xpk/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/terraform-aws-modules/terraform-aws-eks.git synced 2025-09-09 19:32:58 +08:00
Code Activity

feat!: Upgrade min AWS provider and Terraform versions to 6.0 and 1.5.7 respectively (#3412)

Browse Source 
* feat!: Upgrade min AWS provider and Terraform versions to `6.0` and `1.5.7` respectively

* fix: Remove deprecated arguments in AWS v6.0 provider, upgrade Helm provider to v3.0, bump VPC module to v6.0

* fix: Remove `aws-auth` sub-module

* fix: Remove `platform` and `cluster_service_ipv4_cidr` variables from `user-data` sub-module

* fix: Resolve all marked `todos` that have been accumulated

* fix: Set default `http_put_response_hop_limit` to `1`

* fix: Remove IRSA support from Karpenter sub-module

* fix: Avoid making GET requests from data sources unless absolutely necessary

* feat: Add variable optional attribute definitions

* feat: Bump KMS key module version to latest, add remaining variable attribute definitions

* fix: Remove `cluster_` prefix from variable names to better match the underlying API

* fix: Move all EFA logic to the nodegroup itself

* fix: Remove arguments that do not make sense in EKS

* fix: Updates from plan validation

* fix: Remove more self-managed node group attributes that are commonly not used in EKS clusters

* fix: Remove data plane compute `*_defaults` variables that do not work with variable optional attributes

