xpk/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/terraform-aws-modules/terraform-aws-eks.git synced 2025-09-09 19:32:58 +08:00
Code Activity
Files
master
terraform-aws-eks/modules/_user_data/main.tf
T
Bryant Biggs 416515a0da feat!: Upgrade min AWS provider and Terraform versions to 6.0 and 1.5.7 respectively (#3412) 
* feat!: Upgrade min AWS provider and Terraform versions to `6.0` and `1.5.7` respectively

* fix: Remove deprecated arguments in AWS v6.0 provider, upgrade Helm provider to v3.0, bump VPC module to v6.0

* fix: Remove `aws-auth` sub-module

* fix: Remove `platform` and `cluster_service_ipv4_cidr` variables from `user-data` sub-module

* fix: Resolve all marked `todos` that have been accumulated

* fix: Set default `http_put_response_hop_limit` to `1`

* fix: Remove IRSA support from Karpenter sub-module

* fix: Avoid making GET requests from data sources unless absolutely necessary

* feat: Add variable optional attribute definitions

* feat: Bump KMS key module version to latest, add remaining variable attribute definitions

* fix: Remove `cluster_` prefix from variable names to better match the underlying API

* fix: Move all EFA logic to the nodegroup itself

* fix: Remove arguments that do not make sense in EKS

* fix: Updates from plan validation

* fix: Remove more self-managed node group attributes that are commonly not used in EKS clusters

* fix: Remove data plane compute `*_defaults` variables that do not work with variable optional attributes

* fix: Ignore changes to `bootstrap_self_managed_addons` to aid in upgrade

* feat: Add support for `region` argument on relevant resources

* feat: Initial pass on upgrade guide

* fix: Updates from testing and validating EKS managed node group

* fix: Updates from testing and validating self-managed node group

* docs: Ensure addon ussage documented is aligned

* feat: Switch to dualstack OIDC issuer URL

* feat: Allow sourcing over overriding the Karpenter assume role policy

* fix: Use `Bool` instead of `StringEquals` for DenyHTTP queue policy

* fix: Correct use of `nullable` and default value propagation
2025-07-23 15:11:01 -05:00

