diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 2409b24..bc0ee04 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -7,7 +7,7 @@ on:
branches: [ master ]
env:
- TERRAFORM_DOCS_VERSION: "v0.11.2"
+ TERRAFORM_DOCS_VERSION: "v0.15.0"
TFLINT_VERSION: "v0.25.0"
TFSEC_VERSION: "v0.39.6"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 3976243..47fffd8 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -23,7 +23,7 @@ repos:
# - id: terraform_tfsec
- id: terraform_docs
args:
- - '--args=--hide providers --sort-by-required'
+ - '--args=--hide providers --sort-by required'
- repo: git://github.com/pecigonzalo/pre-commit-terraform-vars
rev: v1.0.0
diff --git a/README.md b/README.md
index 3731a1b..bbba9f3 100644
--- a/README.md
+++ b/README.md
@@ -34,48 +34,52 @@ See [Basic example](examples/basic/README.md) for further information.
| Name | Version |
|------|---------|
-| terraform | >= 0.13 |
-| aws | >= 2.0 |
-| helm | >= 1.0 |
-| kubernetes | >= 1.10 |
+| [terraform](#requirement\_terraform) | >= 0.13 |
+| [aws](#requirement\_aws) | >= 2.0 |
+| [helm](#requirement\_helm) | >= 1.0 |
+| [utils](#requirement\_utils) | >= 0.12.0 |
## Modules
-No Modules.
+No modules.
## Resources
-| Name |
-|------|
-| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) |
-| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) |
-| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) |
-| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) |
-| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) |
-| [helm_release](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) |
-| [kubernetes_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) |
+| Name | Type |
+|------|------|
+| [aws_iam_policy.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
+| [aws_iam_role.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [helm_release.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [aws_iam_policy_document.cluster_autoscaler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.cluster_autoscaler_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [utils_deep_merge_yaml.values](https://registry.terraform.io/providers/cloudposse/utils/latest/docs/data-sources/deep_merge_yaml) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| cluster\_identity\_oidc\_issuer | The OIDC Identity issuer for the cluster | `string` | n/a | yes |
-| cluster\_identity\_oidc\_issuer\_arn | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | `string` | n/a | yes |
-| cluster\_name | The name of the cluster | `string` | n/a | yes |
-| enabled | Variable indicating whether deployment is enabled | `bool` | `true` | no |
-| helm\_chart\_name | Helm chart name to be installed | `string` | `"cluster-autoscaler"` | no |
-| helm\_chart\_version | Version of the Helm chart | `string` | `"9.7.0"` | no |
-| helm\_release\_name | Helm release name | `string` | `"cluster-autoscaler"` | no |
-| helm\_repo\_url | Helm repository | `string` | `"https://kubernetes.github.io/autoscaler"` | no |
-| k8s\_namespace | The K8s namespace in which the node-problem-detector service account has been created | `string` | `"cluster-autoscaler"` | no |
-| k8s\_service\_account\_name | The k8s cluster-autoscaler service account name | `string` | `"cluster-autoscaler"` | no |
-| mod\_dependency | Dependence variable binds all AWS resources allocated by this module, dependent modules reference this variable | `bool` | `null` | no |
-| settings | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/cluster-autoscaler | `map(any)` | `{}` | no |
-| values | Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/stable/cluster-autoscaler | `string` | `""` | no |
+| [cluster\_identity\_oidc\_issuer](#input\_cluster\_identity\_oidc\_issuer) | The OIDC Identity issuer for the cluster | `string` | n/a | yes |
+| [cluster\_identity\_oidc\_issuer\_arn](#input\_cluster\_identity\_oidc\_issuer\_arn) | The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account | `string` | n/a | yes |
