From fa645f993be8d70d7f0808e9c2c5c0dc0fb7b976 Mon Sep 17 00:00:00 2001 From: Max Williams Date: Fri, 3 May 2019 09:53:20 +0200 Subject: [PATCH 1/5] cleaning up launch template code --- README.md | 1 - data.tf | 8 ++-- local.tf | 57 +++++-------------------- variables.tf | 6 --- workers.tf | 27 ++++++------ workers_launch_template.tf | 85 ++++++++++++++------------------------ 6 files changed, 60 insertions(+), 124 deletions(-) diff --git a/README.md b/README.md index cd3e9e18a8..45cc348fb0 100644 --- a/README.md +++ b/README.md @@ -157,7 +157,6 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | workers\_additional\_policies | Additional policies to be added to workers | list | `[]` | no | | workers\_additional\_policies\_count | | string | `"0"` | no | | workers\_group\_defaults | Override default values for target groups. See workers_group_defaults_defaults in local.tf for valid keys. | map | `{}` | no | -| workers\_group\_launch\_template\_defaults | Override default values for target groups. See workers_group_defaults_defaults in local.tf for valid keys. | map | `{}` | no | | write\_aws\_auth\_config | Whether to write the aws-auth configmap file. | string | `"true"` | no | | write\_kubeconfig | Whether to write a Kubectl config file containing the cluster configuration. Saved to `config_output_path`. | string | `"true"` | no | diff --git a/data.tf b/data.tf index 72d2a8173a..47c24929a8 100644 --- a/data.tf +++ b/data.tf @@ -94,10 +94,10 @@ data "template_file" "launch_template_userdata" { cluster_name = "${aws_eks_cluster.this.name}" endpoint = "${aws_eks_cluster.this.endpoint}" cluster_auth_base64 = "${aws_eks_cluster.this.certificate_authority.0.data}" - pre_userdata = "${lookup(var.worker_groups_launch_template[count.index], "pre_userdata", local.workers_group_launch_template_defaults["pre_userdata"])}" - additional_userdata = "${lookup(var.worker_groups_launch_template[count.index], "additional_userdata", local.workers_group_launch_template_defaults["additional_userdata"])}" - bootstrap_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "bootstrap_extra_args", local.workers_group_launch_template_defaults["bootstrap_extra_args"])}" - kubelet_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "kubelet_extra_args", local.workers_group_launch_template_defaults["kubelet_extra_args"])}" + pre_userdata = "${lookup(var.worker_groups_launch_template[count.index], "pre_userdata", local.workers_group_defaults["pre_userdata"])}" + additional_userdata = "${lookup(var.worker_groups_launch_template[count.index], "additional_userdata", local.workers_group_defaults["additional_userdata"])}" + bootstrap_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "bootstrap_extra_args", local.workers_group_defaults["bootstrap_extra_args"])}" + kubelet_extra_args = "${lookup(var.worker_groups_launch_template[count.index], "kubelet_extra_args", local.workers_group_defaults["kubelet_extra_args"])}" } } diff --git a/local.tf b/local.tf index e87c1fe8ec..6efaeba293 100644 --- a/local.tf +++ b/local.tf @@ -43,56 +43,19 @@ locals { target_group_arns = "" # A comma delimited list of ALB target group ARNs to be associated to the ASG enabled_metrics = "" # A comma delimited list of metrics to be collected i.e. GroupMinSize,GroupMaxSize,GroupDesiredCapacity placement_group = "" # The name of the placement group into which to launch the instances, if any. - } - - workers_group_defaults = "${merge(local.workers_group_defaults_defaults, var.workers_group_defaults)}" + service_linked_role_arn = "" # Arn of custom service linked role that Auto Scaling group will use. Useful when you have encrypted EBS - workers_group_launch_template_defaults_defaults = { - name = "count.index" # Name of the worker group. Literal count.index will never be used but if name is not set, the count.index interpolation will be used. - ami_id = "${data.aws_ami.eks_worker.id}" # AMI ID for the eks workers. If none is provided, Terraform will search for the latest version of their EKS optimized worker AMI. - root_block_device_id = "${data.aws_ami.eks_worker.root_device_name}" # Root device name for workers. If non is provided, will assume default AMI was used. - asg_desired_capacity = "1" # Desired worker capacity in the autoscaling group. - asg_max_size = "3" # Maximum worker capacity in the autoscaling group. - asg_min_size = "1" # Minimum worker capacity in the autoscaling group. - asg_force_delete = false # Enable forced deletion for the autoscaling group. - instance_type = "m4.large" # Size of the workers instances. - override_instance_type = "t3.large" # Need to specify at least one additional instance