enable auto-mode on eks

opszero · Dec 16, 2024 · 8ca92be · 8ca92be
1 parent d432cd9
commit 8ca92be
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 0 deletions.
diff --git a/cluster.tf b/cluster.tf
@@ -38,11 +38,43 @@ resource "aws_eks_cluster" "cluster" {
       }
     }
   }
+  # Compute Config (conditional setup for Auto Mode)
+  dynamic "compute_config" {
+    for_each = var.enable_auto_mode ? [1] : []
+    content {
+      enabled       = true
+      node_pools    = ["system"]
+      node_role_arn = aws_iam_role.node.arn
+    }
+  }
+  # Kubernetes Network Config (Auto Mode specific)
+  dynamic "kubernetes_network_config" {
+    for_each = var.enable_auto_mode ? [1] : []
+    content {
+      elastic_load_balancing {
+        enabled = true
+      }
+    }
+  }
+  # Storage Config (Auto Mode specific)
+  dynamic "storage_config" {
+    for_each = var.enable_auto_mode ? [1] : []
+    content {
+      block_storage {
+        enabled = true
+      }
+    }
+  }
+
   enabled_cluster_log_types = var.cluster_logging
 
   depends_on = [
     aws_iam_role_policy_attachment.cluster-AmazonEKSClusterPolicy,
     aws_iam_role_policy_attachment.cluster-AmazonEKSServicePolicy,
+    aws_iam_role_policy_attachment.cluster_AmazonEKSComputePolicy,
+    aws_iam_role_policy_attachment.cluster_AmazonEKSBlockStoragePolicy,
+    aws_iam_role_policy_attachment.cluster_AmazonEKSLoadBalancingPolicy,
+    aws_iam_role_policy_attachment.cluster_AmazonEKSNetworkingPolicy,
   ]
 
   tags = local.tags
@@ -104,6 +136,26 @@ resource "aws_iam_role_policy_attachment" "cluster-AmazonEKSServicePolicy" {
   role       = aws_iam_role.cluster.name
 }
 
+resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSComputePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSComputePolicy"
+  role       = aws_iam_role.cluster.name
+}
+
+resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSLoadBalancingPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy"
+  role       = aws_iam_role.cluster.name
+}
+
+resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSNetworkingPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy"
+  role       = aws_iam_role.cluster.name
+}
+
+resource "aws_iam_role_policy_attachment" "cluster_AmazonEKSBlockStoragePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy"
+  role       = aws_iam_role.cluster.name
+}
+
 resource "helm_release" "calico" {
   count = var.calico_enabled ? 1 : 0
 

diff --git a/node_role.tf b/node_role.tf
@@ -30,6 +30,11 @@ resource "aws_iam_role_policy_attachment" "node-AmazonEC2ContainerRegistryReadOn
   role       = aws_iam_role.node.name
 }
 
+resource "aws_iam_role_policy_attachment" "node_AmazonEKSWorkerNodeMinimalPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy"
+  role       = aws_iam_role.node.name
+}
+
 resource "aws_iam_role_policy_attachment" "node_role_policies" {
   count      = length(var.node_role_policies)
   policy_arn = var.node_role_policies[count.index]

diff --git a/variables.tf b/variables.tf
@@ -461,3 +461,8 @@ variable "s3_csi_bucket_names" {
   default     = [""]
 }
 
+variable "enable_auto_mode" {
+  description = "Enable Auto Mode for EKS cluster"
+  type        = bool
+  default     = true
+}