Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handling desired capacity #1

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 49 additions & 17 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ data "aws_caller_identity" "current" {}
locals {
create = var.create && var.putin_khuylo

cluster_role = try(aws_iam_role.this[0].arn, var.iam_role_arn)
# cluster_role = try(aws_iam_role.this[0].arn, var.iam_role_arn)
cluster_role = try(aws_iam_role.cluster[0].arn, var.iam_role_arn)

create_outposts_local_cluster = length(var.outpost_config) > 0
enable_cluster_encryption_config = length(var.cluster_encryption_config) > 0 && !local.create_outposts_local_cluster
Expand Down Expand Up @@ -144,7 +145,8 @@ module "kms" {
################################################################################

locals {
cluster_sg_name = coalesce(var.cluster_security_group_name, "${var.cluster_name}-cluster")
# cluster_sg_name = coalesce(var.cluster_security_group_name, "${var.cluster_name}-cluster")
cluster_sg_name = coalesce(var.cluster_security_group_name, "${var.cluster_name}")
create_cluster_sg = local.create && var.create_cluster_security_group

cluster_security_group_id = local.create_cluster_sg ? aws_security_group.cluster[0].id : var.cluster_security_group_id
Expand All @@ -166,13 +168,14 @@ resource "aws_security_group" "cluster" {
count = local.create_cluster_sg ? 1 : 0

name = var.cluster_security_group_use_name_prefix ? null : local.cluster_sg_name
name_prefix = var.cluster_security_group_use_name_prefix ? "${local.cluster_sg_name}${var.prefix_separator}" : null
# name_prefix = var.cluster_security_group_use_name_prefix ? "${local.cluster_sg_name}${var.prefix_separator}" : null
name_prefix = var.cluster_security_group_use_name_prefix ? "${local.cluster_sg_name}" : null
description = var.cluster_security_group_description
vpc_id = var.vpc_id

tags = merge(
var.tags,
{ "Name" = local.cluster_sg_name },
{ "Name" = "${local.cluster_sg_name}-eks_cluster_sg" },
var.cluster_security_group_tags
)

Expand Down Expand Up @@ -235,7 +238,8 @@ resource "aws_iam_openid_connect_provider" "oidc_provider" {

locals {
create_iam_role = local.create && var.create_iam_role
iam_role_name = coalesce(var.iam_role_name, "${var.cluster_name}-cluster")
# iam_role_name = coalesce(var.iam_role_name, "${var.cluster_name}-cluster")
iam_role_name = coalesce(var.iam_role_name, "${var.cluster_name}")
iam_role_policy_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"

cluster_encryption_policy_name = coalesce(var.cluster_encryption_policy_name, "${local.iam_role_name}-ClusterEncryption")
Expand Down Expand Up @@ -270,11 +274,13 @@ data "aws_iam_policy_document" "assume_role_policy" {
}
}

resource "aws_iam_role" "this" {
# resource "aws_iam_role" "this" {
resource "aws_iam_role" "cluster" {
count = local.create_iam_role ? 1 : 0

name = var.iam_role_use_name_prefix ? null : local.iam_role_name
name_prefix = var.iam_role_use_name_prefix ? "${local.iam_role_name}${var.prefix_separator}" : null
# name_prefix = var.iam_role_use_name_prefix ? "${local.iam_role_name}${var.prefix_separator}" : null
name_prefix = var.iam_role_use_name_prefix ? "${local.iam_role_name}" : null
path = var.iam_role_path
description = var.iam_role_description

Expand Down Expand Up @@ -316,14 +322,16 @@ resource "aws_iam_role_policy_attachment" "this" {
} : k => v if local.create_iam_role }

policy_arn = each.value
role = aws_iam_role.this[0].name
# role = aws_iam_role.this[0].name
role = aws_iam_role.cluster[0].name
}

resource "aws_iam_role_policy_attachment" "additional" {
for_each = { for k, v in var.iam_role_additional_policies : k => v if local.create_iam_role }

policy_arn = each.value
role = aws_iam_role.this[0].name
# role = aws_iam_role.this[0].name
role = aws_iam_role.cluster[0].name
}

