xpk/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/terraform-aws-modules/terraform-aws-eks.git synced 2025-09-09 19:32:58 +08:00
Code Activity

feat!: Upgrade min AWS provider and Terraform versions to 6.0 and 1.5.7 respectively (#3412)

Browse Source 
* feat!: Upgrade min AWS provider and Terraform versions to `6.0` and `1.5.7` respectively

* fix: Remove deprecated arguments in AWS v6.0 provider, upgrade Helm provider to v3.0, bump VPC module to v6.0

* fix: Remove `aws-auth` sub-module

* fix: Remove `platform` and `cluster_service_ipv4_cidr` variables from `user-data` sub-module

* fix: Resolve all marked `todos` that have been accumulated

* fix: Set default `http_put_response_hop_limit` to `1`

* fix: Remove IRSA support from Karpenter sub-module

* fix: Avoid making GET requests from data sources unless absolutely necessary

* feat: Add variable optional attribute definitions

* feat: Bump KMS key module version to latest, add remaining variable attribute definitions

* fix: Remove `cluster_` prefix from variable names to better match the underlying API

* fix: Move all EFA logic to the nodegroup itself

* fix: Remove arguments that do not make sense in EKS

* fix: Updates from plan validation

* fix: Remove more self-managed node group attributes that are commonly not used in EKS clusters

* fix: Remove data plane compute `*_defaults` variables that do not work with variable optional attributes

