Merge pull request #11 from ministryofjustice/ANPL-1111-final

feat: add dedicated node group for core infra workloads
ministryofjustice · Sep 7, 2022 · bca29c9 · bca29c9
2 parents f4afcf9 + 685178a
commit bca29c9
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 25 deletions.
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 <!-- BEGIN_TF_DOCS -->
-## Requirements 
+## Requirements
 
 | Name | Version |
 |------|---------|
@@ -18,10 +18,10 @@
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_eks"></a> [eks](#module\_eks) | terraform-aws-modules/eks/aws | 17.18.0 |
-| <a name="module_iam_assumable_role_cert_manager"></a> [iam\_assumable\_role\_cert\_manager](#module\_iam\_assumable\_role\_cert\_manager) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 3.13.0 |
-| <a name="module_iam_assumable_role_cluster_autoscaler"></a> [iam\_assumable\_role\_cluster\_autoscaler](#module\_iam\_assumable\_role\_cluster\_autoscaler) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 3.8.0 |
-| <a name="module_iam_assumable_role_external_dns"></a> [iam\_assumable\_role\_external\_dns](#module\_iam\_assumable\_role\_external\_dns) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 3.8.0 |
-| <a name="module_iam_assumable_role_external_secrets"></a> [iam\_assumable\_role\_external\_secrets](#module\_iam\_assumable\_role\_external\_secrets) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | 3.8.0 |
+| <a name="module_iam_assumable_role_cert_manager"></a> [iam\_assumable\_role\_cert\_manager](#module\_iam\_assumable\_role\_cert\_manager) | git@github.com:ministryofjustice/ap-terraform-iam-roles.git//eks-role | v1.3.0 |
+| <a name="module_iam_assumable_role_cluster_autoscaler"></a> [iam\_assumable\_role\_cluster\_autoscaler](#module\_iam\_assumable\_role\_cluster\_autoscaler) | git@github.com:ministryofjustice/ap-terraform-iam-roles.git//eks-role | v1.3.0 |
+| <a name="module_iam_assumable_role_external_dns"></a> [iam\_assumable\_role\_external\_dns](#module\_iam\_assumable\_role\_external\_dns) | git@github.com:ministryofjustice/ap-terraform-iam-roles.git//eks-role | v1.3.0 |
+| <a name="module_iam_assumable_role_external_secrets"></a> [iam\_assumable\_role\_external\_secrets](#module\_iam\_assumable\_role\_external\_secrets) | git@github.com:ministryofjustice/ap-terraform-iam-roles.git//eks-role | v1.3.0 |
 
