feat!: Upgrade min AWS provider and Terraform versions to 6.0 and 1.5.7 respectively (#3412)

* feat!: Upgrade min AWS provider and Terraform versions to `6.0` and `1.5.7` respectively * fix: Remove deprecated arguments in AWS v6.0 provider, upgrade Helm provider to v3.0, bump VPC module to v6.0 * fix: Remove `aws-auth` sub-module * fix: Remove `platform` and `cluster_service_ipv4_cidr` variables from `user-data` sub-module * fix: Resolve all marked `todos` that have been accumulated * fix: Set default `http_put_response_hop_limit` to `1` * fix: Remove IRSA support from Karpenter sub-module * fix: Avoid making GET requests from data sources unless absolutely necessary * feat: Add variable optional attribute definitions * feat: Bump KMS key module version to latest, add remaining variable attribute definitions * fix: Remove `cluster_` prefix from variable names to better match the underlying API * fix: Move all EFA logic to the nodegroup itself * fix: Remove arguments that do not make sense in EKS * fix: Updates from plan validation * fix: Remove more self-managed node group attributes that are commonly not used in EKS clusters * fix: Remove data plane compute `*_defaults` variables that do not work with variable optional attributes * fix: Ignore changes to `bootstrap_self_managed_addons` to aid in upgrade * feat: Add support for `region` argument on relevant resources * feat: Initial pass on upgrade guide * fix: Updates from testing and validating EKS managed node group * fix: Updates from testing and validating self-managed node group * docs: Ensure addon ussage documented is aligned * feat: Switch to dualstack OIDC issuer URL * feat: Allow sourcing over overriding the Karpenter assume role policy * fix: Use `Bool` instead of `StringEquals` for DenyHTTP queue policy * fix: Correct use of `nullable` and default value propagation
2025-09-09 19:32:58 +08:00 · 2025-07-23 15:11:01 -05:00
parent 8a0efdbbc8
commit 416515a0da
84 changed files with 4111 additions and 3339 deletions
@@ -7,51 +7,47 @@ resource "null_resource" "validate_cluster_service_cidr" {
    precondition {
      # The length 6 is currently arbitrary, but it's a safe bet that the CIDR will be longer than that
      # The main point is that a value needs to be provided when `create = true`
-      condition     = var.create ? length(local.cluster_service_cidr) > 6 : true
+      condition     = var.create ? length(var.cluster_service_cidr) > 6 : true
      error_message = "`cluster_service_cidr` is required when `create = true`."
    }
  }
 }

 locals {
-  # Converts AMI type into user data type that represents the underlying format (bash, toml, PS1, nodeadm)
-  # TODO - platform will be removed in v21.0 and only `ami_type` will be valid
-  ami_type_to_user_data_type = {
-    AL2_x86_64                 = "linux"
-    AL2_x86_64_GPU             = "linux"
-    AL2_ARM_64                 = "linux"
-    BOTTLEROCKET_ARM_64        = "bottlerocket"
-    BOTTLEROCKET_x86_64        = "bottlerocket"
-    BOTTLEROCKET_ARM_64_FIPS   = "bottlerocket"
-    BOTTLEROCKET_x86_64_FIPS   = "bottlerocket"
-    BOTTLEROCKET_ARM_64_NVIDIA = "bottlerocket"
-    BOTTLEROCKET_x86_64_NVIDIA = "bottlerocket"
-    WINDOWS_CORE_2019_x86_64   = "windows"
-    WINDOWS_FULL_2019_x86_64   = "windows"
-    WINDOWS_CORE_2022_x86_64   = "windows"
-    WINDOWS_FULL_2022_x86_64   = "windows"
-    AL2023_x86_64_STANDARD     = "al2023"
-    AL2023_ARM_64_STANDARD     = "al2023"
-    AL2023_x86_64_NEURON       = "al2023"
-    AL2023_x86_64_NVIDIA       = "al2023"
-    AL2023_ARM_64_NVIDIA       = "al2023"
+  is_al2    = startswith(var.ami_type, "AL2_")
+  is_al2023 = startswith(var.ami_type, "AL2023_")
+
+  # Converts AMI type into user data template path
+  ami_type_to_user_data_path = {
+    AL2_ARM_64     = "${path.module}/../../templates/al2_user_data.tpl"
+    AL2_x86_64     = "${path.module}/../../templates/al2_user_data.tpl"
+    AL2_x86_64_GPU = "${path.module}/../../templates/al2_user_data.tpl"
+
+    AL2023_x86_64_STANDARD = "${path.module}/../../templates/al2023_user_data.tpl"
+    AL2023_ARM_64_STANDARD = "${path.module}/../../templates/al2023_user_data.tpl"
+    AL2023_x86_64_NEURON   = "${path.module}/../../templates/al2023_user_data.tpl"
+    AL2023_x86_64_NVIDIA   = "${path.module}/../../templates/al2023_user_data.tpl"
+    AL2023_ARM_64_NVIDIA   = "${path.module}/../../templates/al2023_user_data.tpl"
+
+    BOTTLEROCKET_ARM_64        = "${path.module}/../../templates/bottlerocket_user_data.tpl"
+    BOTTLEROCKET_x86_64        = "${path.module}/../../templates/bottlerocket_user_data.tpl"
+    BOTTLEROCKET_ARM_64_FIPS   = "${path.module}/../../templates/bottlerocket_user_data.tpl"
+    BOTTLEROCKET_x86_64_FIPS   = "${path.module}/../../templates/bottlerocket_user_data.tpl"
+    BOTTLEROCKET_ARM_64_NVIDIA = "${path.module}/../../templates/bottlerocket_user_data.tpl"
+    BOTTLEROCKET_x86_64_NVIDIA = "${path.module}/../../templates/bottlerocket_user_data.tpl"
+
+    WINDOWS_CORE_2019_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
+    WINDOWS_FULL_2019_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
+    WINDOWS_CORE_2022_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
+    WINDOWS_FULL_2022_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
+
+    CUSTOM = var.user_data_template_path
  }
-  # Try to use `ami_type` first, but fall back to current, default behavior
-  # TODO - will be removed in v21.0
-  user_data_type = try(local.ami_type_to_user_data_type[var.ami_type], var.platform)
+  user_data_path = coalesce(var.user_data_template_path, local.ami_type_to_user_data_path[var.ami_type])