type for mixed instances policy. The instance_type holds higher priority for on demand instances. - on_demand_allocation_strategy = "prioritized" # Strategy to use when launching on-demand instances. Valid values: prioritized. - on_demand_base_capacity = "0" # Absolute minimum amount of desired capacity that must be fulfilled by on-demand instances - on_demand_percentage_above_base_capacity = "100" # Percentage split between on-demand and Spot instances above the base on-demand capacity - spot_allocation_strategy = "lowest-price" # The only valid value is lowest-price, which is also the default value. The Auto Scaling group selects the cheapest Spot pools and evenly allocates your Spot capacity across the number of Spot pools that you specify. - spot_instance_pools = 10 # "Number of Spot pools per availability zone to allocate capacity. EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify." - spot_max_price = "" # Maximum price per unit hour that the user is willing to pay for the Spot instances. Default is the on-demand price - spot_price = "" # Cost of spot instance. - placement_tenancy = "default" # The tenancy of the instance. Valid values are "default" or "dedicated". - root_volume_size = "100" # root volume size of workers instances. - root_volume_type = "gp2" # root volume type of workers instances, can be 'standard', 'gp2', or 'io1' - root_iops = "0" # The amount of provisioned IOPS. This must be set with a volume_type of "io1". - root_encrypted = "" # root volume encryption for workers. - kms_key_id = "" # KMS key ID used for encrypted block device. ASG must have access to this key. If not specified, the default KMS key will be used. - key_name = "" # The key name that should be used for the instances in the autoscaling group - pre_userdata = "" # userdata to pre-append to the default userdata. - bootstrap_extra_args = "" # Extra arguments passed to the bootstrap.sh script from the EKS AMI. - additional_userdata = "" # userdata to append to the default userdata. - ebs_optimized = true # sets whether to use ebs optimization on supported types. - enable_monitoring = true # Enables/disables detailed monitoring. - public_ip = false # Associate a public ip address with a worker - eni_delete = true # Delete the ENI on termination (if set to false you will have to manually delete before destroying) - kubelet_extra_args = "" # This string is passed directly to kubelet if set. Useful for adding labels or taints. - subnets = "${join(",", var.subnets)}" # A comma delimited string of subnets to place the worker nodes in. i.e. subnet-123,subnet-456,subnet-789 - autoscaling_enabled = false # Sets whether policy and matching tags will be added to allow autoscaling. - additional_security_group_ids = "" # A comma delimited list of additional security group ids to include in worker launch config - protect_from_scale_in = false # Prevent AWS from scaling in, so that cluster-autoscaler is solely responsible. - iam_instance_profile_name = "" # A custom IAM instance profile name. Used when manage_worker_iam_resources is set to false. Incompatible with iam_role_id. - iam_role_id = "${local.default_iam_role_id}" # A custom IAM role id. Incompatible with iam_instance_profile_name. - suspended_processes = "AZRebalance" # A comma delimited string of processes to to suspend. i.e. AZRebalance,HealthCheck,ReplaceUnhealthy - target_group_arns = "" # A comma delimited list of ALB target group ARNs to be associated to the ASG - enabled_metrics = "" # A comma delimited list of metrics to be collected i.e. GroupMinSize,GroupMaxSize,GroupDesiredCapacity - placement_group = "" # The name of the placement group into which to launch the instances, if any. - service_linked_role_arn = "" # Arn of custom service linked role that Auto Scaling group will use. Useful when you have encrypted EBS + # Settings for launch templates + root_block_device_name = "${data.aws_ami.eks_worker.root_device_name}" # Root device name for workers. If non is provided, will assume default AMI was used. + root_kms_key_id = "" # The KMS key to use when encrypting the root storage device + launch_template_version = "$Latest" # The lastest version of the launch template to use in the autoscaling group + launch_template_placement_tenancy = "default" # The placement tenancy for instances + launch_template_placement_group = "" # The name of the placement group into which to launch the instances, if any. + root_encrypted = "" # Whether the volume should be encrypted or not + eni_delete = true # Delete the ENI on termination (if set to false you will have to manually delete before destroying) } - workers_group_launch_template_defaults = "${merge(local.workers_group_launch_template_defaults_defaults, var.workers_group_launch_template_defaults)}" + workers_group_defaults = "${merge(local.workers_group_defaults_defaults, var.workers_group_defaults)}" ebs_optimized = { "c1.medium" = false diff --git a/variables.tf b/variables.tf index 94c13237d4..6f904da858 100644 --- a/variables.tf +++ b/variables.tf @@ -138,12 +138,6 @@ variable "worker_group_launch_template_count" { default = "0" } -variable "workers_group_launch_template_defaults" { - description = "Override default values for target groups. See workers_group_defaults_defaults in local.tf for valid keys." - type = "map" - default = {} -} - variable "worker_group_launch_template_tags" { description = "A map defining extra tags to be applied to the worker group template ASG." type = "map" diff --git a/workers.tf b/workers.tf index 5a68615e81..75e8580c11 100644 --- a/workers.tf +++ b/workers.tf @@ -1,19 +1,20 @@ # Worker Groups using Launch Configurations resource "aws_autoscaling_group" "workers" { - name_prefix = "${aws_eks_cluster.this.name}-${lookup(var.worker_groups[count.index], "name", count.index)}" - desired_capacity = "${lookup(var.worker_groups[count.index], "asg_desired_capacity", local.workers_group_defaults["asg_desired_capacity"])}" - max_size = "${lookup(var.worker_groups[count.index], "asg_max_size", local.workers_group_defaults["asg_max_size"])}" - min_size = "${lookup(var.worker_groups[count.index], "asg_min_size", local.workers_group_defaults["asg_min_size"])}" - force_delete = "${lookup(var.worker_groups[count.index], "asg_force_delete", local.workers_group_defaults["asg_force_delete"])}" - target_group_arns = ["${compact(split(",", coalesce(lookup(var.worker_groups[count.index], "target_group_arns", ""), local.workers_group_defaults["target_group_arns"])))}"] - launch_configuration = "${element(aws_launch_configuration.workers.*.id, count.index)}" - vpc_zone_identifier = ["${split(",", coalesce(lookup(var.worker_groups[count.index], "subnets", ""), local.workers_group_defaults["subnets"]))}"] - protect_from_scale_in = "${lookup(var.worker_groups[count.index], "protect_from_scale_in", local.workers_group_defaults["protect_from_scale_in"])}" - suspended_processes = ["${compact(split(",", coalesce(lookup(var.worker_groups[count.index], "suspended_processes", ""), local.workers_group_defaults["suspended_processes"])))}"] - enabled_metrics = ["${compact(split(",", coalesce(lookup(var.worker_groups[count.index], "enabled_metrics", ""), local.workers_group_defaults["enabled_metrics"])))}"] - count = "${var.worker_group_count}" - placement_group = "${lookup(var.worker_groups[count.index], "placement_group", local.workers_group_defaults["placement_group"])}" + name_prefix = "${aws_eks_cluster.this.name}-${lookup(var.worker_groups[count.index], "name", count.index)}" + desired_capacity = "${lookup(var.worker_groups[count.index], "asg_desired_capacity", local.workers_group_defaults["asg_desired_capacity"])}" + max_size = "${lookup(var.worker_groups[count.index], "asg_max_size", local.workers_group_defaults["asg_max_size"])}" + min_size = "${lookup(var.worker_groups[count.index], "asg_min_size", local.workers_group_defaults["asg_min_size"])}" + force_delete = "${lookup(var.worker_groups[count.index], "asg_force_delete", local.workers_group_defaults["asg_force_delete"])}" + target_group_arns = ["${compact(split(",", coalesce(lookup(var.worker_groups[count.index], "target_group_arns", ""), local.workers_group_defaults["target_group_arns"])))}"] + service_linked_role_arn = "${lookup(var.worker_groups[count.index], "service_linked_role_arn", local.workers_group_defaults["service_linked_role_arn"])}" + launch_configuration = "${element(aws_launch_configuration.workers.*.id, count.index)}" + vpc_zone_identifier = ["${split(",", coalesce(lookup(var.worker_groups[count.index], "subnets", ""), local.workers_group_defaults["subnets"]))}"] + protect_from_scale_in = "${lookup(var.worker_groups[count.index], "protect_from_scale_in", local.workers_group_defaults["protect_from_scale_in"])}" + suspended_processes = ["${compact(split(",", coalesce(lookup(var.worker_groups[count.index], "suspended_processes", ""), local.workers_group_defaults["suspended_processes"])))}"] + enabled_metrics = ["${compact(split(",", coalesce(lookup(var.worker_groups[count.index], "enabled_metrics", ""), local.workers_group_defaults["enabled_metrics"])))}"] + count = "${var.worker_group_count}" + placement_group = "${lookup(var.worker_groups[count.index], "placement_group", local.workers_group_defaults["placement_group"])}" tags = ["${concat( list( diff --git a/workers_launch_template.tf b/workers_launch_template.tf index 73b31bcc96..8ca88b18b8 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -2,52 +2,31 @@ resource "aws_autoscaling_group" "workers_launch_template" { name_prefix = "${aws_eks_cluster.this.name}-${lookup(var.worker_groups_launch_template[count.index], "name", count.index)}" - desired_capacity = "${lookup(var.worker_groups_launch_template[count.index], "asg_desired_capacity", local.workers_group_launch_template_defaults["asg_desired_capacity"])}" - max_size = "${lookup(var.worker_groups_launch_template[count.index], "asg_max_size", local.workers_group_launch_template_defaults["asg_max_size"])}" - min_size = "${lookup(var.worker_groups_launch_template[count.index], "asg_min_size", local.workers_group_launch_template_defaults["asg_min_size"])}" - force_delete = "${lookup(var.worker_groups_launch_template[count.index], "asg_force_delete", local.workers_group_launch_template_defaults["asg_force_delete"])}" - target_group_arns = ["${compact(split(",", coalesce(lookup(var.worker_groups_launch_template[count.index], "target_group_arns", ""), local.workers_group_launch_template_defaults["target_group_arns"])))}"] - service_linked_role_arn = "${lookup(var.worker_groups_launch_template[count.index], "service_linked_role_arn", local.workers_group_launch_template_defaults["service_linked_role_arn"])}" - - mixed_instances_policy { - instances_distribution { - on_demand_allocation_strategy = "${lookup(var.worker_groups_launch_template[count.index], "on_demand_allocation_strategy", local.workers_group_launch_template_defaults["on_demand_allocation_strategy"])}" - on_demand_base_capacity = "${lookup(var.worker_groups_launch_template[count.index], "on_demand_base_capacity", local.workers_group_launch_template_defaults["on_demand_base_capacity"])}" - on_demand_percentage_above_base_capacity = "${lookup(var.worker_groups_launch_template[count.index], "on_demand_percentage_above_base_capacity", local.workers_group_launch_template_defaults["on_demand_percentage_above_base_capacity"])}" - spot_allocation_strategy = "${lookup(var.worker_groups_launch_template[count.index], "spot_allocation_strategy", local.workers_group_launch_template_defaults["spot_allocation_strategy"])}" - spot_instance_pools = "${lookup(var.worker_groups_launch_template[count.index], "spot_instance_pools", local.workers_group_launch_template_defaults["spot_instance_pools"])}" - spot_max_price = "${lookup(var.worker_groups_launch_template[count.index], "spot_max_price", local.workers_group_launch_template_defaults["spot_max_price"])}" - } - - launch_template { - launch_template_specification { - launch_template_id = "${element(aws_launch_template.workers_launch_template.*.id, count.index)}" - version = "$Latest" - } - - override { - instance_type = "${lookup(var.worker_groups_launch_template[count.index], "instance_type", local.workers_group_launch_template_defaults["instance_type"])}" - } - - override { - instance_type = "${lookup(var.worker_groups_launch_template[count.index], "override_instance_type", local.workers_group_launch_template_defaults["override_instance_type"])}" - } - } + desired_capacity = "${lookup(var.worker_groups_launch_template[count.index], "asg_desired_capacity", local.workers_group_defaults["asg_desired_capacity"])}" + max_size = "${lookup(var.worker_groups_launch_template[count.index], "asg_max_size", local.workers_group_defaults["asg_max_size"])}" + min_size = "${lookup(var.worker_groups_launch_template[count.index], "asg_min_size", local.workers_group_defaults["asg_min_size"])}" + force_delete = "${lookup(var.worker_groups_launch_template[count.index], "asg_force_delete", local.workers_group_defaults["asg_force_delete"])}" + target_group_arns = ["${compact(split(",", coalesce(lookup(var.worker_groups_launch_template[count.index], "target_group_arns", ""), local.workers_group_defaults["target_group_arns"])))}"] + service_linked_role_arn = "${lookup(var.worker_groups_launch_template[count.index], "service_linked_role_arn", local.workers_group_defaults["service_linked_role_arn"])}" + vpc_zone_identifier = ["${split(",", coalesce(lookup(var.worker_groups_launch_template[count.index], "subnets", ""), local.workers_group_defaults["subnets"]))}"] + protect_from_scale_in = "${lookup(var.worker_groups_launch_template[count.index], "protect_from_scale_in", local.workers_group_defaults["protect_from_scale_in"])}" + suspended_processes = ["${compact(split(",", coalesce(lookup(var.worker_groups_launch_template[count.index], "suspended_processes", ""), local.workers_group_defaults["suspended_processes"])))}"] + enabled_metrics = ["${compact(split(",", coalesce(lookup(var.worker_groups_launch_template[count.index], "enabled_metrics", ""), local.workers_group_defaults["enabled_metrics"])))}"] + count = "${var.worker_group_launch_template_count}" + placement_group = "${lookup(var.worker_groups[count.index], "placement_group", local.workers_group_defaults["placement_group"])}" + + launch_template { + id = "${element(aws_launch_template.workers_launch_template.