+| [cluster\_name](#input\_cluster\_name) | The name of the cluster | `string` | n/a | yes |
+| [enabled](#input\_enabled) | Variable indicating whether deployment is enabled | `bool` | `true` | no |
+| [helm\_chart\_name](#input\_helm\_chart\_name) | Helm chart name to be installed | `string` | `"cluster-autoscaler"` | no |
+| [helm\_chart\_version](#input\_helm\_chart\_version) | Version of the Helm chart | `string` | `"9.10.3"` | no |
+| [helm\_create\_namespace](#input\_helm\_create\_namespace) | Create the namespace if it does not yet exist | `bool` | `true` | no |
+| [helm\_release\_name](#input\_helm\_release\_name) | Helm release name | `string` | `"cluster-autoscaler"` | no |
+| [helm\_repo\_url](#input\_helm\_repo\_url) | Helm repository | `string` | `"https://kubernetes.github.io/autoscaler"` | no |
+| [k8s\_irsa\_role\_create](#input\_k8s\_irsa\_role\_create) | Whether to create IRSA role and annotate service account | `bool` | `true` | no |
+| [k8s\_namespace](#input\_k8s\_namespace) | The K8s namespace in which the node-problem-detector service account has been created | `string` | `"cluster-autoscaler"` | no |
+| [k8s\_rbac\_create](#input\_k8s\_rbac\_create) | Whether to create and use RBAC resources | `bool` | `true` | no |
+| [k8s\_service\_account\_create](#input\_k8s\_service\_account\_create) | Whether to create Service Account | `bool` | `true` | no |
+| [k8s\_service\_account\_name](#input\_k8s\_service\_account\_name) | The k8s cluster-autoscaler service account name | `string` | `"cluster-autoscaler"` | no |
+| [settings](#input\_settings) | Additional settings which will be passed to the Helm chart values, see https://hub.helm.sh/charts/stable/cluster-autoscaler | `map(any)` | `{}` | no |
+| [values](#input\_values) | Additional yaml encoded values which will be passed to the Helm chart, see https://hub.helm.sh/charts/stable/cluster-autoscaler | `string` | `""` | no |
## Outputs
-No output.
+No outputs.
## Contributing and reporting issues
diff --git a/examples/basic/README.md b/examples/basic/README.md
index 2acd399..5e415cb 100644
--- a/examples/basic/README.md
+++ b/examples/basic/README.md
@@ -11,23 +11,23 @@ No requirements.
| Name | Source | Version |
|------|--------|---------|
-| cluster_autoscaler | ../../ | |
-| eks_cluster | cloudposse/eks-cluster/aws | |
-| eks_workers | cloudposse/eks-workers/aws | |
-| vpc | terraform-aws-modules/vpc/aws | |
+| [cluster\_autoscaler](#module\_cluster\_autoscaler) | ../../ | n/a |
+| [eks\_cluster](#module\_eks\_cluster) | cloudposse/eks-cluster/aws | 0.43.2 |
+| [eks\_node\_group](#module\_eks\_node\_group) | cloudposse/eks-node-group/aws | 0.25.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 3.6.0 |
## Resources
-| Name |
-|------|
-| [aws_eks_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) |
-| [aws_eks_cluster_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) |
+| Name | Type |
+|------|------|
+| [aws_eks_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
+| [aws_eks_cluster_auth.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
## Inputs
-No input.
+No inputs.
## Outputs
-No output.
+No outputs.
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index e3f5cd9..4c8d66a 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -1,5 +1,6 @@
module "vpc" {
- source = "terraform-aws-modules/vpc/aws"
+ source = "terraform-aws-modules/vpc/aws"
+ version = "3.6.0"
name = "cluster-autoscaler-vpc"
cidr = "10.0.0.0/16"
@@ -9,35 +10,28 @@ module "vpc" {
}
module "eks_cluster" {
- source = "cloudposse/eks-cluster/aws"
+ source = "cloudposse/eks-cluster/aws"
+ version = "0.43.2"
region = "eu-central-1"
subnet_ids = module.vpc.public_subnets
vpc_id = module.vpc.vpc_id
name = "cluster-autoscaler"
-
- workers_security_group_ids = [module.eks_workers.security_group_id]
