Skip to content

Commit

Permalink
Define kubernetes_network_config explicitly - 5.11.4 (#309)
Browse files Browse the repository at this point in the history
  • Loading branch information
@miguelhar
miguelhar authored Dec 3, 2024
1 parent c951195 commit 32e61f0
Show file tree
Hide file tree
Showing 8 changed files with 42 additions and 18 deletions.
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ repos:
args:
- '--args=--compact'
- '--args=--quiet'
- '--args=--skip-check CKV_CIRCLECIPIPELINES_2,CKV_CIRCLECIPIPELINES_6,CKV2_AWS_11,CKV2_AWS_12,CKV2_AWS_6,CKV_AWS_109,CKV_AWS_111,CKV_AWS_135,CKV_AWS_144,CKV_AWS_145,CKV_AWS_158,CKV_AWS_18,CKV_AWS_184,CKV_AWS_19,CKV_AWS_21,CKV_AWS_66,CKV_AWS_88,CKV2_GHA_1,CKV_AWS_163,CKV_AWS_39,CKV_AWS_38,CKV2_AWS_61,CKV2_AWS_62,CKV_AWS_136,CKV_AWS_329,CKV_AWS_338,CKV_AWS_339,CKV_AWS_341,CKV_AWS_356,CKV2_AWS_19,CKV2_AWS_5,CKV_AWS_150,CKV_AWS_123,CKV2_AWS_65'
- '--args=--skip-check CKV_CIRCLECIPIPELINES_2,CKV_CIRCLECIPIPELINES_6,CKV2_AWS_11,CKV2_AWS_12,CKV2_AWS_6,CKV_AWS_109,CKV_AWS_111,CKV_AWS_135,CKV_AWS_144,CKV_AWS_145,CKV_AWS_158,CKV_AWS_18,CKV_AWS_184,CKV_AWS_19,CKV_AWS_21,CKV_AWS_66,CKV_AWS_88,CKV2_GHA_1,CKV_AWS_163,CKV_AWS_39,CKV_AWS_38,CKV2_AWS_61,CKV2_AWS_62,CKV_AWS_136,CKV_AWS_329,CKV_AWS_338,CKV_AWS_339,CKV_AWS_341,CKV_AWS_356,CKV2_AWS_19,CKV2_AWS_5,CKV_AWS_150,CKV_AWS_123,CKV2_AWS_65,CKV_AWS_67,CKV_AWS_382'
- id: terraform_trivy
args:
- '--args=--severity=HIGH,CRITICAL'
Expand Down
20 changes: 15 additions & 5 deletions modules/eks/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,14 +197,24 @@ locals {
} : {})


eks_network_config = aws_eks_cluster.this.kubernetes_network_config[0]

eks_info = {
cluster = {
specs = {
name = aws_eks_cluster.this.name
endpoint = aws_eks_cluster.this.endpoint
certificate_authority = aws_eks_cluster.this.certificate_authority
kubernetes_network_config = aws_eks_cluster.this.kubernetes_network_config
account_id = data.aws_caller_identity.cluster_aws_account.account_id
name = aws_eks_cluster.this.name
endpoint = aws_eks_cluster.this.endpoint
certificate_authority = aws_eks_cluster.this.certificate_authority
kubernetes_network_config = {
elastic_load_balancing = {
enabled = try(local.eks_network_config.elastic_load_balancing[0].enabled, false)
}
ip_family = local.eks_network_config.ip_family
service_ipv4_cidr = local.eks_network_config.service_ipv4_cidr
service_ipv6_cidr = local.eks_network_config.service_ipv6_cidr