*.id, count.index)}" + version = "${lookup(var.worker_groups_launch_template[count.index], "launch_template_version", local.workers_group_defaults["launch_template_version"])}" } - vpc_zone_identifier = ["${split(",", coalesce(lookup(var.worker_groups_launch_template[count.index], "subnets", ""), local.workers_group_launch_template_defaults["subnets"]))}"] - protect_from_scale_in = "${lookup(var.worker_groups_launch_template[count.index], "protect_from_scale_in", local.workers_group_launch_template_defaults["protect_from_scale_in"])}" - suspended_processes = ["${compact(split(",", coalesce(lookup(var.worker_groups_launch_template[count.index], "suspended_processes", ""), local.workers_group_launch_template_defaults["suspended_processes"])))}"] - enabled_metrics = ["${compact(split(",", coalesce(lookup(var.worker_groups_launch_template[count.index], "enabled_metrics", ""), local.workers_group_launch_template_defaults["enabled_metrics"])))}"] - count = "${var.worker_group_launch_template_count}" - tags = ["${concat( list( map("key", "Name", "value", "${aws_eks_cluster.this.name}-${lookup(var.worker_groups_launch_template[count.index], "name", count.index)}-eks_asg", "propagate_at_launch", true), map("key", "kubernetes.io/cluster/${aws_eks_cluster.this.name}", "value", "owned", "propagate_at_launch", true), - map("key", "k8s.io/cluster-autoscaler/${lookup(var.worker_groups_launch_template[count.index], "autoscaling_enabled", local.workers_group_launch_template_defaults["autoscaling_enabled"]) == 1 ? "enabled" : "disabled" }", "value", "true", "propagate_at_launch", false), + map("key", "k8s.io/cluster-autoscaler/${lookup(var.worker_groups_launch_template[count.index], "autoscaling_enabled", local.workers_group_defaults["autoscaling_enabled"]) == 1 ? "enabled" : "disabled" }", "value", "true", "propagate_at_launch", false), map("key", "k8s.io/cluster-autoscaler/${aws_eks_cluster.this.name}", "value", "", "propagate_at_launch", false), - map("key", "k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage", "value", "${lookup(var.worker_groups_launch_template[count.index], "root_volume_size", local.workers_group_launch_template_defaults["root_volume_size"])}Gi", "propagate_at_launch", false) + map("key", "k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage", "value", "${lookup(var.worker_groups_launch_template[count.index], "root_volume_size", local.workers_group_defaults["root_volume_size"])}Gi", "propagate_at_launch", false) ), local.asg_tags, var.worker_group_launch_template_tags[contains(keys(var.worker_group_launch_template_tags), "${lookup(var.worker_groups_launch_template[count.index], "name", count.index)}") ? "${lookup(var.worker_groups_launch_template[count.index], "name", count.index)}" : "default"]) @@ -78,19 +57,19 @@ resource "aws_launch_template" "workers_launch_template" { name = "${element(coalescelist(aws_iam_instance_profile.workers_launch_template.*.name, data.aws_iam_instance_profile.custom_worker_group_launch_template_iam_instance_profile.*.name), count.index)}" } - image_id = "${lookup(var.worker_groups_launch_template[count.index], "ami_id", local.workers_group_launch_template_defaults["ami_id"])}" - instance_type = "${lookup(var.worker_groups_launch_template[count.index], "instance_type", local.workers_group_launch_template_defaults["instance_type"])}" - key_name = "${lookup(var.worker_groups_launch_template[count.index], "key_name", local.workers_group_launch_template_defaults["key_name"])}" + image_id = "${lookup(var.worker_groups_launch_template[count.index], "ami_id", local.workers_group_defaults["ami_id"])}" + instance_type = "${lookup(var.worker_groups_launch_template[count.index], "instance_type", local.workers_group_defaults["instance_type"])}" + key_name = "${lookup(var.worker_groups_launch_template[count.index], "key_name", local.workers_group_defaults["key_name"])}" user_data = "${base64encode(element(data.template_file.launch_template_userdata.