* fix: Ignore changes to `bootstrap_self_managed_addons` to aid in upgrade

* feat: Add support for `region` argument on relevant resources

* feat: Initial pass on upgrade guide

* fix: Updates from testing and validating EKS managed node group

* fix: Updates from testing and validating self-managed node group

* docs: Ensure addon ussage documented is aligned

* feat: Switch to dualstack OIDC issuer URL

* feat: Allow sourcing over overriding the Karpenter assume role policy

* fix: Use `Bool` instead of `StringEquals` for DenyHTTP queue policy

* fix: Correct use of `nullable` and default value propagation
This commit is contained in:
Bryant Biggs
2025-07-23 15:11:01 -05:00
committed by GitHub
parent 8a0efdbbc8
commit 416515a0da
84 changed files with 4111 additions and 3339 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/_user_data/README.md
+3 -6
View File
@@ -9,7 +9,7 @@ See [`tests/user-data/`](https://github.com/terraform-aws-modules/terraform-aws-
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5.7 |
| <a name="requirement_cloudinit"></a> [cloudinit](#requirement\_cloudinit) | >= 2.0 |
| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
@@ -30,14 +30,14 @@ No modules.
|------|------|
| [null_resource.validate_cluster_service_cidr](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [cloudinit_config.al2023_eks_managed_node_group](https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/config) | data source |
| [cloudinit_config.linux_eks_managed_node_group](https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/config) | data source |
| [cloudinit_config.al2_eks_managed_node_group](https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/config) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_additional_cluster_dns_ips"></a> [additional\_cluster\_dns\_ips](#input\_additional\_cluster\_dns\_ips) | Additional DNS IP addresses to use for the cluster. Only used when `ami_type` = `BOTTLEROCKET_*` | `list(string)` | `[]` | no |
| <a name="input_ami_type"></a> [ami\_type](#input\_ami\_type) | Type of Amazon Machine Image (AMI) associated with the EKS Node Group. See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid values | `string` | `null` | no |
| <a name="input_ami_type"></a> [ami\_type](#input\_ami\_type) | Type of Amazon Machine Image (AMI) associated with the EKS Node Group. See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid values | `string` | `"AL2023_x86_64_STANDARD"` | no |
| <a name="input_bootstrap_extra_args"></a> [bootstrap\_extra\_args](#input\_bootstrap\_extra\_args) | Additional arguments passed to the bootstrap script. When `ami_type` = `BOTTLEROCKET_*`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data | `string` | `""` | no |
| <a name="input_cloudinit_post_nodeadm"></a> [cloudinit\_post\_nodeadm](#input\_cloudinit\_post\_nodeadm) | Array of cloud-init document parts that are created after the nodeadm document part | <pre>list(object({<br/> content = string<br/> content_type = optional(string)<br/> filename = optional(string)<br/> merge_type = optional(string)<br/> }))</pre> | `[]` | no |
| <a name="input_cloudinit_pre_nodeadm"></a> [cloudinit\_pre\_nodeadm](#input\_cloudinit\_pre\_nodeadm) | Array of cloud-init document parts that are created before the nodeadm document part | <pre>list(object({<br/> content = string<br/> content_type = optional(string)<br/> filename = optional(string)<br/> merge_type = optional(string)<br/> }))</pre> | `[]` | no |
@@ -46,11 +46,9 @@ No modules.
| <a name="input_cluster_ip_family"></a> [cluster\_ip\_family](#input\_cluster\_ip\_family) | The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6` | `string` | `"ipv4"` | no |
| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of the EKS cluster | `string` | `""` | no |
| <a name="input_cluster_service_cidr"></a> [cluster\_service\_cidr](#input\_cluster\_service\_cidr) | The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself | `string` | `""` | no |
| <a name="input_cluster_service_ipv4_cidr"></a> [cluster\_service\_ipv4\_cidr](#input\_cluster\_service\_ipv4\_cidr) | [Deprecated] The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks | `string` | `null` | no |
| <a name="input_create"></a> [create](#input\_create) | Determines whether to create user-data or not | `bool` | `true` | no |