 ## Resources
 
@@ -50,14 +50,18 @@
 | <a name="input_cluster_kube_proxy_version"></a> [cluster\_kube\_proxy\_version](#input\_cluster\_kube\_proxy\_version) | Version of the KubeProxy add on | `string` | n/a | yes |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The K8S version of the EKS control plane to provision | `string` | n/a | yes |
 | <a name="input_cluster_node_group_version"></a> [cluster\_node\_group\_version](#input\_cluster\_node\_group\_version) | The K8S version of the EKS node group to provision | `string` | n/a | yes |
-| <a name="input_cluster_node_instance_types"></a> [cluster\_node\_instance\_types](#input\_cluster\_node\_instance\_types) | cluster\_node\_instance\_types | `string` | n/a | yes |
 | <a name="input_cluster_version"></a> [cluster\_version](#input\_cluster\_version) | The K8S version of the EKS control plane to provision | `string` | n/a | yes |
 | <a name="input_cluster_vpc_cni_version"></a> [cluster\_vpc\_cni\_version](#input\_cluster\_vpc\_cni\_version) | Version of the VPC CNI add on | `string` | n/a | yes |
-| <a name="input_desired_capacity"></a> [desired\_capacity](#input\_desired\_capacity) | The desired capacity for the EKS node group | `number` | n/a | yes |
+| <a name="input_core_infra_nodegroup_desired_capacity"></a> [core\_infra\_nodegroup\_desired\_capacity](#input\_core\_infra\_nodegroup\_desired\_capacity) | The desired capacity for the EKS node group | `number` | n/a | yes |
+| <a name="input_core_infra_nodegroup_instance_types"></a> [core\_infra\_nodegroup\_instance\_types](#input\_core\_infra\_nodegroup\_instance\_types) | EC2 instance types to be used for the core infra EKS nodegroup | `string` | n/a | yes |
+| <a name="input_core_infra_nodegroup_max_capacity"></a> [core\_infra\_nodegroup\_max\_capacity](#input\_core\_infra\_nodegroup\_max\_capacity) | The maximum capacity for the EKS node group | `number` | n/a | yes |
+| <a name="input_core_infra_nodegroup_min_capacity"></a> [core\_infra\_nodegroup\_min\_capacity](#input\_core\_infra\_nodegroup\_min\_capacity) | The minimum capacity for the EKS node group | `number` | n/a | yes |
 | <a name="input_disk_size"></a> [disk\_size](#input\_disk\_size) | The desired capacity for the EKS node group | `number` | n/a | yes |
+| <a name="input_main_nodegroup_desired_capacity"></a> [main\_nodegroup\_desired\_capacity](#input\_main\_nodegroup\_desired\_capacity) | The desired capacity for the EKS node group | `number` | n/a | yes |
+| <a name="input_main_nodegroup_instance_types"></a> [main\_nodegroup\_instance\_types](#input\_main\_nodegroup\_instance\_types) | EC2 instance types to be used for the main EKS nodegroup | `string` | n/a | yes |
+| <a name="input_main_nodegroup_max_capacity"></a> [main\_nodegroup\_max\_capacity](#input\_main\_nodegroup\_max\_capacity) | The maximum capacity for the EKS node group | `number` | n/a | yes |
+| <a name="input_main_nodegroup_min_capacity"></a> [main\_nodegroup\_min\_capacity](#input\_main\_nodegroup\_min\_capacity) | The minimum capacity for the EKS node group | `number` | n/a | yes |
 | <a name="input_map_roles"></a> [map\_roles](#input\_map\_roles) | Additional IAM roles to add to the aws-auth configmap. | <pre>list(object({<br>    rolearn  = string<br>    username = string<br>    groups   = list(string)<br>  }))</pre> | n/a | yes |
-| <a name="input_max_capacity"></a> [max\_capacity](#input\_max\_capacity) | The maximum capacity for the EKS node group | `number` | n/a | yes |
-| <a name="input_min_capacity"></a> [min\_capacity](#input\_min\_capacity) | The minimum capacity for the EKS node group | `number` | n/a | yes |
 | <a name="input_route53_zone_arn"></a> [route53\_zone\_arn](#input\_route53\_zone\_arn) | The route53 zone ID for the cluster's domain | `string` | n/a | yes |
 | <a name="input_subnets"></a> [subnets](#input\_subnets) | List of private subnet address ranges in CIDR format | `list(string)` | n/a | yes |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC to create the cluster in | `string` | n/a | yes |
@@ -69,4 +73,4 @@
 | <a name="output_cluster_id"></a> [cluster\_id](#output\_cluster\_id) | The ID of the cluster |
 | <a name="output_cluster_oidc_issuer_url"></a> [cluster\_oidc\_issuer\_url](#output\_cluster\_oidc\_issuer\_url) | The URL of the OIDC issuer created by the cluster |
 | <a name="output_cluster_role_arns"></a> [cluster\_role\_arns](#output\_cluster\_role\_arns) | ARNS of the roles created to support core K8S components |
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->
diff --git a/main.tf b/main.tf
@@ -20,21 +20,42 @@ module "eks" {
   map_roles                       = var.map_roles
   node_groups = {
     main_node_pool = {
+      instance_types                       = [var.main_nodegroup_instance_types]
+      min_capacity                         = var.main_nodegroup_min_capacity
+      max_capacity                         = var.main_nodegroup_max_capacity
+      desired_capacity                     = var.main_nodegroup_desired_capacity
       create_launch_template               = true
       metadata_http_endpoint               = "enabled"
       metadata_http_put_response_hop_limit = 1
       metadata_http_tokens                 = "required"
       name_prefix                          = "${var.cluster_name}-main"
     }
+    core_infra_node_pool = {
+      instance_types                       = [var.core_infra_nodegroup_instance_types]
+      min_capacity                         = var.core_infra_nodegroup_min_capacity
+      max_capacity                         = var.core_infra_nodegroup_max_capacity
+      desired_capacity                     = var.core_infra_nodegroup_desired_capacity
+      create_launch_template               = true
+      metadata_http_endpoint               = "enabled"
+      metadata_http_put_response_hop_limit = 1
+      metadata_http_tokens                 = "required"
+      name_prefix                          = "${var.cluster_name}-core-infra"
+      k8s_labels = {
+        type = "core-infra"
+      }
+      taints = [
+        {
+          key    = "dedicated"
+          value  = "core-infra"
+          effect = "NO_SCHEDULE"
+        }
+      ]
+    }
   }
   node_groups_defaults = {
-    ami_type         = "AL2_x86_64" # Amazon Linux 2
-    desired_capacity = var.desired_capacity
-    disk_size        = var.disk_size
-    instance_types   = [var.cluster_node_instance_types]
-    max_capacity     = var.max_capacity
-    min_capacity     = var.min_capacity
-    version          = var.cluster_node_group_version
+    ami_type  = "AL2_x86_64" # Amazon Linux 2
+    disk_size = var.disk_size
+    version   = var.cluster_node_group_version
   }
   subnets                     = var.subnets
   vpc_id                      = var.vpc_id

diff --git a/variables.tf b/variables.tf
@@ -42,28 +42,48 @@ variable "cluster_kube_proxy_version" {
   type        = string
 }
 
-variable "cluster_node_instance_types" {
-  description = "cluster_node_instance_types"
+variable "main_nodegroup_instance_types" {
+  description = "EC2 instance types to be used for the main EKS nodegroup"
   type        = string
 }
 
-variable "desired_capacity" {
+variable "core_infra_nodegroup_instance_types" {
+  description = "EC2 instance types to be used for the core infra EKS nodegroup"
+  type        = string
+}
+
+variable "main_nodegroup_min_capacity" {
+  description = "The minimum capacity for the EKS node group"
+  type        = number
+}
+
+variable "main_nodegroup_max_capacity" {
+  description = "The maximum capacity for the EKS node group"
+  type        = number
+}
+
+variable "main_nodegroup_desired_capacity" {
   description = "The desired capacity for the EKS node group"
   type        = number
 }
 
-variable "disk_size" {
-  description = "The desired capacity for the EKS node group "
+variable "core_infra_nodegroup_min_capacity" {
+  description = "The minimum capacity for the EKS node group"
   type        = number
 }
 
-variable "max_capacity" {
+variable "core_infra_nodegroup_max_capacity" {
   description = "The maximum capacity for the EKS node group"
   type        = number
 }
 
-variable "min_capacity" {
-  description = "The minimum capacity for the EKS node group"
+variable "core_infra_nodegroup_desired_capacity" {
+  description = "The desired capacity for the EKS node group"
+  type        = number
+}
+
+variable "disk_size" {
+  description = "The desired capacity for the EKS node group "
   type        = number
 }