- workers_role_arns = [module.eks_workers.workers_role_arn]
}
-module "eks_workers" {
- source = "cloudposse/eks-workers/aws"
-
- cluster_certificate_authority_data = module.eks_cluster.eks_cluster_certificate_authority_data
- cluster_endpoint = module.eks_cluster.eks_cluster_endpoint
- cluster_name = module.eks_cluster.eks_cluster_id
- cluster_security_group_id = module.eks_cluster.security_group_id
- instance_type = "t3.medium"
- max_size = 1
- min_size = 1
- subnet_ids = module.vpc.public_subnets
- vpc_id = module.vpc.vpc_id
-
- associate_public_ip_address = true
+module "eks_node_group" {
+ source = "cloudposse/eks-node-group/aws"
+ version = "0.25.0"
+
+ cluster_name = "cluster-autoscaler"
+ instance_types = ["t3.medium"]
+ subnet_ids = module.vpc.public_subnets
+ min_size = 1
+ desired_size = 1
+ max_size = 2
+ depends_on = [module.eks_cluster.kubernetes_config_map_id]
}
-# Use the module:
-
module "cluster_autoscaler" {
source = "../../"
diff --git a/examples/basic/providers.tf b/examples/basic/providers.tf
index 3e4443a..e8369d1 100644
--- a/examples/basic/providers.tf
+++ b/examples/basic/providers.tf
@@ -10,12 +10,6 @@ data "aws_eks_cluster_auth" "this" {
name = module.eks_cluster.eks_cluster_id
}
-provider "kubernetes" {
- host = data.aws_eks_cluster.this.endpoint
- cluster_ca_certificate = base64decode(data.aws_eks_cluster.this.certificate_authority.0.data)
- token = data.aws_eks_cluster_auth.this.token
-}
-
provider "helm" {
kubernetes {
host = data.aws_eks_cluster.this.endpoint
diff --git a/iam.tf b/iam.tf
index fbdb763..4fa18c8 100644
--- a/iam.tf
+++ b/iam.tf
@@ -1,16 +1,5 @@
-resource "kubernetes_namespace" "cluster_autoscaler" {
- depends_on = [var.mod_dependency]
- count = (var.enabled && var.k8s_namespace != "kube-system") ? 1 : 0
-
- metadata {
- name = var.k8s_namespace
- }
-}
-
-### iam ###
-# Policy
data "aws_iam_policy_document" "cluster_autoscaler" {
- count = var.enabled ? 1 : 0
+ count = local.k8s_irsa_role_create ? 1 : 0
statement {
sid = "Autoscaling"
@@ -35,8 +24,7 @@ data "aws_iam_policy_document" "cluster_autoscaler" {
}
resource "aws_iam_policy" "cluster_autoscaler" {
- depends_on = [var.mod_dependency]
- count = var.enabled ? 1 : 0
+ count = local.k8s_irsa_role_create ? 1 : 0
name = "${var.cluster_name}-cluster-autoscaler"
path = "/"
description = "Policy for cluster-autoscaler service"
@@ -44,9 +32,8 @@ resource "aws_iam_policy" "cluster_autoscaler" {
policy = data.aws_iam_policy_document.cluster_autoscaler[0].json
}
-# Role
data "aws_iam_policy_document" "cluster_autoscaler_assume" {
- count = var.enabled ? 1 : 0
+ count = local.k8s_irsa_role_create ? 1 : 0
statement {
actions = ["sts:AssumeRoleWithWebIdentity"]
@@ -70,15 +57,13 @@ data "aws_iam_policy_document" "cluster_autoscaler_assume" {
}
resource "aws_iam_role" "cluster_autoscaler" {
- depends_on = [var.mod_dependency]
- count = var.enabled ? 1 : 0
+ count = local.k8s_irsa_role_create ? 1 : 0
name = "${var.cluster_name}-cluster-autoscaler"
assume_role_policy = data.aws_iam_policy_document.cluster_autoscaler_assume[0].json
}
resource "aws_iam_role_policy_attachment" "cluster_autoscaler" {
- depends_on = [var.mod_dependency]
- count = var.enabled ? 1 : 0
+ count = local.k8s_irsa_role_create ? 1 : 0
role = aws_iam_role.cluster_autoscaler[0].name
policy_arn = aws_iam_policy.cluster_autoscaler[0].arn
}
diff --git a/main.tf b/main.tf
index 6cc1764..4cd6109 100644
--- a/main.tf
+++ b/main.tf
@@ -1,32 +1,46 @@
+locals {
+ k8s_irsa_role_create = var.enabled && var.k8s_rbac_create && var.k8s_service_account_create && var.k8s_irsa_role_create
+
+ values = yamlencode({
+ "awsRegion" : data.aws_region.current.name,
+ "autoDiscovery" : {
+ "clusterName" : var.cluster_name
+ },
+ "rbac" : {
+ "create" : var.k8s_rbac_create,
+ "serviceAccount" : {
+ "create" : var.k8s_service_account_create,
+ "name" : var.k8s_service_account_name
+ "annotations" : {
