ignore duration tag (#201)

examples/deploy/terraform/cluster/main.tf

@@ -25,7 +25,9 @@ module "eks" {
   bastion_info        = local.infra.bastion
   create_eks_role_arn = local.infra.create_eks_role_arn
   tags                = local.infra.tags
+  ignore_tags         = local.infra.ignore_tags
 }
+
 data "aws_caller_identity" "global" {
   provider = aws.global
 }
@@ -67,11 +69,17 @@ module "irsa_policies" {
 # by specifying the profile belonging to the account pertaining to the hosted zone.
 provider "aws" {
   alias = "global"
-  # profile = << profile with credentials to account where the hosted zone resides>>
+  # profile = "global"
+  ignore_tags {
+    keys = local.infra.ignore_tags
+  }
 }
 
 provider "aws" {
   region = local.infra.region
+  ignore_tags {
+    keys = local.infra.ignore_tags
+  }
 }
 terraform {
   required_version = ">= 1.4.0"

examples/deploy/terraform/infra/README.md

@@ -31,6 +31,7 @@ No resources.
 | <a name="input_default_node_groups"></a> [default\_node\_groups](#input\_default\_node\_groups) | EKS managed node groups definition. | <pre>object(<br>    {<br>      compute = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 1000)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 1000<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      platform = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["m5.2xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 1)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, null)<br>          max_unavailable            = optional(number, 1)<br>          desired_per_az             = optional(number, 1)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "platform"<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>          })), [])<br>          tags = optional(map(string), {})<br>          gpu  = optional(bool, null)<br>          volume = optional(object({<br>            size = optional(number, 100)<br>            type = optional(string, "gp3")<br>            }), {<br>            size = 100<br>            type = "gp3"<br>            }<br>          )<br>      }),<br>      gpu = object(<br>        {<br>          ami                        = optional(string, null)<br>          bootstrap_extra_args       = optional(string, "")<br>          instance_types             = optional(list(string), ["g5.xlarge"])<br>          spot                       = optional(bool, false)<br>          min_per_az                 = optional(number, 0)<br>          max_per_az                 = optional(number, 10)<br>          max_unavailable_percentage = optional(number, 50)<br>          max_unavailable            = optional(number, null)<br>          desired_per_az             = optional(number, 0)<br>          availability_zone_ids      = list(string)<br>          labels = optional(map(string), {<br>            "dominodatalab.com/node-pool" = "default-gpu"<br>            "nvidia.com/gpu"              = true<br>          })<br>          taints = optional(list(object({<br>            key    = string<br>            value  = optional(string)<br>            effect = string<br>            })), [{<br>            key    = "nvidia.com/gpu"<br>            value  = "true"<br>            effect = "NO_SCHEDULE"<br>            }<br>          ])<br>          tags = optional(map(string))<br>          gpu  = optional(bool)<br>          volume = optional(object({<br>            size = optional(number)<br>            type = optional(string)<br>          }))<br>      })<br>  })</pre> | n/a | yes |
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID. | `string` | n/a | yes |
 | <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    }<br>    master\_role\_names  = IAM role names to be added as masters in eks.<br>    cluster\_addons     = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni            = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string)<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string)<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string)<br>      path       = optional(string)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool)<br>      cidrs   = optional(list(string))<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })))<br>    master_role_names  = optional(list(string))<br>    cluster_addons     = optional(list(string))<br>    ssm_log_group_name = optional(string)<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool)<br>      annotate_pod_ip   = optional(bool)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string)<br>      groups_prefix                 = optional(string)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string)<br>      required_claims               = optional(string)<br>      username_claim                = optional(string)<br>      username_prefix               = optional(string)<br>    })))<br>  })</pre> | `{}` | no |
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_kms"></a> [kms](#input\_kms) | enabled = Toggle,if set use either the specified KMS key\_id or a Domino-generated one.<br>    key\_id  = optional(string, null) | <pre>object({<br>    enabled = optional(bool)<br>    key_id  = optional(string)<br>  })</pre> | n/a | yes |
 | <a name="input_network"></a> [network](#input\_network) | vpc = {<br>      id = Existing vpc id, it will bypass creation by this module.<br>      subnets = {<br>        private = Existing private subnets.<br>        public  = Existing public subnets.<br>        pod     = Existing pod subnets.<br>      }), {})<br>    }), {})<br>    network\_bits = {<br>      public  = Number of network bits to allocate to the public subnet. i.e /27 -> 32 IPs.<br>      private = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>      pod     = Number of network bits to allocate to the private subnet. i.e /19 -> 8,192 IPs.<br>    }<br>    cidrs = {<br>      vpc     = The IPv4 CIDR block for the VPC.<br>      pod     = The IPv4 CIDR block for the Pod subnets.<br>    }<br>    use\_pod\_cidr = Use additional pod CIDR range (ie 100.64.0.0/16) for pod networking. | <pre>object({<br>    vpc = optional(object({<br>      id = optional(string, null)<br>      subnets = optional(object({<br>        private = optional(list(string), [])<br>        public  = optional(list(string), [])<br>        pod     = optional(list(string), [])<br>      }), {})<br>    }), {})<br>    network_bits = optional(object({<br>      public  = optional(number, 27)<br>      private = optional(number, 19)<br>      pod     = optional(number, 19)<br>      }<br>    ), {})<br>    cidrs = optional(object({<br>      vpc = optional(string, "10.0.0.0/16")<br>      pod = optional(string, "100.64.0.0/16")<br>    }), {})<br>    use_pod_cidr = optional(bool, true)<br>  })</pre> | `{}` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |

examples/deploy/terraform/infra/main.tf

@@ -15,11 +15,16 @@ module "infra" {
   route53_hosted_zone_private = var.route53_hosted_zone_private
   ssh_pvt_key_path            = var.ssh_pvt_key_path
   tags                        = var.tags
+  ignore_tags                 = var.ignore_tags
 }
 
 
 provider "aws" {
   region = var.region
+
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
 
 terraform {

examples/deploy/terraform/infra/variables.tf

@@ -13,6 +13,12 @@ variable "tags" {
   type        = map(string)
 }
 
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}
+
 variable "network" {
   description = <<EOF
     vpc = {

examples/deploy/terraform/nodes/main.tf

@@ -33,6 +33,7 @@ module "nodes" {
   network_info           = local.infra.network
   kms_info               = local.infra.kms
   tags                   = local.infra.tags
+  ignore_tags            = local.infra.ignore_tags
 }
 
 terraform {

modules/eks/README.md

@@ -74,6 +74,7 @@
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
 | <a name="input_efs_security_group"></a> [efs\_security\_group](#input\_efs\_security\_group) | Security Group ID for EFS | `string` | n/a | yes |
 | <a name="input_eks"></a> [eks](#input\_eks) | service\_ipv4\_cidr = CIDR for EKS cluster kubernetes\_network\_config.<br>    creation\_role\_name = Name of the role to import.<br>    k8s\_version = EKS cluster k8s version.<br>    nodes\_master  Grants the nodes role system:master access. NOT recomended<br>    kubeconfig = {<br>      extra\_args = Optional extra args when generating kubeconfig.<br>      path       = Fully qualified path name to write the kubeconfig file.<br>    }<br>    public\_access = {<br>      enabled = Enable EKS API public endpoint.<br>      cidrs   = List of CIDR ranges permitted for accessing the EKS public endpoint.<br>    }<br>    Custom role maps for aws auth configmap<br>    custom\_role\_maps = {<br>      rolearn = string<br>      username = string<br>      groups = list(string)<br>    }<br>    master\_role\_names = IAM role names to be added as masters in eks.<br>    cluster\_addons = EKS cluster addons. vpc-cni is installed separately.<br>    vpc\_cni = Configuration for AWS VPC CNI<br>    ssm\_log\_group\_name = CloudWatch log group to send the SSM session logs to.<br>    identity\_providers = Configuration for IDP(Identity Provider).<br>  } | <pre>object({<br>    service_ipv4_cidr  = optional(string, "172.20.0.0/16")<br>    creation_role_name = optional(string, null)<br>    k8s_version        = optional(string, "1.27")<br>    nodes_master       = optional(bool, false)<br>    kubeconfig = optional(object({<br>      extra_args = optional(string, "")<br>      path       = optional(string, null)<br>    }), {})<br>    public_access = optional(object({<br>      enabled = optional(bool, false)<br>      cidrs   = optional(list(string), [])<br>    }), {})<br>    custom_role_maps = optional(list(object({<br>      rolearn  = string<br>      username = string<br>      groups   = list(string)<br>    })), [])<br>    master_role_names  = optional(list(string), [])<br>    cluster_addons     = optional(list(string), ["kube-proxy", "coredns"])<br>    ssm_log_group_name = optional(string, "session-manager")<br>    vpc_cni = optional(object({<br>      prefix_delegation = optional(bool, false)<br>      annotate_pod_ip   = optional(bool, true)<br>    }))<br>    identity_providers = optional(list(object({<br>      client_id                     = string<br>      groups_claim                  = optional(string, null)<br>      groups_prefix                 = optional(string, null)<br>      identity_provider_config_name = string<br>      issuer_url                    = optional(string, null)<br>      required_claims               = optional(string, null)<br>      username_claim                = optional(string, null)<br>      username_prefix               = optional(string, null)<br>    })), [])<br>  })</pre> | `{}` | no |
