refactor: Refactoring to match the rest of terraform-aws-modules (#1583)

2025-09-09 19:32:58 +08:00 · 2021-09-16 11:35:44 +02:00
parent 619b4a0d48
commit 2bdf7d7dd6
76 changed files with 1350 additions and 1037 deletions
@@ -1,12 +1,13 @@
 # Worker Groups using Launch Configurations

 resource "aws_autoscaling_group" "workers" {
-  count = var.create_eks ? local.worker_group_count : 0
+  count = var.create_eks ? local.worker_group_launch_configuration_count : 0
+
  name_prefix = join(
    "-",
    compact(
      [
-        coalescelist(aws_eks_cluster.this[*].name, [""])[0],
+        local.cluster_name,
        lookup(var.worker_groups[count.index], "name", count.index)
      ]
    )
@@ -131,16 +132,16 @@ resource "aws_autoscaling_group" "workers" {
      [
        {
          "key"                 = "Name"
-          "value"               = "${coalescelist(aws_eks_cluster.this[*].name, [""])[0]}-${lookup(var.worker_groups[count.index], "name", count.index)}-eks_asg"
+          "value"               = "${local.cluster_name}-${lookup(var.worker_groups[count.index], "name", count.index)}-eks_asg"
          "propagate_at_launch" = true
        },
        {
-          "key"                 = "kubernetes.io/cluster/${coalescelist(aws_eks_cluster.this[*].name, [""])[0]}"
+          "key"                 = "kubernetes.io/cluster/${local.cluster_name}"
          "value"               = "owned"
          "propagate_at_launch" = true
        },
        {
-          "key"                 = "k8s.io/cluster/${coalescelist(aws_eks_cluster.this[*].name, [""])[0]}"
+          "key"                 = "k8s.io/cluster/${local.cluster_name}"
          "value"               = "owned"
          "propagate_at_launch" = true
        },
@@ -201,8 +202,9 @@ resource "aws_autoscaling_group" "workers" {
 }

 resource "aws_launch_configuration" "workers" {
-  count       = var.create_eks ? local.worker_group_count : 0
-  name_prefix = "${coalescelist(aws_eks_cluster.this[*].name, [""])[0]}-${lookup(var.worker_groups[count.index], "name", count.index)}"
+  count = var.create_eks ? local.worker_group_launch_configuration_count : 0
+
+  name_prefix = "${local.cluster_name}-${lookup(var.worker_groups[count.index], "name", count.index)}"
  associate_public_ip_address = lookup(
    var.worker_groups[count.index],
    "public_ip",
@@ -236,7 +238,7 @@ resource "aws_launch_configuration" "workers" {
    "key_name",
    local.workers_group_defaults["key_name"],
  )
-  user_data_base64 = base64encode(local.userdata_rendered[count.index])
+  user_data_base64 = base64encode(local.launch_configuration_userdata_rendered[count.index])
  ebs_optimized = lookup(
    var.worker_groups[count.index],
    "ebs_optimized",
@@ -368,7 +370,8 @@ resource "aws_launch_configuration" "workers" {
 }

 resource "aws_security_group" "workers" {
-  count       = var.worker_create_security_group && var.create_eks ? 1 : 0
+  count = var.worker_create_security_group && var.create_eks ? 1 : 0
+
  name_prefix = var.cluster_name
  description = "Security group for all nodes in the cluster."
  vpc_id      = var.vpc_id
@@ -382,7 +385,8 @@ resource "aws_security_group" "workers" {
 }

 resource "aws_security_group_rule" "workers_egress_internet" {
-  count             = var.worker_create_security_group && var.create_eks ? 1 : 0
+  count = var.worker_create_security_group && var.create_eks ? 1 : 0
+
  description       = "Allow nodes all egress to the Internet."
  protocol          = "-1"
  security_group_id = local.worker_security_group_id
@@ -393,7 +397,8 @@ resource "aws_security_group_rule" "workers_egress_internet" {
 }

 resource "aws_security_group_rule" "workers_ingress_self" {
-  count                    = var.worker_create_security_group && var.create_eks ? 1 : 0
+  count = var.worker_create_security_group && var.create_eks ? 1 : 0
+
  description              = "Allow node to communicate with each other."
  protocol                 = "-1"
  security_group_id        = local.worker_security_group_id
@@ -404,7 +409,8 @@ resource "aws_security_group_rule" "workers_ingress_self" {
 }

 resource "aws_security_group_rule" "workers_ingress_cluster" {
-  count                    = var.worker_create_security_group && var.create_eks ? 1 : 0
+  count = var.worker_create_security_group && var.create_eks ? 1 : 0
+
  description              = "Allow workers pods to receive communication from the cluster control plane."
  protocol                 = "tcp"
  security_group_id        = local.worker_security_group_id
@@ -415,7 +421,8 @@ resource "aws_security_group_rule" "workers_ingress_cluster" {
 }

 resource "aws_security_group_rule" "workers_ingress_cluster_kubelet" {
-  count                    = var.worker_create_security_group && var.create_eks ? var.worker_sg_ingress_from_port > 10250 ? 1 : 0 : 0
+  count = var.worker_create_security_group && var.create_eks ? var.worker_sg_ingress_from_port > 10250 ? 1 : 0 : 0
+
  description              = "Allow workers Kubelets to receive communication from the cluster control plane."
  protocol                 = "tcp"
  security_group_id        = local.worker_security_group_id
@@ -426,7 +433,8 @@ resource "aws_security_group_rule" "workers_ingress_cluster_kubelet" {
 }