| <a name="input_enable_bootstrap_user_data"></a> [enable\_bootstrap\_user\_data](#input\_enable\_bootstrap\_user\_data) | Determines whether the bootstrap configurations are populated within the user data template | `bool` | `false` | no |
| <a name="input_is_eks_managed_node_group"></a> [is\_eks\_managed\_node\_group](#input\_is\_eks\_managed\_node\_group) | Determines whether the user data is used on nodes in an EKS managed node group. Used to determine if user data will be appended or not | `bool` | `true` | no |
| <a name="input_platform"></a> [platform](#input\_platform) | [DEPRECATED - use `ami_type` instead. Will be removed in `v21.0`] Identifies the OS platform as `bottlerocket`, `linux` (AL2), `al2023`, or `windows` | `string` | `"linux"` | no |
| <a name="input_post_bootstrap_user_data"></a> [post\_bootstrap\_user\_data](#input\_post\_bootstrap\_user\_data) | User data that is appended to the user data script after of the EKS bootstrap script. Not used when `ami_type` = `BOTTLEROCKET_*` | `string` | `""` | no |
| <a name="input_pre_bootstrap_user_data"></a> [pre\_bootstrap\_user\_data](#input\_pre\_bootstrap\_user\_data) | User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `ami_type` = `BOTTLEROCKET_*` | `string` | `""` | no |
| <a name="input_user_data_template_path"></a> [user\_data\_template\_path](#input\_user\_data\_template\_path) | Path to a local, custom user data template file to use when rendering user data | `string` | `""` | no |
@@ -59,6 +57,5 @@ No modules.
| Name | Description |
|------|-------------|
| <a name="output_platform"></a> [platform](#output\_platform) | [DEPRECATED - Will be removed in `v21.0`] Identifies the OS platform as `bottlerocket`, `linux` (AL2), `al2023, or `windows |
| <a name="output_user_data"></a> [user\_data](#output\_user\_data) | Base64 encoded user data rendered for the provided inputs |
<!-- END_TF_DOCS -->
modules/_user_data/main.tf
+42 -55
View File
@@ -7,51 +7,47 @@ resource "null_resource" "validate_cluster_service_cidr" {
precondition {
# The length 6 is currently arbitrary, but it's a safe bet that the CIDR will be longer than that
# The main point is that a value needs to be provided when `create = true`
condition = var.create ? length(local.cluster_service_cidr) > 6 : true
condition = var.create ? length(var.cluster_service_cidr) > 6 : true
error_message = "`cluster_service_cidr` is required when `create = true`."
}
}
}
locals {
# Converts AMI type into user data type that represents the underlying format (bash, toml, PS1, nodeadm)
# TODO - platform will be removed in v21.0 and only `ami_type` will be valid
ami_type_to_user_data_type = {
AL2_x86_64 = "linux"
AL2_x86_64_GPU = "linux"
AL2_ARM_64 = "linux"
BOTTLEROCKET_ARM_64 = "bottlerocket"
BOTTLEROCKET_x86_64 = "bottlerocket"
BOTTLEROCKET_ARM_64_FIPS = "bottlerocket"
BOTTLEROCKET_x86_64_FIPS = "bottlerocket"
BOTTLEROCKET_ARM_64_NVIDIA = "bottlerocket"
BOTTLEROCKET_x86_64_NVIDIA = "bottlerocket"
WINDOWS_CORE_2019_x86_64 = "windows"
WINDOWS_FULL_2019_x86_64 = "windows"
WINDOWS_CORE_2022_x86_64 = "windows"
WINDOWS_FULL_2022_x86_64 = "windows"
AL2023_x86_64_STANDARD = "al2023"
AL2023_ARM_64_STANDARD = "al2023"
AL2023_x86_64_NEURON = "al2023"
AL2023_x86_64_NVIDIA = "al2023"
AL2023_ARM_64_NVIDIA = "al2023"
is_al2 = startswith(var.ami_type, "AL2_")
is_al2023 = startswith(var.ami_type, "AL2023_")
# Converts AMI type into user data template path
ami_type_to_user_data_path = {
AL2_ARM_64 = "${path.module}/../../templates/al2_user_data.tpl"
AL2_x86_64 = "${path.module}/../../templates/al2_user_data.tpl"
AL2_x86_64_GPU = "${path.module}/../../templates/al2_user_data.tpl"
AL2023_x86_64_STANDARD = "${path.module}/../../templates/al2023_user_data.tpl"
AL2023_ARM_64_STANDARD = "${path.module}/../../templates/al2023_user_data.tpl"
AL2023_x86_64_NEURON = "${path.module}/../../templates/al2023_user_data.tpl"
AL2023_x86_64_NVIDIA = "${path.module}/../../templates/al2023_user_data.tpl"
AL2023_ARM_64_NVIDIA = "${path.module}/../../templates/al2023_user_data.tpl"
BOTTLEROCKET_ARM_64 = "${path.module}/../../templates/bottlerocket_user_data.tpl"
BOTTLEROCKET_x86_64 = "${path.module}/../../templates/bottlerocket_user_data.tpl"
