubernetes_network_config = object({
elastic_load_balancing = object({
enabled = bool
})
ip_family = string
service_ipv4_cidr = string
service_ipv6_cidr = string
})
certificate_authority = list(map(any))
})
version = string
arn = string
security_group_id = string
endpoint = string
roles = list(object({
name = string
arn = string
}))
custom_roles = list(object({
rolearn = string
username = string
groups = list(string)
}))
oidc = object({
arn = string
url = string
})
})
nodes = object({
security_group_id = string
roles = list(object({
name = string
arn = string
}))
})
kubeconfig = object({
path = string
extra_args = string
})
})
object({| n/a | yes | | [network\_info](#input\_network\_info) | id = VPC ID.
key_id = string
key_arn = string
enabled = bool
})
object({| n/a | yes | diff --git a/modules/nodes/nodes.tf b/modules/nodes/nodes.tf index 97ac8e34..f7c51fb3 100644 --- a/modules/nodes/nodes.tf +++ b/modules/nodes/nodes.tf @@ -13,7 +13,7 @@ resource "aws_launch_template" "node_groups" { cluster_endpoint = var.eks_info.cluster.specs.endpoint cluster_auth_base64 = var.eks_info.cluster.specs.certificate_authority[0].data # Optional - cluster_service_ipv4_cidr = var.eks_info.cluster.specs.kubernetes_network_config[0].service_ipv4_cidr != null ? var.eks_info.cluster.specs.kubernetes_network_config[0].service_ipv4_cidr : "" + cluster_service_ipv4_cidr = var.eks_info.cluster.specs.kubernetes_network_config.service_ipv4_cidr != null ? var.eks_info.cluster.specs.kubernetes_network_config.service_ipv4_cidr : "" bootstrap_extra_args = each.value.bootstrap_extra_args pre_bootstrap_user_data = "" post_bootstrap_user_data = "" diff --git a/modules/nodes/variables.tf b/modules/nodes/variables.tf index 22eed85b..80a14374 100644 --- a/modules/nodes/variables.tf +++ b/modules/nodes/variables.tf @@ -109,10 +109,17 @@ variable "eks_info" { annotate_pod_ip = optional(bool, true) })) specs = object({ - name = string - endpoint = string - kubernetes_network_config = list(map(any)) - certificate_authority = list(map(any)) + name = string + endpoint = string + kubernetes_network_config = object({ + elastic_load_balancing = object({ + enabled = bool + }) + ip_family = string + service_ipv4_cidr = string + service_ipv6_cidr = string + }) + certificate_authority = list(map(any)) }) version = string arn = string diff --git a/modules/single-node/README.md b/modules/single-node/README.md index ccb839b6..607b88a2 100644 --- a/modules/single-node/README.md +++ b/modules/single-node/README.md @@ -44,7 +44,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [eks\_info](#input\_eks\_info) | cluster = {
vpc_id = string
subnets = object({
public = list(object({
name = string
subnet_id = string
az = string
az_id = string
}))
private = optional(list(object({
name = string
subnet_id = string
az = string
az_id = string
})), [])
pod = optional(list(object({
name = string
subnet_id = string
az = string
az_id = string
})), [])
})
})
object({| n/a | yes | +| [eks\_info](#input\_eks\_info) | cluster = {
k8s_pre_setup_sh_file = string
cluster = object({
addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])
vpc_cni = optional(object({
prefix_delegation = optional(bool, false)
annotate_pod_ip = optional(bool, true)
}))
specs = object({
name = string
endpoint = string
kubernetes_network_config = list(map(any))
certificate_authority = list(map(any))
})
version = string
arn = string
security_group_id = string
endpoint = string
roles = list(object({
name = string
arn = string
}))
custom_roles = list(object({
rolearn = string
username = string
groups = list(string)
}))
oidc = object({
arn = string
url = string
})
})
nodes = object({
security_group_id = string
roles = list(object({
name = string
arn = string
}))
})
kubeconfig = object({
path = string
extra_args = string
})
})
object({| n/a | yes | | [kms\_info](#input\_kms\_info) | key\_id = KMS key id.
k8s_pre_setup_sh_file = string
cluster = object({
addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])
vpc_cni = optional(object({
prefix_delegation = optional(bool, false)
annotate_pod_ip = optional(bool, true)
}))
specs = object({
name = string
endpoint = string
kubernetes_network_config = object({
elastic_load_balancing = object({
enabled = bool
})
ip_family = string
service_ipv4_cidr = string
service_ipv6_cidr = string
})
certificate_authority = list(map(any))
})
version = string
arn = string
security_group_id = string
endpoint = string
roles = list(object({
name = string
arn = string
}))
custom_roles = list(object({
rolearn = string
username = string
groups = list(string)
}))
oidc = object({
arn = string
url = string
})
})
nodes = object({
security_group_id = string
roles = list(object({
name = string
arn = string
}))
})
kubeconfig = object({
path = string
extra_args = string
})
})
object({| n/a | yes | | [network\_info](#input\_network\_info) | id = VPC ID.
key_id = string
key_arn = string
enabled = bool
})
object({| n/a | yes | | [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes | diff --git a/modules/single-node/single-node.tf b/modules/single-node/single-node.tf index 13bae7df..3e85351c 100644 --- a/modules/single-node/single-node.tf +++ b/modules/single-node/single-node.tf @@ -57,7 +57,7 @@ resource "aws_launch_template" "single_node" { cluster_endpoint = var.eks_info.cluster.specs.endpoint cluster_auth_base64 = var.eks_info.cluster.specs.certificate_authority[0].data # Optional - cluster_service_ipv4_cidr = var.eks_info.cluster.specs.kubernetes_network_config[0].service_ipv4_cidr != null ? var.eks_info.cluster.specs.kubernetes_network_config[0].service_ipv4_cidr : "" + cluster_service_ipv4_cidr = var.eks_info.cluster.specs.kubernetes_network_config.service_ipv4_cidr != null ? var.eks_info.cluster.specs.kubernetes_network_config.service_ipv4_cidr : "" bootstrap_extra_args = local.bootstrap_extra_args pre_bootstrap_user_data = "" post_bootstrap_user_data = "" diff --git a/modules/single-node/variables.tf b/modules/single-node/variables.tf index a41f89bf..5e3e19a2 100644 --- a/modules/single-node/variables.tf +++ b/modules/single-node/variables.tf @@ -109,10 +109,17 @@ variable "eks_info" { annotate_pod_ip = optional(bool, true) })) specs = object({ - name = string - endpoint = string - kubernetes_network_config = list(map(any)) - certificate_authority = list(map(any)) + name = string + endpoint = string + kubernetes_network_config = object({ + elastic_load_balancing = object({ + enabled = bool + }) + ip_family = string + service_ipv4_cidr = string + service_ipv6_cidr = string + }) + certificate_authority = list(map(any)) }) version = string arn = string
vpc_id = string
subnets = object({
public = list(object({
name = string
subnet_id = string
az = string
az_id = string
}))
private = optional(list(object({
name = string
subnet_id = string
az = string
az_id = string
})), [])
pod = optional(list(object({
name = string
subnet_id = string
az = string
az_id = string
})), [])
})
})