+ "eks.amazonaws.com/role-arn" : local.k8s_irsa_role_create ? aws_iam_role.cluster_autoscaler[0].arn : ""
+ }
+ }
+ }
+ })
+}
+
data "aws_region" "current" {}
+data "utils_deep_merge_yaml" "values" {
+ count = var.enabled ? 1 : 0
+ input = compact([
+ local.values,
+ var.values
+ ])
+}
+
resource "helm_release" "cluster_autoscaler" {
- depends_on = [var.mod_dependency]
- count = var.enabled ? 1 : 0
- chart = var.helm_chart_name
- namespace = var.k8s_namespace
- name = var.helm_release_name
- version = var.helm_chart_version
- repository = var.helm_repo_url
+ count = var.enabled ? 1 : 0
+ chart = var.helm_chart_name
+ create_namespace = var.helm_create_namespace
+ namespace = var.k8s_namespace
+ name = var.helm_release_name
+ version = var.helm_chart_version
+ repository = var.helm_repo_url
values = [
- yamlencode({
- "awsRegion" : data.aws_region.current.name,
- "autoDiscovery" : {
- "clusterName" : var.cluster_name
- },
- "rbac" : {
- "create" : true,
- "serviceAccount" : {
- "create" : true,
- "name" : var.k8s_service_account_name
- "annotations" : {
- "eks.amazonaws.com/role-arn" : aws_iam_role.cluster_autoscaler[0].arn
- }
- }
- }
- }),
- var.values]
+ data.utils_deep_merge_yaml.values[0].output
+ ]
dynamic "set" {
for_each = var.settings
diff --git a/variables.tf b/variables.tf
index 407eb34..b182eed 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,4 +1,8 @@
-# Required module inputs
+variable "enabled" {
+ type = bool
+ default = true
+ description = "Variable indicating whether deployment is enabled"
+}
variable "cluster_name" {
type = string
@@ -15,16 +19,6 @@ variable "cluster_identity_oidc_issuer_arn" {
description = "The OIDC Identity issuer ARN for the cluster that can be used to associate IAM roles with a service account"
}
-# cluster-autoscaler
-
-variable "enabled" {
- type = bool
- default = true
- description = "Variable indicating whether deployment is enabled"
-}
-
-# Helm
-
variable "helm_chart_name" {
type = string
default = "cluster-autoscaler"
@@ -33,7 +27,7 @@ variable "helm_chart_name" {
variable "helm_chart_version" {
type = string
- default = "9.7.0"
+ default = "9.10.3"
description = "Version of the Helm chart"
}
@@ -42,14 +36,17 @@ variable "helm_release_name" {
default = "cluster-autoscaler"
description = "Helm release name"
}
-
variable "helm_repo_url" {
type = string
default = "https://kubernetes.github.io/autoscaler"
description = "Helm repository"
}
-# K8s
+variable "helm_create_namespace" {
+ type = bool
+ default = true
+ description = "Create the namespace if it does not yet exist"
+}
variable "k8s_namespace" {
type = string
@@ -57,15 +54,27 @@ variable "k8s_namespace" {
description = "The K8s namespace in which the node-problem-detector service account has been created"
}
-variable "k8s_service_account_name" {
- default = "cluster-autoscaler"
- description = "The k8s cluster-autoscaler service account name"
+variable "k8s_rbac_create" {
+ type = bool
+ default = true
+ description = "Whether to create and use RBAC resources"
+}
+
+variable "k8s_service_account_create" {
+ type = bool
+ default = true
+ description = "Whether to create Service Account"
}
-variable "mod_dependency" {
+variable "k8s_irsa_role_create" {
type = bool
- default = null
- description = "Dependence variable binds all AWS resources allocated by this module, dependent modules reference this variable"
+ default = true
+ description = "Whether to create IRSA role and annotate service account"
+}
+
+variable "k8s_service_account_name" {
+ default = "cluster-autoscaler"
+ description = "The k8s cluster-autoscaler service account name"
}
variable "settings" {
diff --git a/versions.tf b/versions.tf
index 607b5db..603dee4 100644
--- a/versions.tf
+++ b/versions.tf
@@ -10,9 +10,9 @@ terraform {
source = "hashicorp/helm"
version = ">= 1.0"
}
- kubernetes = {
- source = "hashicorp/kubernetes"
- version = ">= 1.10"
+ utils = {
+ source = "cloudposse/utils"
+ version = ">= 0.12.0"
}
}
}