BOTTLEROCKET_ARM_64_FIPS = "${path.module}/../../templates/bottlerocket_user_data.tpl"
BOTTLEROCKET_x86_64_FIPS = "${path.module}/../../templates/bottlerocket_user_data.tpl"
BOTTLEROCKET_ARM_64_NVIDIA = "${path.module}/../../templates/bottlerocket_user_data.tpl"
BOTTLEROCKET_x86_64_NVIDIA = "${path.module}/../../templates/bottlerocket_user_data.tpl"
WINDOWS_CORE_2019_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
WINDOWS_FULL_2019_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
WINDOWS_CORE_2022_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
WINDOWS_FULL_2022_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
CUSTOM = var.user_data_template_path
}
# Try to use `ami_type` first, but fall back to current, default behavior
# TODO - will be removed in v21.0
user_data_type = try(local.ami_type_to_user_data_type[var.ami_type], var.platform)
user_data_path = coalesce(var.user_data_template_path, local.ami_type_to_user_data_path[var.ami_type])
template_path = {
al2023 = "${path.module}/../../templates/al2023_user_data.tpl"
bottlerocket = "${path.module}/../../templates/bottlerocket_user_data.tpl"
linux = "${path.module}/../../templates/linux_user_data.tpl"
windows = "${path.module}/../../templates/windows_user_data.tpl"
}
cluster_dns_ips = flatten(concat([try(cidrhost(var.cluster_service_cidr, 10), "")], var.additional_cluster_dns_ips))
cluster_service_cidr = try(coalesce(var.cluster_service_ipv4_cidr, var.cluster_service_cidr), "")
cluster_dns_ips = flatten(concat([try(cidrhost(local.cluster_service_cidr, 10), "")], var.additional_cluster_dns_ips))
user_data = base64encode(templatefile(
coalesce(var.user_data_template_path, local.template_path[local.user_data_type]),
user_data = var.create ? base64encode(templatefile(local.user_data_path,
{
# https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-custom-ami
enable_bootstrap_user_data = var.enable_bootstrap_user_data
@@ -61,7 +57,7 @@ locals {
cluster_endpoint = var.cluster_endpoint
cluster_auth_base64 = var.cluster_auth_base64
cluster_service_cidr = local.cluster_service_cidr
cluster_service_cidr = var.cluster_service_cidr
cluster_ip_family = var.cluster_ip_family
# Bottlerocket
@@ -72,22 +68,13 @@ locals {
pre_bootstrap_user_data = var.pre_bootstrap_user_data
post_bootstrap_user_data = var.post_bootstrap_user_data
}
))
)) : ""
user_data_type_to_rendered = {
al2023 = {
user_data = var.create ? try(data.cloudinit_config.al2023_eks_managed_node_group[0].rendered, local.user_data) : ""
}
bottlerocket = {
user_data = var.create && local.user_data_type == "bottlerocket" && (var.enable_bootstrap_user_data || var.user_data_template_path != "" || var.bootstrap_extra_args != "") ? local.user_data : ""
}
linux = {
user_data = var.create ? try(data.cloudinit_config.linux_eks_managed_node_group[0].rendered, local.user_data) : ""
}
windows = {
user_data = var.create && local.user_data_type == "windows" && (var.enable_bootstrap_user_data || var.user_data_template_path != "" || var.pre_bootstrap_user_data != "") ? local.user_data : ""
}
}
user_data_type_to_rendered = try(coalesce(
local.is_al2 ? try(data.cloudinit_config.al2_eks_managed_node_group[0].rendered, local.user_data) : null,
local.is_al2023 ? try(data.cloudinit_config.al2023_eks_managed_node_group[0].rendered, local.user_data) : null,
local.user_data,
), "")
}
# https://github.com/aws/containers-roadmap/issues/596#issuecomment-675097667
@@ -97,8 +84,8 @@ locals {
# this merging will NOT happen and you are responsible for nodes joining the cluster.
# See docs for more details -> https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data
data "cloudinit_config" "linux_eks_managed_node_group" {
count = var.create && local.user_data_type == "linux" && var.is_eks_managed_node_group && !var.enable_bootstrap_user_data && var.pre_bootstrap_user_data != "" && var.user_data_template_path == "" ? 1 : 0
data "cloudinit_config" "al2_eks_managed_node_group" {
count = var.create && local.is_al2 && var.is_eks_managed_node_group && !var.enable_bootstrap_user_data && var.pre_bootstrap_user_data != "" && var.user_data_template_path == "" ? 1 : 0
base64_encode = true
gzip = false
@@ -129,7 +116,7 @@ locals {
}
data "cloudinit_config" "al2023_eks_managed_node_group" {