* fix: Ignore changes to `bootstrap_self_managed_addons` to aid in upgrade

* feat: Add support for `region` argument on relevant resources

* feat: Initial pass on upgrade guide

* fix: Updates from testing and validating EKS managed node group

* fix: Updates from testing and validating self-managed node group

* docs: Ensure addon ussage documented is aligned

* feat: Switch to dualstack OIDC issuer URL

* feat: Allow sourcing over overriding the Karpenter assume role policy

* fix: Use `Bool` instead of `StringEquals` for DenyHTTP queue policy

* fix: Correct use of `nullable` and default value propagation
This commit is contained in:
Bryant Biggs
2025-07-23 15:11:01 -05:00
committed by GitHub
parent 8a0efdbbc8
commit 416515a0da
84 changed files with 4111 additions and 3339 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/eks-managed-node-group/variables.tf
+288 -94
View File
@@ -2,6 +2,7 @@ variable "create" {
description = "Determines whether to create EKS managed node group or not"
type = bool
default = true
nullable = false
}
variable "tags" {
@@ -10,10 +11,22 @@ variable "tags" {
default = {}
}
variable "platform" {
description = "[DEPRECATED - use `ami_type` instead. Will be removed in `v21.0`] Identifies the OS platform as `bottlerocket`, `linux` (AL2), `al2023`, or `windows`"
variable "region" {
description = "Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration"
type = string
default = "linux"
default = null
}
variable "partition" {
description = "The AWS partition - pass through value to reduce number of GET requests from data sources"
type = string
default = ""
}
variable "account_id" {
description = "The AWS account ID - pass through value to reduce number of GET requests from data sources"
type = string
default = ""
}
################################################################################
@@ -24,61 +37,55 @@ variable "enable_bootstrap_user_data" {
description = "Determines whether the bootstrap configurations are populated within the user data template. Only valid when using a custom AMI via `ami_id`"
type = bool
default = false
nullable = false
}
variable "cluster_name" {
description = "Name of associated EKS cluster"
type = string
default = null
default = ""
}
variable "cluster_endpoint" {
description = "Endpoint of associated EKS cluster"
type = string
default = ""
default = null
}
variable "cluster_auth_base64" {
description = "Base64 encoded CA of associated EKS cluster"
type = string
default = ""
default = null
}
variable "cluster_service_cidr" {
description = "The CIDR block (IPv4 or IPv6) used by the cluster to assign Kubernetes service IP addresses. This is derived from the cluster itself"
type = string
default = ""
}
# TODO - remove at next breaking change
variable "cluster_service_ipv4_cidr" {
description = "[Deprecated] The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks"
type = string
default = null
}
variable "pre_bootstrap_user_data" {
description = "User data that is injected into the user data script ahead of the EKS bootstrap script. Not used when `ami_type` = `BOTTLEROCKET_*`"
type = string
default = ""
default = null
}
variable "post_bootstrap_user_data" {
description = "User data that is appended to the user data script after of the EKS bootstrap script. Not used when `ami_type` = `BOTTLEROCKET_*`"
type = string
default = ""
default = null
}
variable "bootstrap_extra_args" {
description = "Additional arguments passed to the bootstrap script. When `ami_type` = `BOTTLEROCKET_*`; these are additional [settings](https://github.com/bottlerocket-os/bottlerocket#settings) that are provided to the Bottlerocket user data"
type = string
default = ""
default = null
}
variable "user_data_template_path" {
description = "Path to a local, custom user data template file to use when rendering user data"
type = string
default = ""
default = null
}
variable "cloudinit_pre_nodeadm" {
@@ -89,7 +96,7 @@ variable "cloudinit_pre_nodeadm" {
filename = optional(string)
merge_type = optional(string)
}))
default = []
default = null
}
variable "cloudinit_post_nodeadm" {
@@ -100,7 +107,7 @@ variable "cloudinit_post_nodeadm" {
filename = optional(string)
merge_type = optional(string)
}))
default = []
default = null
}
################################################################################
@@ -111,12 +118,14 @@ variable "create_launch_template" {
description = "Determines whether to create a launch template or not. If set to `false`, EKS will use its own default launch template"
type = bool
default = true
nullable = false
}
variable "use_custom_launch_template" {
description = "Determines whether to use a custom launch template or not. If set to `false`, EKS will use its own default launch template"
type = bool
default = true
nullable = false
}
variable "launch_template_id" {
@@ -135,6 +144,7 @@ variable "launch_template_use_name_prefix" {
description = "Determines whether to use `launch_template_name` as is or create a unique name beginning with the `launch_template_name` as the prefix"
type = bool
default = true
nullable = false
}
variable "launch_template_description" {
@@ -165,6 +175,7 @@ variable "vpc_security_group_ids" {