 resource "aws_security_group_rule" "workers_ingress_cluster_https" {
-  count                    = var.worker_create_security_group && var.create_eks ? 1 : 0
+  count = var.worker_create_security_group && var.create_eks ? 1 : 0
+
  description              = "Allow pods running extension API servers on port 443 to receive communication from cluster control plane."
  protocol                 = "tcp"
  security_group_id        = local.worker_security_group_id
@@ -437,7 +445,8 @@ resource "aws_security_group_rule" "workers_ingress_cluster_https" {
 }

 resource "aws_security_group_rule" "workers_ingress_cluster_primary" {
-  count                    = var.worker_create_security_group && var.worker_create_cluster_primary_security_group_rules && var.cluster_version >= 1.14 && var.create_eks ? 1 : 0
+  count = var.worker_create_security_group && var.worker_create_cluster_primary_security_group_rules && var.create_eks ? 1 : 0
+
  description              = "Allow pods running on workers to receive communication from cluster primary security group (e.g. Fargate pods)."
  protocol                 = "all"
  security_group_id        = local.worker_security_group_id
@@ -448,7 +457,8 @@ resource "aws_security_group_rule" "workers_ingress_cluster_primary" {
 }

 resource "aws_security_group_rule" "cluster_primary_ingress_workers" {
-  count                    = var.worker_create_security_group && var.worker_create_cluster_primary_security_group_rules && var.cluster_version >= 1.14 && var.create_eks ? 1 : 0
+  count = var.worker_create_security_group && var.worker_create_cluster_primary_security_group_rules && var.create_eks ? 1 : 0
+
  description              = "Allow pods running on workers to send communication to cluster primary security group (e.g. Fargate pods)."
  protocol                 = "all"
  security_group_id        = local.cluster_primary_security_group_id
@@ -459,26 +469,29 @@ resource "aws_security_group_rule" "cluster_primary_ingress_workers" {
 }

 resource "aws_iam_role" "workers" {
-  count                 = var.manage_worker_iam_resources && var.create_eks ? 1 : 0
-  name_prefix           = var.workers_role_name != "" ? null : coalescelist(aws_eks_cluster.this[*].name, [""])[0]
+  count = var.manage_worker_iam_resources && var.create_eks ? 1 : 0
+
+  name_prefix           = var.workers_role_name != "" ? null : local.cluster_name
  name                  = var.workers_role_name != "" ? var.workers_role_name : null
  assume_role_policy    = data.aws_iam_policy_document.workers_assume_role_policy.json
  permissions_boundary  = var.permissions_boundary
  path                  = var.iam_path
  force_detach_policies = true
-  tags                  = var.tags
+
+  tags = var.tags
 }

 resource "aws_iam_instance_profile" "workers" {
-  count       = var.manage_worker_iam_resources && var.create_eks ? local.worker_group_count : 0
-  name_prefix = coalescelist(aws_eks_cluster.this[*].name, [""])[0]
+  count = var.manage_worker_iam_resources && var.create_eks ? local.worker_group_launch_configuration_count : 0
+
+  name_prefix = local.cluster_name
  role = lookup(
    var.worker_groups[count.index],
    "iam_role_id",
    local.default_iam_role_id,
  )
-
  path = var.iam_path
+
  tags = var.tags

  lifecycle {
@@ -487,25 +500,29 @@ resource "aws_iam_instance_profile" "workers" {
 }

 resource "aws_iam_role_policy_attachment" "workers_AmazonEKSWorkerNodePolicy" {
-  count      = var.manage_worker_iam_resources && var.create_eks ? 1 : 0
+  count = var.manage_worker_iam_resources && var.create_eks ? 1 : 0
+
  policy_arn = "${local.policy_arn_prefix}/AmazonEKSWorkerNodePolicy"
  role       = aws_iam_role.workers[0].name
 }

 resource "aws_iam_role_policy_attachment" "workers_AmazonEKS_CNI_Policy" {
-  count      = var.manage_worker_iam_resources && var.attach_worker_cni_policy && var.create_eks ? 1 : 0
+  count = var.manage_worker_iam_resources && var.attach_worker_cni_policy && var.create_eks ? 1 : 0
+
  policy_arn = "${local.policy_arn_prefix}/AmazonEKS_CNI_Policy"
  role       = aws_iam_role.workers[0].name
 }

 resource "aws_iam_role_policy_attachment" "workers_AmazonEC2ContainerRegistryReadOnly" {
-  count      = var.manage_worker_iam_resources && var.create_eks ? 1 : 0
+  count = var.manage_worker_iam_resources && var.create_eks ? 1 : 0
+
  policy_arn = "${local.policy_arn_prefix}/AmazonEC2ContainerRegistryReadOnly"
  role       = aws_iam_role.workers[0].name
 }

 resource "aws_iam_role_policy_attachment" "workers_additional_policies" {
-  count      = var.manage_worker_iam_resources && var.create_eks ? length(var.workers_additional_policies) : 0
+  count = var.manage_worker_iam_resources && var.create_eks ? length(var.workers_additional_policies) : 0
+
  role       = aws_iam_role.workers[0].name
  policy_arn = var.workers_additional_policies[count.index]
 }