count = var.create && local.user_data_type == "al2023" && length(local.nodeadm_cloudinit) > 0 ? 1 : 0
count = var.create && local.is_al2023 && length(local.nodeadm_cloudinit) > 0 ? 1 : 0
base64_encode = true
gzip = false
modules/_user_data/outputs.tf
+1 -6
View File
@@ -1,9 +1,4 @@
output "user_data" {
description = "Base64 encoded user data rendered for the provided inputs"
value = try(local.user_data_type_to_rendered[local.user_data_type].user_data, null)
}
output "platform" {
description = "[DEPRECATED - Will be removed in `v21.0`] Identifies the OS platform as `bottlerocket`, `linux` (AL2), `al2023, or `windows`"
value = local.user_data_type
value = local.user_data_type_to_rendered
}
modules/_user_data/variables.tf
+19 -16
View File
@@ -2,97 +2,98 @@ variable "create" {
description = "Determines whether to create user-data or not"
type = bool
default = true
}
variable "platform" {
description = "[DEPRECATED - use `ami_type` instead. Will be removed in `v21.0`] Identifies the OS platform as `bottlerocket`, `linux` (AL2), `al2023`, or `windows`"
type = string
default = "linux"
nullable = false
}
variable "ami_type" {
description = "Type of Amazon Machine Image (AMI) associated with the EKS Node Group. See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid values"
type = string
default = null
default = "AL2023_x86_64_STANDARD"
nullable = false
}
variable "enable_bootstrap_user_data" {
description = "Determines whether the bootstrap configurations are populated within the user data template"
type = bool
default = false
nullable = false
}
variable "is_eks_managed_node_group" {
description = "Determines whether the user data is used on nodes in an EKS managed node group. Used to determine if user data will be appended or not"
type = bool
default = true
nullable = false
}
variable "cluster_name" {
description = "Name of the EKS cluster"
type = string
default = ""
nullable = false
}
variable "cluster_endpoint" {
description = "Endpoint of associated EKS cluster"
type = string
default = ""
nullable = false
}
variable "cluster_auth_base64" {
description = "Base64 encoded CA of associated EKS cluster"
type = string
default = ""
nullable = false
}
variable "cluster_service_cidr" {
description = "The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself"
type = string
default = ""
nullable = false
}
variable "cluster_ip_family" {
description = "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`"
type = string
default = "ipv4"
nullable = false
}
variable "additional_cluster_dns_ips" {
description = "Additional DNS IP addresses to use for the cluster. Only used when `ami_type` = `BOTTLEROCKET_*`"
type = list(string)
default = []
}
# TODO - remove at next breaking change
variable "cluster_service_ipv4_cidr" {
description = "[Deprecated] The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
type = string
default = null
nullable = false
}
variable "pre_bootstrap_user_data" {
description = "User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `ami_type` = `BOTTLEROCKET_*`"
type = string
default = ""
nullable = false
}
variable "post_bootstrap_user_data" {
description = "User data that is appended to the user data script after of the EKS bootstrap script. Not used when `ami_type` = `BOTTLEROCKET_*`"
type = string
default = ""
nullable = false
}
variable "bootstrap_extra_args" {
description = "Additional arguments passed to the bootstrap script. When `ami_type` = `BOTTLEROCKET_*`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data"
type = string
default = ""
nullable = false
}
variable "user_data_template_path" {
description = "Path to a local, custom user data template file to use when rendering user data"
type = string
default = ""
nullable = false
}
variable "cloudinit_pre_nodeadm" {
@@ -103,7 +104,8 @@ variable "cloudinit_pre_nodeadm" {
filename = optional(string)
merge_type = optional(string)
}))
default = []
default = []
nullable = false
}
variable "cloudinit_post_nodeadm" {
@@ -114,5 +116,6 @@ variable "cloudinit_post_nodeadm" {
filename = optional(string)
merge_type = optional(string)
}))
default = []
default = []
nullable = false
}
modules/_user_data/versions.tf
+1 -1
View File
@@ -1,5 +1,5 @@
terraform {
required_version = ">= 1.3.2"
required_version = ">= 1.5.7"
required_providers {
cloudinit = {