}
account_id = data.aws_caller_identity.cluster_aws_account.account_id
}
addons = var.eks.cluster_addons
vpc_cni = var.eks.vpc_cni
Expand Down
2 changes: 1 addition & 1 deletion modules/nodes/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ No modules.
|------|-------------|------|---------|:--------:|
| <a name="input_additional_node_groups"></a> [additional\_node\_groups](#input\_additional\_node\_groups) | Additional EKS managed node groups definition. | <pre>map(object({<br> ami = optional(string, null)<br> bootstrap_extra_args = optional(string, "")<br> instance_types = list(string)<br> spot = optional(bool, false)<br> min_per_az = number<br> max_per_az = number<br> max_unavailable_percentage = optional(number, 50)<br> max_unavailable = optional(number)<br> desired_per_az = number<br> availability_zone_ids = list(string)<br> labels = map(string)<br> taints = optional(list(object({<br> key = string<br> value = optional(string)<br> effect = string<br> })), [<br> {<br> key = "ebs.csi.aws.com/agent-not-ready",<br> value = "true",<br> effect = "NO_EXECUTE"<br> }<br> ])<br> tags = optional(map(string), {})<br> gpu = optional(bool, null)<br> volume = object({<br> size = string<br> type = string<br> iops = optional(number)<br> throughput = optional(number, 500)<br> })<br> }))</pre> | `{}` | no |
| <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br> {<br> compute = object(<br> {<br> ami = optional(string, null)<br> bootstrap_extra_args = optional(string, "")<br> instance_types = optional(list(string), ["m6i.2xlarge"])<br> spot = optional(bool, false)<br> min_per_az = optional(number, 0)<br> max_per_az = optional(number, 10)<br> max_unavailable_percentage = optional(number, 50)<br> max_unavailable = optional(number, null)<br> desired_per_az = optional(number, 0)<br> availability_zone_ids = list(string)<br> labels = optional(map(string), {<br> "dominodatalab.com/node-pool" = "default"<br> })<br> taints = optional(list(object({<br> key = string<br> value = optional(string)<br> effect = string<br> })), [<br> {<br> key = "ebs.csi.aws.com/agent-not-ready",<br> value = "true",<br> effect = "NO_EXECUTE"<br> }<br> ])<br> tags = optional(map(string), {})<br> gpu = optional(bool, null)<br> volume = optional(object({<br> size = optional(number, 1000)<br> type = optional(string, "gp3")<br> iops = optional(number)<br> throughput = optional(number, 500)<br> }), {<br> size = 1000<br> type = "gp3"<br> iops = null<br> throughput = 500<br> }<br> )<br> }),<br> platform = object(<br> {<br> ami = optional(string, null)<br> bootstrap_extra_args = optional(string, "")<br> instance_types = optional(list(string), ["m7i-flex.2xlarge"])<br> spot = optional(bool, false)<br> min_per_az = optional(number, 1)<br> max_per_az = optional(number, 10)<br> max_unavailable_percentage = optional(number, null)<br> max_unavailable = optional(number, 1)<br> desired_per_az = optional(number, 1)<br> availability_zone_ids = list(string)<br> labels = optional(map(string), {<br> "dominodatalab.com/node-pool" = "platform"<br> })<br> taints = optional(list(object({<br> key = string<br> value = optional(string)<br> effect = string<br> })), []<br> )<br> tags = optional(map(string), {})<br> gpu = optional(bool, null)<br> volume = optional(object({<br> size = optional(number, 100)<br> type = optional(string, "gp3")<br> iops = optional(number)<br> throughput = optional(number)<br> }), {<br> size = 100<br> type = "gp3"<br> iops = null<br> throughput = null<br> }<br> )<br> }),<br> gpu = object(<br> {<br> ami = optional(string, null)<br> bootstrap_extra_args = optional(string, "")<br> instance_types = optional(list(string), ["g5.2xlarge"])<br> spot = optional(bool, false)<br> min_per_az = optional(number, 0)<br> max_per_az = optional(number, 10)<br> max_unavailable_percentage = optional(number, 50)<br> max_unavailable = optional(number, null)<br> desired_per_az = optional(number, 0)<br> availability_zone_ids = list(string)<br> labels = optional(map(string), {<br> "dominodatalab.com/node-pool" = "default-gpu"<br> "nvidia.com/gpu" = true<br> })<br> taints = optional(list(object({<br> key = string<br> value = optional(string)<br> effect = string<br> })), [{<br> key = "nvidia.com/gpu"<br> value = "true"<br> effect = "NO_SCHEDULE"<br> },<br> {<br> key = "ebs.csi.aws.com/agent-not-ready",<br> value = "true",<br> effect = "NO_EXECUTE"<br> }<br><br> ])<br> tags = optional(map(string), {})<br> gpu = optional(bool, null)<br> volume = optional(object({<br> size = optional(number, 1000)<br> type = optional(string, "gp3")<br> iops = optional(number)<br> throughput = optional(number, 500)<br> }), {<br> size = 1000<br> type = "gp3"<br> iops = null<br> throughput = 500<br> }<br> )<br> })<br> })</pre> | n/a | yes |
| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br> addons = List of addons<br> specs = Cluster spes. {<br> name = Cluster name.<br> endpoint = Cluster endpont.<br> kubernetes\_network\_config = Cluster k8s nw config.<br> }<br> version = K8s version.<br> arn = EKS Cluster arn.<br> security\_group\_id = EKS Cluster security group id.<br> endpoint = EKS Cluster API endpoint.<br> roles = Default IAM Roles associated with the EKS cluster. {<br> name = string<br> arn = string<br> }<br> custom\_roles = Custom IAM Roles associated with the EKS cluster. {<br> rolearn = string<br> username = string<br> groups = list(string)<br> }<br> oidc = {<br> arn = OIDC provider ARN.<br> url = OIDC provider url.<br> }<br> }<br> nodes = {<br> security\_group\_id = EKS Nodes security group id.<br> roles = IAM Roles associated with the EKS Nodes.{<br> name = string<br> arn = string<br> }<br> }<br> kubeconfig = Kubeconfig details.{<br> path = string<br> extra\_args = string<br> } | <pre>object({<br> k8s_pre_setup_sh_file = string<br> cluster = object({<br> addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br> vpc_cni = optional(object({<br> prefix_delegation = optional(bool, false)<br> annotate_pod_ip = optional(bool, true)<br> }))<br> specs = object({<br> name = string<br> endpoint = string<br> kubernetes_network_config = list(map(any))<br> certificate_authority = list(map(any))<br> })<br> version = string<br> arn = string<br> security_group_id = string<br> endpoint = string<br> roles = list(object({<br> name = string<br> arn = string<br> }))<br> custom_roles = list(object({<br> rolearn = string<br> username = string<br> groups = list(string)<br> }))<br> oidc = object({<br> arn = string<br> url = string<br> })<br> })<br> nodes = object({<br> security_group_id = string<br> roles = list(object({<br> name = string<br> arn = string<br> }))<br> })<br> kubeconfig = object({<br> path = string<br> extra_args = string<br> })<br> })</pre> | n/a | yes |
| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br> addons = List of addons<br> specs = Cluster spes. {<br> name = Cluster name.<br> endpoint = Cluster endpont.<br> kubernetes\_network\_config = Cluster k8s nw config.<br> }<br> version = K8s version.<br> arn = EKS Cluster arn.<br> security\_group\_id = EKS Cluster security group id.<br> endpoint = EKS Cluster API endpoint.<br> roles = Default IAM Roles associated with the EKS cluster. {<br> name = string<br> arn = string<br> }<br> custom\_roles = Custom IAM Roles associated with the EKS cluster. {<br> rolearn = string<br> username = string<br> groups = list(string)<br> }<br> oidc = {<br> arn = OIDC provider ARN.<br> url = OIDC provider url.<br> }<br> }<br> nodes = {<br> security\_group\_id = EKS Nodes security group id.<br> roles = IAM Roles associated with the EKS Nodes.{<br> name = string<br> arn = string<br> }<br> }<br> kubeconfig = Kubeconfig details.