description = "A list of security group IDs to associate"
type = list(string)
default = []
nullable = false
}
variable "cluster_primary_security_group_id" {
@@ -183,6 +194,7 @@ variable "update_launch_template_default_version" {
description = "Whether to update the launch templates default version on each update. Conflicts with `launch_template_default_version`"
type = bool
default = true
nullable = false
}
variable "disable_api_termination" {
@@ -205,129 +217,208 @@ variable "ram_disk_id" {
variable "block_device_mappings" {
description = "Specify volumes to attach to the instance besides the volumes specified by the AMI"
type = any
default = {}
type = map(object({
device_name = optional(string)
ebs = optional(object({
delete_on_termination = optional(bool)
encrypted = optional(bool)
iops = optional(number)
kms_key_id = optional(string)
snapshot_id = optional(string)
throughput = optional(number)
volume_initialization_rate = optional(number)
volume_size = optional(number)
volume_type = optional(string)
}))
no_device = optional(string)
virtual_name = optional(string)
}))
default = null
}
variable "capacity_reservation_specification" {
description = "Targeting for EC2 capacity reservations"
type = any
default = {}
type = object({
capacity_reservation_preference = optional(string)
capacity_reservation_target = optional(object({
capacity_reservation_id = optional(string)
capacity_reservation_resource_group_arn = optional(string)
}))
})
default = null
}
variable "cpu_options" {
description = "The CPU options for the instance"
type = map(string)
default = {}
type = object({
amd_sev_snp = optional(string)
core_count = optional(number)
threads_per_core = optional(number)
})
default = null
}
variable "credit_specification" {
description = "Customize the credit specification of the instance"
type = map(string)
default = {}
}
variable "elastic_gpu_specifications" {
description = "The elastic GPU to attach to the instance"
type = any
default = {}
}
variable "elastic_inference_accelerator" {
description = "Configuration block containing an Elastic Inference Accelerator to attach to the instance"
type = map(string)
default = {}
type = object({
cpu_credits = optional(string)
})
default = null
}
variable "enclave_options" {
description = "Enable Nitro Enclaves on launched instances"
type = map(string)
default = {}
type = object({
enabled = optional(bool)
})
default = null
}
variable "instance_market_options" {
description = "The market (purchasing) option for the instance"
type = any
default = {}
type = object({
market_type = optional(string)
spot_options = optional(object({
block_duration_minutes = optional(number)
instance_interruption_behavior = optional(string)
max_price = optional(string)
spot_instance_type = optional(string)
valid_until = optional(string)
}))
})
default = null
}
variable "maintenance_options" {
description = "The maintenance options for the instance"
type = any
default = {}
type = object({
auto_recovery = optional(string)
})
default = null
}
variable "license_specifications" {
description = "A map of license specifications to associate with"
type = any
default = {}
description = "A list of license specifications to associate with"
type = list(object({
license_configuration_arn = string
}))
default = null
}
variable "metadata_options" {
description = "Customize the metadata options for the instance"
type = map(string)
type = object({
http_endpoint = optional(string, "enabled")
http_protocol_ipv6 = optional(string)
http_put_response_hop_limit = optional(number, 1)
http_tokens = optional(string, "required")
instance_metadata_tags = optional(string)
})
default = {
http_endpoint = "enabled"
http_put_response_hop_limit = 1
http_tokens = "required"
http_put_response_hop_limit = 2
}
nullable = false
}
# TODO - make this false by default at next breaking change
variable "enable_monitoring" {
description = "Enables/disables detailed monitoring"
type = bool
default = true
default = false
nullable = false
}
variable "enable_efa_support" {
description = "Determines whether to enable Elastic Fabric Adapter (EFA) support"
type = bool
default = false
nullable = false
}
# TODO - make this true by default at next breaking change (remove variable, only pass indices)
variable "enable_efa_only" {
description = "Determines whether to enable EFA (`false`, default) or EFA and EFA-only (`true`) network interfaces. Note: requires vpc-cni version `v1.18.4` or later"
type = bool
default = false
default = true
nullable = false
}
variable "efa_indices" {
description = "The indices of the network interfaces that should be EFA-enabled. Only valid when `enable_efa_support` = `true`"
type = list(number)
default = [0]
nullable = false
}
variable "network_interfaces" {
description = "Customize network interfaces to be attached at instance boot time"
type = list(any)
default = []
type = list(object({
associate_carrier_ip_address = optional(bool)
associate_public_ip_address = optional(bool)
connection_tracking_specification = optional(object({
tcp_established_timeout = optional(number)
udp_stream_timeout = optional(number)
udp_timeout = optional(number)
}))
delete_on_termination = optional(bool)
