Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom IAM roles for cluster and workers #338

Merged
merged 6 commits into from
May 7, 2019
Merged

Support custom IAM roles for cluster and workers #338

merged 6 commits into from
May 7, 2019

Conversation

erks
Copy link
Contributor

@erks erks commented Apr 6, 2019
edited
Loading

PR o'clock

Description

Fixes #282

Checklist

  • terraform fmt and terraform validate both work from the root and examples/eks_test_fixture directories (look in CI for an example)
  • Tests for the changes have been added and passing (for bug fixes/features)
  • Test results are pasted in this PR (in lieu of CI)
  • I've added my change to CHANGELOG.md
  • Any breaking changes are highlighted above

@erks erks mentioned this pull request Apr 6, 2019
Closed
4 tasks
@erks erks force-pushed the custom_iam_resources branch from 3efb8a5 to 5380b7c Compare April 6, 2019 05:22
@max-rocket-internet
Copy link
Contributor

Hey @erks ! Thanks for the PR and sorry for the delay. I will review this PR soon. It's quite complex so taking me a little longer to find the time 🙂

@erks
Copy link
Contributor Author

erks commented Apr 12, 2019

@max-rocket-internet thanks for taking a look!

@erks erks force-pushed the custom_iam_resources branch 2 times, most recently from b01d610 to efa5dc6 Compare April 18, 2019 01:07
dkelleher
dkelleher reviewed Apr 25, 2019
View reviewed changes
workers.tf Outdated
@@ -38,7 +38,7 @@ resource "aws_launch_configuration" "workers" {
name_prefix = "${aws_eks_cluster.this.name}-${lookup(var.worker_groups[count.index], "name", count.index)}"
associate_public_ip_address = "${lookup(var.worker_groups[count.index], "public_ip", local.workers_group_defaults["public_ip"])}"
security_groups = ["${local.worker_security_group_id}", "${var.worker_additional_security_group_ids}", "${compact(split(",",lookup(var.worker_groups[count.index],"additional_security_group_ids", local.workers_group_defaults["additional_security_group_ids"])))}"]
iam_instance_profile = "${element(aws_iam_instance_profile.workers.*.id, count.index)}"
iam_instance_profile = "${element(coalescelist(aws_iam_instance_profile.workers.*.id, data.aws_iam_instance_profile.custom_worker_group_iam_instance_profile.*.id), count.index)}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume this is my own ignorance but in order to get this to work for me I had to change this line to

iam_instance_profile  = "${element(coalescelist(aws_iam_instance_profile.workers.*.id, data.aws_iam_instance_profile.custom_worker_group_iam_instance_profile.*.name), count.index)}"

This appears to be in line with description of the parameter in hashicorp's docs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks. fixed.

ev3rl0ng
ev3rl0ng approved these changes May 3, 2019
View reviewed changes
Copy link

@ev3rl0ng ev3rl0ng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Downloaded module for testing purposes, was able to successfully spin up EKS clusters with custom IAM permissions using this PR.

@erks erks force-pushed the custom_iam_resources branch from 644c2fa to 5561090 Compare May 3, 2019 17:45
@erks
Copy link
Contributor Author

erks commented May 3, 2019

just rebased from master again.

@DTTerastar
Copy link

Downloaded module for testing purposes, was able to successfully spin up EKS clusters with custom IAM permissions using this PR.

Me too!

@max-rocket-internet
Copy link
Contributor

I just rebased this so I can test it now...

@max-rocket-internet
Copy link
Contributor

OK, since we have a couple of people who have tested it and I also did, I think we merge 🙂

I do think that we are really approaching the limits of Terraform complexity now. It's quite hard to follow some of this code. I just hope Terraform 0.12 can help claw back some readability and simplicity soon 😅

max-rocket-internet
max-rocket-internet approved these changes May 7, 2019
View reviewed changes
Copy link
Contributor

@max-rocket-internet max-rocket-internet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @erks 💙

@max-rocket-internet max-rocket-internet merged commit 959e533 into terraform-aws-modules:master May 7, 2019
@erks erks deleted the custom_iam_resources branch May 7, 2019 15:31
@mathuin mathuin mentioned this pull request Jun 13, 2019
Merged
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dkelleher dkelleher dkelleher left review comments

@max-rocket-internet max-rocket-internet max-rocket-internet approved these changes

@ev3rl0ng ev3rl0ng ev3rl0ng approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Custom IAM roles for cluster and workers
5 participants
@erks @max-rocket-internet @DTTerastar @dkelleher @ev3rl0ng