-  template_path = {
-    al2023       = "${path.module}/../../templates/al2023_user_data.tpl"
-    bottlerocket = "${path.module}/../../templates/bottlerocket_user_data.tpl"
-    linux        = "${path.module}/../../templates/linux_user_data.tpl"
-    windows      = "${path.module}/../../templates/windows_user_data.tpl"
-  }
+  cluster_dns_ips = flatten(concat([try(cidrhost(var.cluster_service_cidr, 10), "")], var.additional_cluster_dns_ips))

-  cluster_service_cidr = try(coalesce(var.cluster_service_ipv4_cidr, var.cluster_service_cidr), "")
-  cluster_dns_ips      = flatten(concat([try(cidrhost(local.cluster_service_cidr, 10), "")], var.additional_cluster_dns_ips))
-
-  user_data = base64encode(templatefile(
-    coalesce(var.user_data_template_path, local.template_path[local.user_data_type]),
+  user_data = var.create ? base64encode(templatefile(local.user_data_path,
    {
      # https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-custom-ami
      enable_bootstrap_user_data = var.enable_bootstrap_user_data
@@ -61,7 +57,7 @@ locals {
      cluster_endpoint    = var.cluster_endpoint
      cluster_auth_base64 = var.cluster_auth_base64

-      cluster_service_cidr = local.cluster_service_cidr
+      cluster_service_cidr = var.cluster_service_cidr
      cluster_ip_family    = var.cluster_ip_family

      # Bottlerocket
@@ -72,22 +68,13 @@ locals {
      pre_bootstrap_user_data  = var.pre_bootstrap_user_data
      post_bootstrap_user_data = var.post_bootstrap_user_data
    }
-  ))
+  )) : ""

-  user_data_type_to_rendered = {
-    al2023 = {
-      user_data = var.create ? try(data.cloudinit_config.al2023_eks_managed_node_group[0].rendered, local.user_data) : ""
-    }
-    bottlerocket = {
-      user_data = var.create && local.user_data_type == "bottlerocket" && (var.enable_bootstrap_user_data || var.user_data_template_path != "" || var.bootstrap_extra_args != "") ? local.user_data : ""
-    }
-    linux = {
-      user_data = var.create ? try(data.cloudinit_config.linux_eks_managed_node_group[0].rendered, local.user_data) : ""
-    }
-    windows = {
-      user_data = var.create && local.user_data_type == "windows" && (var.enable_bootstrap_user_data || var.user_data_template_path != "" || var.pre_bootstrap_user_data != "") ? local.user_data : ""
-    }
-  }
+  user_data_type_to_rendered = try(coalesce(
+    local.is_al2 ? try(data.cloudinit_config.al2_eks_managed_node_group[0].rendered, local.user_data) : null,
+    local.is_al2023 ? try(data.cloudinit_config.al2023_eks_managed_node_group[0].rendered, local.user_data) : null,
+    local.user_data,
+  ), "")
 }

 # https://github.com/aws/containers-roadmap/issues/596#issuecomment-675097667
@@ -97,8 +84,8 @@ locals {
 # this merging will NOT happen and you are responsible for nodes joining the cluster.
 # See docs for more details -> https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data

-data "cloudinit_config" "linux_eks_managed_node_group" {
-  count = var.create && local.user_data_type == "linux" && var.is_eks_managed_node_group && !var.enable_bootstrap_user_data && var.pre_bootstrap_user_data != "" && var.user_data_template_path == "" ? 1 : 0
+data "cloudinit_config" "al2_eks_managed_node_group" {
+  count = var.create && local.is_al2 && var.is_eks_managed_node_group && !var.enable_bootstrap_user_data && var.pre_bootstrap_user_data != "" && var.user_data_template_path == "" ? 1 : 0

  base64_encode = true
  gzip          = false
@@ -129,7 +116,7 @@ locals {
 }

 data "cloudinit_config" "al2023_eks_managed_node_group" {
-  count = var.create && local.user_data_type == "al2023" && length(local.nodeadm_cloudinit) > 0 ? 1 : 0
+  count = var.create && local.is_al2023 && length(local.nodeadm_cloudinit) > 0 ? 1 : 0

  base64_encode = true
  gzip          = false