137 lines
5.8 KiB
Terraform
Raw Permalink Blame History

# The `cluster_service_cidr` is required when `create == true`
# This is a hacky way to make that logic work, otherwise Terraform always wants a value
# and supplying any old value like `""` or `null` is not valid and will silently
# fail to join nodes to the cluster
resource "null_resource" "validate_cluster_service_cidr" {
lifecycle {
precondition {
# The length 6 is currently arbitrary, but it's a safe bet that the CIDR will be longer than that
# The main point is that a value needs to be provided when `create = true`
condition = var.create ? length(var.cluster_service_cidr) > 6 : true
error_message = "`cluster_service_cidr` is required when `create = true`."
}
}
}
locals {
is_al2 = startswith(var.ami_type, "AL2_")
is_al2023 = startswith(var.ami_type, "AL2023_")
# Converts AMI type into user data template path
ami_type_to_user_data_path = {
AL2_ARM_64 = "${path.module}/../../templates/al2_user_data.tpl"
AL2_x86_64 = "${path.module}/../../templates/al2_user_data.tpl"
AL2_x86_64_GPU = "${path.module}/../../templates/al2_user_data.tpl"
AL2023_x86_64_STANDARD = "${path.module}/../../templates/al2023_user_data.tpl"
AL2023_ARM_64_STANDARD = "${path.module}/../../templates/al2023_user_data.tpl"
AL2023_x86_64_NEURON = "${path.module}/../../templates/al2023_user_data.tpl"
AL2023_x86_64_NVIDIA = "${path.module}/../../templates/al2023_user_data.tpl"
AL2023_ARM_64_NVIDIA = "${path.module}/../../templates/al2023_user_data.tpl"
BOTTLEROCKET_ARM_64 = "${path.module}/../../templates/bottlerocket_user_data.tpl"
BOTTLEROCKET_x86_64 = "${path.module}/../../templates/bottlerocket_user_data.tpl"
BOTTLEROCKET_ARM_64_FIPS = "${path.module}/../../templates/bottlerocket_user_data.tpl"
BOTTLEROCKET_x86_64_FIPS = "${path.module}/../../templates/bottlerocket_user_data.tpl"
BOTTLEROCKET_ARM_64_NVIDIA = "${path.module}/../../templates/bottlerocket_user_data.tpl"
BOTTLEROCKET_x86_64_NVIDIA = "${path.module}/../../templates/bottlerocket_user_data.tpl"
WINDOWS_CORE_2019_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
WINDOWS_FULL_2019_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
WINDOWS_CORE_2022_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
WINDOWS_FULL_2022_x86_64 = "${path.module}/../../templates/windows_user_data.tpl"
CUSTOM = var.user_data_template_path
}
user_data_path = coalesce(var.user_data_template_path, local.ami_type_to_user_data_path[var.ami_type])
cluster_dns_ips = flatten(concat([try(cidrhost(var.cluster_service_cidr, 10), "")], var.additional_cluster_dns_ips))
user_data = var.create ? base64encode(templatefile(local.user_data_path,
{
# https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-custom-ami
enable_bootstrap_user_data = var.enable_bootstrap_user_data
# Required to bootstrap node
cluster_name = var.cluster_name
cluster_endpoint = var.cluster_endpoint
cluster_auth_base64 = var.cluster_auth_base64
cluster_service_cidr = var.cluster_service_cidr
cluster_ip_family = var.cluster_ip_family
# Bottlerocket
cluster_dns_ips = "[${join(", ", formatlist("\"%s\"", local.cluster_dns_ips))}]"
# Optional
bootstrap_extra_args = var.bootstrap_extra_args
pre_bootstrap_user_data = var.pre_bootstrap_user_data
post_bootstrap_user_data = var.post_bootstrap_user_data
}
)) : ""
user_data_type_to_rendered = try(coalesce(
local.is_al2 ? try(data.cloudinit_config.al2_eks_managed_node_group[0].rendered, local.user_data) : null,
local.is_al2023 ? try(data.cloudinit_config.al2023_eks_managed_node_group[0].rendered, local.user_data) : null,
local.user_data,
), "")
}
# https://github.com/aws/containers-roadmap/issues/596#issuecomment-675097667
# Managed node group data must in MIME multi-part archive format,
# as by default, EKS will merge the bootstrapping command required for nodes to join the
# cluster with your user data. If you use a custom AMI in your launch template,
# this merging will NOT happen and you are responsible for nodes joining the cluster.
# See docs for more details -> https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data
data "cloudinit_config" "al2_eks_managed_node_group" {
count = var.create && local.is_al2 && var.is_eks_managed_node_group && !var.enable_bootstrap_user_data && var.pre_bootstrap_user_data != "" && var.user_data_template_path == "" ? 1 : 0
base64_encode = true
gzip = false
boundary = "//"
# Prepend to existing user data supplied by AWS EKS
part {
content = var.pre_bootstrap_user_data
content_type = "text/x-shellscript"
}
}
# Scenarios:
#
# 1. Do nothing - provide nothing
# 2. Prepend stuff on EKS MNG (before EKS MNG adds its bit at the end)
# 3. Own all of the stuff on self-MNG or EKS MNG w/ custom AMI
locals {
nodeadm_cloudinit = var.enable_bootstrap_user_data ? concat(
var.cloudinit_pre_nodeadm,
[{
content_type = "application/node.eks.aws"
content = base64decode(local.user_data)
}],
var.cloudinit_post_nodeadm
) : var.cloudinit_pre_nodeadm
}
data "cloudinit_config" "al2023_eks_managed_node_group" {
count = var.create && local.is_al2023 && length(local.nodeadm_cloudinit) > 0 ? 1 : 0
base64_encode = true
gzip = false
boundary = "MIMEBOUNDARY"
dynamic "part" {
# Using the index is fine in this context since any change in user data will be a replacement
for_each = { for i, v in local.nodeadm_cloudinit : i => v }
content {
content = part.value.content
content_type = try(part.value.content_type, null)
filename = try(part.value.filename, null)
merge_type = try(part.value.merge_type, null)
}
}
}
View Git Blame Copy Permalink