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id  = KMS key id.<br>    key\_arn = KMS key arn.<br>    enabled = KMS key is enabled | <pre>object({<br>    key_id  = string<br>    key_arn = string<br>    enabled = bool<br>  })</pre> | n/a | yes |
 | <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br>    subnets = {<br>      public = List of public Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      private = List of private Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>      pod = List of pod Subnets.<br>      [{<br>        name = Subnet name.<br>        subnet\_id = Subnet ud<br>        az = Subnet availability\_zone<br>        az\_id = Subnet availability\_zone\_id<br>      }]<br>    } | <pre>object({<br>    vpc_id = string<br>    subnets = object({<br>      public = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      private = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>      pod = list(object({<br>        name      = string<br>        subnet_id = string<br>        az        = string<br>        az_id     = string<br>      }))<br>    })<br>    vpc_cidrs = string<br>  })</pre> | n/a | yes |
 | <a name="input_node_iam_policies"></a> [node\_iam\_policies](#input\_node\_iam\_policies) | Additional IAM Policy Arns for Nodes | `list(string)` | n/a | yes |

modules/eks/variables.tf

@@ -208,6 +208,12 @@ variable "tags" {
   default     = {}
 }
 
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}
+
 variable "privatelink" {
   description = <<EOF
     {

modules/eks/versions.tf

@@ -23,6 +23,9 @@ provider "aws" {
   default_tags {
     tags = var.tags
   }
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }
 
 provider "aws" {
@@ -31,6 +34,9 @@ provider "aws" {
   default_tags {
     tags = var.tags
   }
+  ignore_tags {
+    keys = var.ignore_tags
+  }
   assume_role {
     role_arn = var.create_eks_role_arn
   }

modules/iam-bootstrap/README.md

@@ -33,6 +33,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_deploy_id"></a> [deploy\_id](#input\_deploy\_id) | Domino Deployment ID | `string` | n/a | yes |
 | <a name="input_iam_policy_paths"></a> [iam\_policy\_paths](#input\_iam\_policy\_paths) | IAM policies to provision and use for deployment role, can be terraform templates | `list(any)` | `[]` | no |
+| <a name="input_ignore_tags"></a> [ignore\_tags](#input\_ignore\_tags) | Tag keys to be ignored by the aws provider. | `list(string)` | `[]` | no |
 | <a name="input_max_session_duration"></a> [max\_session\_duration](#input\_max\_session\_duration) | Maximum session duration for role in seconds | `number` | `43200` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
 | <a name="input_template_config"></a> [template\_config](#input\_template\_config) | Variables to use for any templating in the IAM policies. AWS account ID (as 'account\_id'), deploy\_id, region and partition are automatically included. | `map(any)` | `{}` | no |

modules/iam-bootstrap/variables.tf

@@ -35,3 +35,9 @@ variable "max_session_duration" {
   description = "Maximum session duration for role in seconds"
   default     = 43200
 }
+
+variable "ignore_tags" {
+  type        = list(string)
+  description = "Tag keys to be ignored by the aws provider."
+  default     = []
+}

modules/iam-bootstrap/versions.tf

@@ -10,4 +10,7 @@ terraform {
 
 provider "aws" {
   region = var.region
+  ignore_tags {
+    keys = var.ignore_tags
+  }
 }