description = optional(string)
device_index = optional(number)
ena_srd_specification = optional(object({
ena_srd_enabled = optional(bool)
ena_srd_udp_specification = optional(object({
ena_srd_udp_enabled = optional(bool)
}))
}))
interface_type = optional(string)
ipv4_address_count = optional(number)
ipv4_addresses = optional(list(string))
ipv4_prefix_count = optional(number)
ipv4_prefixes = optional(list(string))
ipv6_address_count = optional(number)
ipv6_addresses = optional(list(string))
ipv6_prefix_count = optional(number)
ipv6_prefixes = optional(list(string))
network_card_index = optional(number)
network_interface_id = optional(string)
primary_ipv6 = optional(bool)
private_ip_address = optional(string)
security_groups = optional(list(string), [])
subnet_id = optional(string)
}))
default = []
nullable = false
}
variable "placement" {
description = "The placement of the instance"
type = map(string)
default = {}
type = object({
affinity = optional(string)
availability_zone = optional(string)
group_name = optional(string)
host_id = optional(string)
host_resource_group_arn = optional(string)
partition_number = optional(number)
spread_domain = optional(string)
tenancy = optional(string)
})
default = null
}
variable "create_placement_group" {
description = "Determines whether a placement group is created & used by the node group"
type = bool
default = false
}
# TODO - remove at next breaking change
variable "placement_group_strategy" {
description = "The placement group strategy"
type = string
default = "cluster"
nullable = false
}
variable "private_dns_name_options" {
description = "The options for the instance hostname. The default values are inherited from the subnet"
type = map(string)
default = {}
type = object({
enable_resource_name_dns_aaaa_record = optional(bool)
enable_resource_name_dns_a_record = optional(bool)
hostname_type = optional(string)
})
default = null
}
variable "launch_template_tags" {
@@ -340,6 +431,7 @@ variable "tag_specifications" {
description = "The tags to apply to the resources during launch"
type = list(string)
default = ["instance", "volume", "network-interface"]
nullable = false
}
################################################################################
@@ -352,28 +444,25 @@ variable "subnet_ids" {
default = null
}
variable "placement_group_az" {
description = "Availability zone where placement group is created (ex. `eu-west-1c`)"
type = string
default = null
}
variable "min_size" {
description = "Minimum number of instances/nodes"
type = number
default = 0
default = 1
nullable = false
}
variable "max_size" {
description = "Maximum number of instances/nodes"
type = number
default = 3
nullable = false
}
variable "desired_size" {
description = "Desired number of instances/nodes"
type = number
default = 1
nullable = false
}
variable "name" {
@@ -386,12 +475,14 @@ variable "use_name_prefix" {
description = "Determines whether to use `name` as is or create a unique name beginning with the `name` as the prefix"
type = bool
default = true
nullable = false
}
variable "ami_type" {
description = "Type of Amazon Machine Image (AMI) associated with the EKS Node Group. See the [AWS documentation](https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid values"
type = string
default = null
default = "AL2023_x86_64_STANDARD"
nullable = false
}
variable "ami_release_version" {
@@ -401,15 +492,17 @@ variable "ami_release_version" {
}
variable "use_latest_ami_release_version" {
description = "Determines whether to use the latest AMI release version for the given `ami_type` (except for `CUSTOM`). Note: `ami_type` and `cluster_version` must be supplied in order to enable this feature"
description = "Determines whether to use the latest AMI release version for the given `ami_type` (except for `CUSTOM`). Note: `ami_type` and `kubernetes_version` must be supplied in order to enable this feature"
type = bool
default = false
default = true
nullable = false
}
variable "capacity_type" {
description = "Type of capacity associated with the EKS Node Group. Valid values: `ON_DEMAND`, `SPOT`"
type = string
default = "ON_DEMAND"
nullable = false
}
variable "disk_size" {
@@ -436,7 +529,7 @@ variable "labels" {
default = null
}
variable "cluster_version" {
variable "kubernetes_version" {
description = "Kubernetes version. Defaults to EKS Cluster Kubernetes version"
type = string
default = null
@@ -450,22 +543,33 @@ variable "launch_template_version" {
variable "remote_access" {
description = "Configuration block with remote access settings. Only valid when `use_custom_launch_template` = `false`"
type = any
default = {}
type = object({
ec2_ssh_key = optional(string)
source_security_group_ids = optional(list(string))
})
default = null
}
variable "taints" {
description = "The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group"
type = any
default = {}
type = map(object({
key = string
value = optional(string)
effect = string
}))
default = null
}
variable "update_config" {
description = "Configuration block of settings for max unavailable resources during node group updates"
type = map(string)
type = object({
max_unavailable = optional(number)