# Using separate attachment due to `The "for_each" value depends on resource attributes that cannot be determined until apply`
Expand All @@ -332,7 +340,8 @@ resource "aws_iam_role_policy_attachment" "cluster_encryption" {
count = local.create_iam_role && var.attach_cluster_encryption_policy && local.enable_cluster_encryption_config ? 1 : 0

policy_arn = aws_iam_policy.cluster_encryption[0].arn
role = aws_iam_role.this[0].name
# role = aws_iam_role.this[0].name
role = aws_iam_role.cluster[0].name
}

resource "aws_iam_policy" "cluster_encryption" {
Expand Down Expand Up @@ -504,20 +513,26 @@ resource "kubernetes_config_map" "aws_auth" {
metadata {
name = "aws-auth"
namespace = "kube-system"
labels = {
"app.kubernetes.io/managed-by" = "Terraform"
# / are replaced by . because label validator fails in this lib
# https://github.com/kubernetes/apimachinery/blob/1bdd76d09076d4dc0362456e59c8f551f5f24a72/pkg/util/validation/validation.go#L166
"terraform.io/module" = "terraform-aws-modules.eks.aws"
}
}

data = local.aws_auth_configmap_data

lifecycle {
# We are ignoring the data here since we will manage it with the resource below
# This is only intended to be used in scenarios where the configmap does not exist
ignore_changes = [data]
}
# lifecycle {
# # We are ignoring the data here since we will manage it with the resource below
# # This is only intended to be used in scenarios where the configmap does not exist
# ignore_changes = [data]
# }
}

resource "kubernetes_config_map_v1_data" "aws_auth" {
count = var.create && var.manage_aws_auth_configmap ? 1 : 0

force = true

metadata {
Expand All @@ -529,6 +544,23 @@ resource "kubernetes_config_map_v1_data" "aws_auth" {

depends_on = [
# Required for instances where the configmap does not exist yet to avoid race condition
kubernetes_config_map.aws_auth,
kubernetes_config_map.aws_auth
]
}

# resource "kubernetes_config_map" "aws_auth" {
# count = var.create && var.manage_aws_auth_configmap ? 1 : 0

# metadata {
# name = "aws-auth"
# namespace = "kube-system"
# labels = {
# "app.kubernetes.io/managed-by" = "Terraform"
# # / are replaced by . because label validator fails in this lib
# # https://github.com/kubernetes/apimachinery/blob/1bdd76d09076d4dc0362456e59c8f551f5f24a72/pkg/util/validation/validation.go#L166
# "terraform.io/module" = "terraform-aws-modules.eks.aws"
# }
# }

# data = local.aws_auth_configmap_data
# }
8 changes: 4 additions & 4 deletions modules/eks-managed-node-group/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -379,9 +379,9 @@ resource "aws_eks_node_group" "this" {

lifecycle {
create_before_destroy = true
ignore_changes = [
scaling_config[0].desired_size,
]
# ignore_changes = [
# scaling_config[0].desired_size,
# ]
}

tags = merge(
Expand Down Expand Up @@ -446,4 +446,4 @@ resource "aws_iam_role_policy_attachment" "additional" {

policy_arn = each.value
role = aws_iam_role.this[0].name
}
}
85 changes: 81 additions & 4 deletions node_groups.tf
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,48 @@ module "fargate_profile" {
# EKS Managed Node Group
################################################################################

module "eks_managed_node_group" {
resource "null_resource" "add_tags_to_ngs" {
for_each = var.eks_managed_node_groups
triggers = { always_run = "${timestamp()}" }
provisioner "local-exec" {
command = "asg_names=`aws autoscaling describe-auto-scaling-groups --filters 'Name=tag-key,Values=eks:cluster-name' 'Name=tag-value,Values=${var.cluster_name}' --query 'AutoScalingGroups[].AutoScalingGroupName' --output text`; for eachasg in $asg_names; do aws autoscaling create-or-update-tags --tags ResourceId=$eachasg,ResourceType=auto-scaling-group,Key=ng-prefix,Value=${each.key},PropagateAtLaunch=false; done"
}
}

##Get AutoScaling Group
data "aws_autoscaling_groups" "groups" {
depends_on = [null_resource.add_tags_to_ngs]
for_each = var.eks_managed_node_groups
filter {
name = "tag-value"
values = ["${each.key}"]
}

filter {
name = "tag-key"
values = ["ng-prefix"]
}

}

resource "null_resource" "asg-describe" {
depends_on = [null_resource.add_tags_to_ngs]
for_each = var.eks_managed_node_groups
triggers = { always_run = "${timestamp()}" }
provisioner "local-exec" {
# command = "desired_capacity=`aws autoscaling describe-auto-scaling-groups --filters 'Name=tag-key,Values=ng-full-name' 'Name=tag-value,Values=${each.key}' --query 'AutoScalingGroups[].DesiredCapacity' --output text`; [ ! -z \"$desired_capacity\" ] && echo $desired_capacity > \"${path.module}/${each.key}-desired.txt\" || echo ${each.value.desired_capacity} > \"${path.module}/${each.key}-desired.txt\""
command = "desired_capacity=`aws autoscaling describe-auto-scaling-groups --filters 'Name=tag-key,Values=ng-prefix' 'Name=tag-value,Values=${each.key}' --filters 'Name=tag-key,Values=eks:cluster-name' 'Name=tag-value,Values=${var.cluster_name}' --query 'AutoScalingGroups[].DesiredCapacity' --output text`; [ ! -z \"$desired_capacity\" ] && echo $desired_capacity > \"${path.module}/${each.key}-desired.txt\" || echo ${each.value.desired_capacity} > \"${path.module}/${each.key}-desired.txt\""
}
}


