From a4117177f6a14b3d5c278eb16d1e3d38fba9932b Mon Sep 17 00:00:00 2001 From: Hwanjin Jeong Date: Tue, 19 Nov 2019 02:10:53 +0900 Subject: [PATCH 1/4] Fix typo (#595) * fix typos * remove unnecessary comment --- README.md | 4 ++-- data.tf | 1 - variables.tf | 4 ++-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index edcc733c..7a7063a2 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | cluster\_log\_kms\_key\_id | If a KMS Key ARN is set, this key will be used to encrypt the corresponding log group. Please be sure that the KMS Key has an appropriate key policy (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html) | string | `""` | no | | cluster\_log\_retention\_in\_days | Number of days to retain log events. Default retention - 90 days. | number | `"90"` | no | | cluster\_name | Name of the EKS cluster. Also used as a prefix in names of related resources. | string | n/a | yes | -| cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers | string | `""` | no | +| cluster\_security\_group\_id | If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the workers | string | `""` | no | | cluster\_version | Kubernetes version to use for the EKS cluster. | string | `"1.14"` | no | | config\_output\_path | Where to save the Kubectl config file (if `write_kubeconfig = true`). Assumed to be a directory if the value ends with a forward slash `/`. | string | `"./"` | no | | iam\_path | If provided, all IAM roles will be created on this path. | string | `"/"` | no | @@ -150,7 +150,7 @@ MIT Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-a | worker\_create\_security\_group | Whether to create a security group for the workers or attach the workers to `worker_security_group_id`. | bool | `"true"` | no | | worker\_groups | A list of maps defining worker group configurations to be defined using AWS Launch Configurations. See workers_group_defaults for valid keys. | any | `[]` | no | | worker\_groups\_launch\_template | A list of maps defining worker group configurations to be defined using AWS Launch Templates. See workers_group_defaults for valid keys. | any | `[]` | no | -| worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster. | string | `""` | no | +| worker\_security\_group\_id | If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster. | string | `""` | no | | worker\_sg\_ingress\_from\_port | Minimum port number from which pods will accept communication. Must be changed to a lower value if some pods in your cluster will expose a port lower than 1025 (e.g. 22, 80, or 443). | number | `"1025"` | no | | workers\_additional\_policies | Additional policies to be added to workers | list(string) | `[]` | no | | workers\_group\_defaults | Override default values for target groups. See workers_group_defaults_defaults in local.tf for valid keys. | any | `{}` | no | diff --git a/data.tf b/data.tf index 732efa1c..e66acc39 100644 --- a/data.tf +++ b/data.tf @@ -42,7 +42,6 @@ data "aws_ami" "eks_worker_windows" { most_recent = true - # Owner ID of AWS EKS team (windows) owners = [var.worker_ami_owner_id_windows] } diff --git a/variables.tf b/variables.tf index 91618563..06c9460f 100644 --- a/variables.tf +++ b/variables.tf @@ -20,7 +20,7 @@ variable "cluster_name" { } variable "cluster_security_group_id" { - description = "If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the workers" + description = "If provided, the EKS cluster will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the workers" type = string default = "" } @@ -115,7 +115,7 @@ variable "worker_groups_launch_template" { } variable "worker_security_group_id" { - description = "If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingres/egress to work with the EKS cluster." + description = "If provided, all workers will be attached to this security group. If not given, a security group will be created with necessary ingress/egress to work with the EKS cluster." type = string default = "" } From 4f3f5b6733d3ca16206883948e84e160ed970e58 Mon Sep 17 00:00:00 2001 From: Angel Abad Date: Mon, 18 Nov 2019 18:16:37 +0100 Subject: [PATCH 2/4] Fix deprecated interpolation-only expression (#594) --- CHANGELOG.md | 1 + kubectl.tf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 057ff39d..32c9f6a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ project adheres to [Semantic Versioning](http://semver.org/). ### Changed - Updated instance_profile_names and instance_profile_arns outputs to also consider launch template as well as asg (by @ankitwal) +- Fix deprecated interpolation-only expression (by @angelabad) # History diff --git a/kubectl.tf b/kubectl.tf index 5a70828f..c7b86d46 100644 --- a/kubectl.tf +++ b/kubectl.tf @@ -1,6 +1,6 @@ resource "local_file" "kubeconfig" { count = var.write_kubeconfig ? 