{<br> path = string<br> extra\_args = string<br> } | <pre>object({<br> k8s_pre_setup_sh_file = string<br> cluster = object({<br> addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br> vpc_cni = optional(object({<br> prefix_delegation = optional(bool, false)<br> annotate_pod_ip = optional(bool, true)<br> }))<br> specs = object({<br> name = string<br> endpoint = string<br> kubernetes_network_config = object({<br> elastic_load_balancing = object({<br> enabled = bool<br> })<br> ip_family = string<br> service_ipv4_cidr = string<br> service_ipv6_cidr = string<br> })<br> certificate_authority = list(map(any))<br> })<br> version = string<br> arn = string<br> security_group_id = string<br> endpoint = string<br> roles = list(object({<br> name = string<br> arn = string<br> }))<br> custom_roles = list(object({<br> rolearn = string<br> username = string<br> groups = list(string)<br> }))<br> oidc = object({<br> arn = string<br> url = string<br> })<br> })<br> nodes = object({<br> security_group_id = string<br> roles = list(object({<br> name = string<br> arn = string<br> }))<br> })<br> kubeconfig = object({<br> path = string<br> extra_args = string<br> })<br> })</pre> | n/a | yes |
| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id = KMS key id.<br> key\_arn = KMS key arn.<br> enabled = KMS key is enabled | <pre>object({<br> key_id = string<br> key_arn = string<br> enabled = bool<br> })</pre> | n/a | yes |
| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br> subnets = {<br> public = List of public Subnets.<br> [{<br> name = Subnet name.<br> subnet\_id = Subnet ud<br> az = Subnet availability\_zone<br> az\_id = Subnet availability\_zone\_id<br> }]<br> private = List of private Subnets.<br> [{<br> name = Subnet name.<br> subnet\_id = Subnet ud<br> az = Subnet availability\_zone<br> az\_id = Subnet availability\_zone\_id<br> }]<br> pod = List of pod Subnets.<br> [{<br> name = Subnet name.<br> subnet\_id = Subnet ud<br> az = Subnet availability\_zone<br> az\_id = Subnet availability\_zone\_id<br> }]<br> } | <pre>object({<br> vpc_id = string<br> subnets = object({<br> public = list(object({<br> name = string<br> subnet_id = string<br> az = string<br> az_id = string<br> }))<br> private = optional(list(object({<br> name = string<br> subnet_id = string<br> az = string<br> az_id = string<br> })), [])<br> pod = optional(list(object({<br> name = string<br> subnet_id = string<br> az = string<br> az_id = string<br> })), [])<br> })<br> })</pre> | n/a | yes |
Expand Down
2 changes: 1 addition & 1 deletion modules/nodes/nodes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ resource "aws_launch_template" "node_groups" {
cluster_endpoint = var.eks_info.cluster.specs.endpoint
cluster_auth_base64 = var.eks_info.cluster.specs.certificate_authority[0].data
# Optional
cluster_service_ipv4_cidr = var.eks_info.cluster.specs.kubernetes_network_config[0].service_ipv4_cidr != null ? var.eks_info.cluster.specs.kubernetes_network_config[0].service_ipv4_cidr : ""
cluster_service_ipv4_cidr = var.eks_info.cluster.specs.kubernetes_network_config.service_ipv4_cidr != null ? var.eks_info.cluster.specs.kubernetes_network_config.service_ipv4_cidr : ""
bootstrap_extra_args = each.value.bootstrap_extra_args
pre_bootstrap_user_data = ""
post_bootstrap_user_data = ""
Expand Down
15 changes: 11 additions & 4 deletions modules/nodes/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,10 +109,17 @@ variable "eks_info" {
annotate_pod_ip = optional(bool, true)
}))
specs = object({
name = string
endpoint = string
kubernetes_network_config = list(map(any))
certificate_authority = list(map(any))
name = string
endpoint = string
kubernetes_network_config = object({
elastic_load_balancing = object({
enabled = bool
})
ip_family = string
service_ipv4_cidr = string
service_ipv6_cidr = string
})
certificate_authority = list(map(any))
})
version = string
arn = string
Expand Down
Loading

0 comments on commit 32e61f0

Please sign in to comment.