data "local_file" "desired_size" {
depends_on = [null_resource.asg-describe]
for_each = var.eks_managed_node_groups
filename = "${path.module}/${each.key}-desired.txt"
}

module "eks_managed_node_group" {
source = "./modules/eks-managed-node-group"

for_each = { for k, v in var.eks_managed_node_groups : k => v if var.create && !local.create_outposts_local_cluster }
Expand All @@ -245,9 +286,13 @@ module "eks_managed_node_group" {

subnet_ids = try(each.value.subnet_ids, var.eks_managed_node_group_defaults.subnet_ids, var.subnet_ids)

min_size = try(each.value.min_size, var.eks_managed_node_group_defaults.min_size, 1)
max_size = try(each.value.max_size, var.eks_managed_node_group_defaults.max_size, 3)
desired_size = try(each.value.desired_size, var.eks_managed_node_group_defaults.desired_size, 1)
# min_size = try(each.value.min_size, var.eks_managed_node_group_defaults.min_size, 1)
# max_size = try(each.value.max_size, var.eks_managed_node_group_defaults.max_size, 3)
# desired_size = try(each.value.desired_size, var.eks_managed_node_group_defaults.desired_size, 1)

desired_size = each.value.min_capacity <= tonumber(trimspace(data.local_file.desired_size[each.key].content)) ? tonumber(trimspace(data.local_file.desired_size[each.key].content)) : each.value["min_capacity"]
max_size = each.value.max_capacity
min_size = each.value.min_capacity

ami_id = try(each.value.ami_id, var.eks_managed_node_group_defaults.ami_id, "")
ami_type = try(each.value.ami_type, var.eks_managed_node_group_defaults.ami_type, null)
Expand Down Expand Up @@ -461,3 +506,35 @@ module "self_managed_node_group" {

tags = merge(var.tags, try(each.value.tags, var.self_managed_node_group_defaults.tags, {}))
}

# ###Code for adding tag prefix
resource "aws_autoscaling_group_tag" "asg_tag" {
for_each = var.eks_managed_node_groups
autoscaling_group_name = module.eks_managed_node_group[each.key].node_group_autoscaling_group_names[0]
# aws_eks_node_group.this[0].resources[*].autoscaling_groups[*].name
# aws_eks_node_group.this[each.key].resources[0].autoscaling_groups[0].name

tag {
key = "ng-prefix"
value = each.key

propagate_at_launch = false
}

}

# ###Code for adding tag full tag
resource "aws_autoscaling_group_tag" "ng_full_tag" {
for_each = var.eks_managed_node_groups

# autoscaling_group_name = aws_eks_node_group.workers[each.key].resources[0].autoscaling_groups[0].name
autoscaling_group_name = module.eks_managed_node_group[each.key].node_group_autoscaling_group_names[0]

tag {
key = "ng-full-name"
value = split(":", module.eks_managed_node_group[each.key].node_group_id)[1]

propagate_at_launch = false
}

}
11 changes: 7 additions & 4 deletions outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ output "cluster_id" {

output "cluster_name" {
description = "The name of the EKS cluster"
value = try(aws_eks_cluster.this[0].name, null)
value = split("/", aws_eks_cluster.this[0].arn)[1]
}

output "cluster_oidc_issuer_url" {
Expand Down Expand Up @@ -124,17 +124,20 @@ output "cluster_tls_certificate_sha1_fingerprint" {

output "cluster_iam_role_name" {
description = "IAM role name of the EKS cluster"
value = try(aws_iam_role.this[0].name, null)
# value = try(aws_iam_role.this[0].name, null)
value = try(aws_iam_role.cluster[0].name, null)
}

output "cluster_iam_role_arn" {
description = "IAM role ARN of the EKS cluster"
value = try(aws_iam_role.this[0].arn, null)
# value = try(aws_iam_role.this[0].arn, null)
value = try(aws_iam_role.cluster[0].arn, null)
}

output "cluster_iam_role_unique_id" {
description = "Stable and unique string identifying the IAM role"
value = try(aws_iam_role.this[0].unique_id, null)
# value = try(aws_iam_role.this[0].unique_id, null)
value = try(aws_iam_role.cluster[0].unique_id, null)
}

################################################################################
Expand Down