max_unavailable_percentage = optional(number)
})
default = {
max_unavailable_percentage = 33
}
nullable = false
}
variable "node_repair_config" {
@@ -478,8 +582,12 @@ variable "node_repair_config" {
variable "timeouts" {
description = "Create, update, and delete timeout configurations for the node group"
type = map(string)
default = {}
type = object({
create = optional(string)
update = optional(string)
delete = optional(string)
})
default = null
}
################################################################################
@@ -490,12 +598,14 @@ variable "create_iam_role" {
description = "Determines whether an IAM role is created or to use an existing IAM role"
type = bool
default = true
nullable = false
}
variable "cluster_ip_family" {
description = "The IP family used to assign Kubernetes pod and service addresses. Valid values are `ipv4` (default) and `ipv6`"
type = string
default = "ipv4"
nullable = false
}
variable "iam_role_arn" {
@@ -514,6 +624,7 @@ variable "iam_role_use_name_prefix" {
description = "Determines whether the IAM role name (`iam_role_name`) is used as a prefix"
type = bool
default = true
nullable = false
}
variable "iam_role_path" {
@@ -525,7 +636,8 @@ variable "iam_role_path" {
variable "iam_role_description" {
description = "Description of the role"
type = string
default = null
default = "EKS managed node group IAM role"
nullable = false
}
variable "iam_role_permissions_boundary" {
@@ -538,18 +650,21 @@ variable "iam_role_attach_cni_policy" {
description = "Whether to attach the `AmazonEKS_CNI_Policy`/`AmazonEKS_CNI_IPv6_Policy` IAM policy to the IAM IAM role. WARNING: If set `false` the permissions must be assigned to the `aws-node` DaemonSet pods via another method or nodes will not be able to join the cluster"
type = bool
default = true
nullable = false
}
variable "iam_role_additional_policies" {
description = "Additional policies to be added to the IAM role"
type = map(string)
default = {}
nullable = false
}
variable "iam_role_tags" {
description = "A map of additional tags to add to the IAM role created"
type = map(string)
default = {}
nullable = false
}
################################################################################
@@ -560,26 +675,105 @@ variable "create_iam_role_policy" {
description = "Determines whether an IAM role policy is created or not"
type = bool
default = true
nullable = false
}
variable "iam_role_policy_statements" {
description = "A list of IAM policy [statements](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#statement) - used for adding specific IAM permissions as needed"
type = any
default = []
type = list(object({
sid = optional(string)
actions = optional(list(string))
not_actions = optional(list(string))
effect = optional(string)
resources = optional(list(string))
not_resources = optional(list(string))
principals = optional(list(object({
type = string
identifiers = list(string)
})))
not_principals = optional(list(object({
type = string
identifiers = list(string)
})))
condition = optional(list(object({
test = string
values = list(string)
variable = string
})))
}))
default = null
}
################################################################################
# Autoscaling Group Schedule
# Security Group
################################################################################
variable "create_schedule" {
description = "Determines whether to create autoscaling group schedule or not"
variable "create_security_group" {
description = "Determines if a security group is created"
type = bool
default = true
nullable = false
}
variable "schedules" {
description = "Map of autoscaling group schedule to create"
type = map(any)
variable "security_group_name" {
description = "Name to use on security group created"
type = string
default = null
}
variable "security_group_use_name_prefix" {
description = "Determines whether the security group name (`security_group_name`) is used as a prefix"
type = bool
default = true
nullable = false
}
variable "security_group_description" {
description = "Description of the security group created"
type = string
default = null
}
variable "security_group_ingress_rules" {
description = "Security group ingress rules to add to the security group created"
type = map(object({
name = optional(string)
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(string)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
self = optional(bool, false)
tags = optional(map(string), {})
to_port = optional(string)
}))
default = {}
}
variable "security_group_egress_rules" {
description = "Security group egress rules to add to the security group created"
type = map(object({
name = optional(string)
cidr_ipv4 = optional(string)
cidr_ipv6 = optional(string)
description = optional(string)
from_port = optional(string)
ip_protocol = optional(string, "tcp")
prefix_list_id = optional(string)
referenced_security_group_id = optional(string)
self = optional(bool, false)
tags = optional(map(string), {})
to_port = optional(string)
}))
default = {}
}
variable "security_group_tags" {
description = "A map of additional tags to add to the security group created"
type = map(string)
default = {}
}