*.rendered, count.index))}" - ebs_optimized = "${lookup(var.worker_groups_launch_template[count.index], "ebs_optimized", lookup(local.ebs_optimized, lookup(var.worker_groups_launch_template[count.index], "instance_type", local.workers_group_launch_template_defaults["instance_type"]), false))}" + ebs_optimized = "${lookup(var.worker_groups_launch_template[count.index], "ebs_optimized", lookup(local.ebs_optimized, lookup(var.worker_groups_launch_template[count.index], "instance_type", local.workers_group_defaults["instance_type"]), false))}" monitoring { - enabled = "${lookup(var.worker_groups_launch_template[count.index], "enable_monitoring", local.workers_group_launch_template_defaults["enable_monitoring"])}" + enabled = "${lookup(var.worker_groups_launch_template[count.index], "enable_monitoring", local.workers_group_defaults["enable_monitoring"])}" } placement { - tenancy = "${lookup(var.worker_groups_launch_template[count.index], "placement_tenancy", local.workers_group_launch_template_defaults["placement_tenancy"])}" - group_name = "${lookup(var.worker_groups_launch_template[count.index], "placement_group", local.workers_group_launch_template_defaults["placement_group"])}" + tenancy = "${lookup(var.worker_groups_launch_template[count.index], "launch_template_placement_tenancy", local.workers_group_defaults["launch_template_placement_tenancy"])}" + group_name = "${lookup(var.worker_groups_launch_template[count.index], "launch_template_placement_group", local.workers_group_defaults["launch_template_placement_group"])}" } count = "${var.worker_group_launch_template_count}" @@ -100,14 +79,14 @@ resource "aws_launch_template" "workers_launch_template" { } block_device_mappings { - device_name = "${data.aws_ami.eks_worker.root_device_name}" + device_name = "${lookup(var.worker_groups_launch_template[count.index], "root_block_device_name", local.workers_group_defaults["root_block_device_name"])}" ebs { - volume_size = "${lookup(var.worker_groups_launch_template[count.index], "root_volume_size", local.workers_group_launch_template_defaults["root_volume_size"])}" - volume_type = "${lookup(var.worker_groups_launch_template[count.index], "root_volume_type", local.workers_group_launch_template_defaults["root_volume_type"])}" - iops = "${lookup(var.worker_groups_launch_template[count.index], "root_iops", local.workers_group_launch_template_defaults["root_iops"])}" - encrypted = "${lookup(var.worker_groups_launch_template[count.index], "root_encrypted", local.workers_group_launch_template_defaults["root_encrypted"])}" - kms_key_id = "${lookup(var.worker_groups_launch_template[count.index], "kms_key_id", local.workers_group_launch_template_defaults["kms_key_id"])}" + volume_size = "${lookup(var.worker_groups_launch_template[count.index], "root_volume_size", local.workers_group_defaults["root_volume_size"])}" + volume_type = "${lookup(var.worker_groups_launch_template[count.index], "root_volume_type", local.workers_group_defaults["root_volume_type"])}" + iops = "${lookup(var.worker_groups_launch_template[count.index], "root_iops", local.workers_group_defaults["root_iops"])}" + encrypted = "${lookup(var.worker_groups_launch_template[count.index], "root_encrypted", local.workers_group_defaults["root_encrypted"])}" + kms_key_id = "${lookup(var.worker_groups_launch_template[count.index], "root_kms_key_id", local.workers_group_defaults["root_kms_key_id"])}" delete_on_termination = true } } @@ -117,7 +96,7 @@ resource "aws_launch_template" "workers_launch_template" { resource "aws_iam_instance_profile" "workers_launch_template" { name_prefix = "${aws_eks_cluster.this.name}" - role = "${lookup(var.worker_groups_launch_template[count.index], "iam_role_id", lookup(local.workers_group_launch_template_defaults, "iam_role_id"))}" + role = "${lookup(var.worker_groups_launch_template[count.index], "iam_role_id", lookup(local.workers_group_defaults, "iam_role_id"))}" count = "${var.manage_worker_iam_resources ? var.worker_group_launch_template_count : 0}" path = "${var.iam_path}" } From 92c2590ec85461822f83ceafc234635fbca2939b Mon Sep 17 00:00:00 2001 From: Max Williams Date: Fri, 3 May 2019 14:10:07 +0200 Subject: [PATCH 2/5] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 41af2c1439..e01d73ed68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ project adheres to [Semantic Versioning](http://semver.org/). - Set default suspended processes for ASG to `AZRebalance` (by @max-rocket-internet) - 4 small changes to `aws_launch_template` resource (by @max-rocket-internet) + - (Breaking Change) Rewritten and de-duplicated code related to Launch Templates (by @max-rocket-internet) - Add .prettierignore file (by @rothandrew) - Switch to https for the pre-commit repos (by @rothandrew) - Add instructions on how to enable the docker bridge network (by @rothandrew) From adef14e14be30784cf061c57981334194a9309c3 Mon