1 : 0 content = data.template_file.kubeconfig.rendered - filename = "${substr(var.config_output_path, -1, 1) == "/" ? "${var.config_output_path}kubeconfig_${var.cluster_name}" : var.config_output_path}" + filename = substr(var.config_output_path, -1, 1) == "/" ? "${var.config_output_path}kubeconfig_${var.cluster_name}" : var.config_output_path } From 215dc849e8775a0b3366f02dbf203797f39e7596 Mon Sep 17 00:00:00 2001 From: Joonsung Lee Date: Wed, 20 Nov 2019 21:19:06 +0900 Subject: [PATCH 3/4] Fix broken terraform plan/apply on a cluster < 1.14 (Fix #582) (#600) --- CHANGELOG.md | 1 + data.tf | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 32c9f6a3..c1f045b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ project adheres to [Semantic Versioning](http://semver.org/). - Updated instance_profile_names and instance_profile_arns outputs to also consider launch template as well as asg (by @ankitwal) - Fix deprecated interpolation-only expression (by @angelabad) +- Fix broken terraform plan/apply on a cluster < 1.14 (by @hodduc) # History diff --git a/data.tf b/data.tf index e66acc39..20fd3567 100644 --- a/data.tf +++ b/data.tf @@ -1,6 +1,10 @@ locals { - worker_ami_name_filter = var.worker_ami_name_filter != "" ? var.worker_ami_name_filter : "amazon-eks-node-${var.cluster_version}-v*" - worker_ami_name_filter_windows = var.worker_ami_name_filter_windows != "" ? var.worker_ami_name_filter_windows : "Windows_Server-2019-English-Core-EKS_Optimized-${var.cluster_version}-*" + worker_ami_name_filter = var.worker_ami_name_filter != "" ? var.worker_ami_name_filter : "amazon-eks-node-${var.cluster_version}-v*" + + # Windows nodes are available from k8s 1.14. If cluster version is less than 1.14, fix ami filter to some constant to not fail on 'terraform plan'. + worker_ami_name_filter_windows = (var.worker_ami_name_filter_windows != "" ? + var.worker_ami_name_filter_windows : "Windows_Server-2019-English-Core-EKS_Optimized-${tonumber(var.cluster_version) >= 1.14 ? var.cluster_version : 1.14}-*" + ) } data "aws_iam_policy_document" "workers_assume_role_policy" { From b69c8fb7596de59aa69fee020f8941ec6618f6b4 Mon Sep 17 00:00:00 2001 From: Mary Hayes Date: Wed, 20 Nov 2019 06:23:56 -0600 Subject: [PATCH 4/4] Run aws-auth Update Commands in Sequence and not Parallel (#592) * Run aws-auth Update Commands in Sequence and not Parallel * Update changelog --- CHANGELOG.md | 2 ++ aws_auth.tf | 9 ++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c1f045b3..35a7a40d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,8 @@ project adheres to [Semantic Versioning](http://semver.org/). ### Changed - Updated instance_profile_names and instance_profile_arns outputs to also consider launch template as well as asg (by @ankitwal) +- Updated application of `aws-auth` configmap to create `kube_config.yaml` and `aws_auth_configmap.yaml` in sequence (and not parallel) to `kubectl apply` (by @knittingdev) +- Exit with error code when `aws-auth` configmap is unable to be updated (by @knittingdev) - Fix deprecated interpolation-only expression (by @angelabad) - Fix broken terraform plan/apply on a cluster < 1.14 (by @hodduc) diff --git a/aws_auth.tf b/aws_auth.tf index bd322119..ebec0351 100644 --- a/aws_auth.tf +++ b/aws_auth.tf @@ -12,13 +12,16 @@ resource "null_resource" "update_config_map_aws_auth" { working_dir = path.module command = < kube_config.yaml & \ -echo "${null_resource.update_config_map_aws_auth[0].triggers.config_map_rendered}" > aws_auth_configmap.yaml & \ -kubectl apply -f aws_auth_configmap.yaml --kubeconfig kube_config.yaml && break || \ +echo "${null_resource.update_config_map_aws_auth[0].triggers.kube_config_map_rendered}" > kube_config.yaml && \ +echo "${null_resource.update_config_map_aws_auth[0].triggers.config_map_rendered}" > aws_auth_configmap.yaml && \ +kubectl apply -f aws_auth_configmap.yaml --kubeconfig kube_config.yaml && \ +completed_apply=1 && break || \ sleep 10; \ done; \ rm aws_auth_configmap.yaml kube_config.yaml; +if [ "$completed_apply" = "0" ]; then exit 1; fi; EOS