Sep 17 00:00:00 2001 From: Max Williams Date: Fri, 3 May 2019 16:26:15 +0200 Subject: [PATCH 3/5] Remove variable worker_group_launch_template_tags --- README.md | 1 - variables.tf | 9 --------- workers_launch_template.tf | 4 ++-- 3 files changed, 2 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 45cc348fb0..d471d0563b 100644 --- a/README.md +++ b/README.md @@ -148,7 +148,6 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | string | `"true"` | no | | worker\_group\_count | The number of maps contained within the worker_groups list. | string | `"1"` | no | | worker\_group\_launch\_template\_count | The number of maps contained within the worker_groups_launch_template list. | string | `"0"` | no | -| worker\_group\_launch\_template\_tags | A map defining extra tags to be applied to the worker group template ASG. | map | `{ "default": [] }` | no | | worker\_group\_tags | A map defining extra tags to be applied to the worker group ASG. | map | `{ "default": [] }` | no | | worker\_groups | A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers_group_defaults for valid keys. | list | `[ { "name": "default" } ]` | no | | worker\_groups\_launch\_template | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers_group_defaults for valid keys. | list | `[ { "name": "default" } ]` | no | diff --git a/variables.tf b/variables.tf index 6f904da858..c14f6609ae 100644 --- a/variables.tf +++ b/variables.tf @@ -138,15 +138,6 @@ variable "worker_group_launch_template_count" { default = "0" } -variable "worker_group_launch_template_tags" { - description = "A map defining extra tags to be applied to the worker group template ASG." - type = "map" - - default = { - default = [] - } -} - variable "worker_security_group_id" { description = "If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster." default = "" diff --git a/workers_launch_template.tf b/workers_launch_template.tf index 8ca88b18b8..1f47b53ff9 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -13,7 +13,7 @@ resource "aws_autoscaling_group" "workers_launch_template" { suspended_processes = ["${compact(split(",", coalesce(lookup(var.worker_groups_launch_template[count.index], "suspended_processes", ""), local.workers_group_defaults["suspended_processes"])))}"] enabled_metrics = ["${compact(split(",", coalesce(lookup(var.worker_groups_launch_template[count.index], "enabled_metrics", ""), local.workers_group_defaults["enabled_metrics"])))}"] count = "${var.worker_group_launch_template_count}" - placement_group = "${lookup(var.worker_groups[count.index], "placement_group", local.workers_group_defaults["placement_group"])}" + placement_group = "${lookup(var.worker_groups_launch_template[count.index], "placement_group", local.workers_group_defaults["placement_group"])}" launch_template { id = "${element(aws_launch_template.workers_launch_template.*.id, count.index)}" @@ -29,7 +29,7 @@ resource "aws_autoscaling_group" "workers_launch_template" { map("key", "k8s.io/cluster-autoscaler/node-template/resources/ephemeral-storage", "value", "${lookup(var.worker_groups_launch_template[count.index], "root_volume_size", local.workers_group_defaults["root_volume_size"])}Gi", "propagate_at_launch", false) ), local.asg_tags, - var.worker_group_launch_template_tags[contains(keys(var.worker_group_launch_template_tags), "${lookup(var.worker_groups_launch_template[count.index], "name", count.index)}") ? "${lookup(var.worker_groups_launch_template[count.index], "name", count.index)}" : "default"]) + var.worker_group_tags[contains(keys(var.worker_group_tags), "${lookup(var.worker_groups_launch_template[count.index], "name", count.index)}") ? "${lookup(var.worker_groups_launch_template[count.index], "name", count.index)}" : "default"]) }"] lifecycle { From b91db572a807c0f16bba5c43f7dbaf05f7d9abcb Mon Sep 17 00:00:00 2001 From: Max Williams Date: Tue, 7 May 2019 15:13:14 +0200 Subject: [PATCH 4/5] misc fixes --- README.md | 3 ++- data.tf | 2 +- workers_launch_template.tf | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d471d0563b..b1875a31f2 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | Name | Description | |------|-------------| +| cluster\_arn | The Amazon Resource Name (ARN) of the cluster. | | cluster\_certificate\_authority\_data | Nested attribute containing certificate-authority-data for your cluster. This is the base64 encoded certificate data required to communicate with your cluster. | | cluster\_endpoint | The endpoint for your EKS Kubernetes API. | | cluster\_iam\_role\_arn | IAM role ARN of the EKS cluster. | @@ -181,9 +182,9 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | workers\_asg\_arns | IDs of the autoscaling groups containing workers. | | workers\_asg\_names | Names of the autoscaling groups containing workers. | | workers\_default\_ami\_id | ID of the default worker group AMI | -| workers\_user\_data | User data of worker groups | | workers\_launch\_template\_arns | ARNs of the worker launch templates. | | workers\_launch\_template\_ids | IDs of the worker launch templates. | | workers\_launch\_template\_latest\_versions | Latest versions of the worker launch templates. | +| workers\_user\_data | User data of worker groups | diff --git a/data.tf b/data.tf index 47c24929a8..5ef35bdfe8 100644 --- a/data.tf +++ b/data.tf @@ -112,6 +112,6 @@ data "aws_iam_instance_profile" "custom_worker_group_iam_instance_profile" { } data "aws_iam_instance_profile" "custom_worker_group_launch_template_iam_instance_profile" { - name = "${lookup(var.worker_groups_launch_template[count.index], "iam_instance_profile_name", local.workers_group_launch_template_defaults["iam_instance_profile_name"])}" + name = "${lookup(var.worker_groups_launch_template[count.index], "iam_instance_profile_name", local.workers_group_defaults["iam_instance_profile_name"])}" count = "${var.manage_worker_iam_resources ? 0 : var.worker_group_launch_template_count}" } diff --git a/workers_launch_template.tf b/workers_launch_template.tf index 1f47b53ff9..99c26ddcb4 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -43,13 +43,13 @@ resource "aws_launch_template" "workers_launch_template" { name_prefix = "${aws_eks_cluster.this.name}-${lookup(var.worker_groups_launch_template[count.index], "name", count.index)}" network_interfaces { - associate_public_ip_address = "${lookup(var.worker_groups_launch_template[count.index], "public_ip", local.workers_group_launch_template_defaults["public_ip"])}" - delete_on_termination = "${lookup(var.worker_groups_launch_template[count.index], "eni_delete", local.workers_group_launch_template_defaults["eni_delete"])}" + associate_public_ip_address = "${lookup(var.worker_groups_launch_template[count.index], "public_ip", local.workers_group_defaults["public_ip"])}" + delete_on_termination = "${lookup(var.worker_groups_launch_template[count.index], "eni_delete", local.workers_group_defaults["eni_delete"])}" security_groups = [ "${local.worker_security_group_id}", "${var.worker_additional_security_group_ids}", - "${compact(split(",",lookup(var.worker_groups_launch_template[count.index],"additional_security_group_ids", local.workers_group_launch_template_defaults["additional_security_group_ids"])))}", + "${compact(split(",",lookup(var.worker_groups_launch_template[count.index],"additional_security_group_ids", local.workers_group_defaults["additional_security_group_ids"])))}", ] } From c90903e42841b7066da1e570a0d5ebc5fa3a1ada Mon Sep 17 00:00:00 2001 From: Max Williams Date: Tue, 7 May 2019 15:36:21 +0200 Subject: [PATCH 5/5] fixing and simplifying example --- examples/eks_test_fixture/main.tf | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/examples/eks_test_fixture/main.tf b/examples/eks_test_fixture/main.tf index bd1ea66732..058c1e3346 100644 --- a/examples/eks_test_fixture/main.tf +++ b/examples/eks_test_fixture/main.tf @@ -61,24 +61,17 @@ locals { worker_groups = [ { - # This will launch an autoscaling group with only On-Demand instances instance_type = "t2.small" additional_userdata = "echo foo bar" - subnets = "${join(",", module.vpc.private_subnets)}" - asg_desired_capacity = "2" + asg_desired_capacity = 2 }, ] worker_groups_launch_template = [ { - # This will launch an autoscaling group with only Spot Fleet instances - instance_type = "t2.small" - additional_userdata = "echo foo bar" - subnets = "${join(",", module.vpc.private_subnets)}" - additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}" - override_instance_type = "t3.small" - asg_desired_capacity = "2" - spot_instance_pools = 10 - on_demand_percentage_above_base_capacity = "0" + instance_type = "t2.small" + additional_userdata = "echo foo bar" + additional_security_group_ids = "${aws_security_group.worker_group_mgmt_one.id},${aws_security_group.worker_group_mgmt_two.id}" + asg_desired_capacity = 2 }, ] tags = { @@ -163,8 +156,8 @@ module "eks" { vpc_id = "${module.vpc.vpc_id}" worker_groups = "${local.worker_groups}" worker_groups_launch_template = "${local.worker_groups_launch_template}" - worker_group_count = "1" - worker_group_launch_template_count = "1" + worker_group_count = 1 + worker_group_launch_template_count = 1 worker_additional_security_group_ids = ["${aws_security_group.all_worker_mgmt.id}"] map_roles = "${var.map_roles}" map_roles_count = "${var.map_roles_count}"