mirror of
https://github.com/terraform-aws-modules/terraform-aws-eks.git
synced 2025-09-09 19:32:58 +08:00
philicious
127a3a8831
NOTES: Managed Node Groups now support Launch Templates. The Launch Template it self is not managed by this module, so you have to create it by your self and pass it's id to this module. See docs and [`examples/launch_templates_with_managed_node_groups/`](https://github.com/terraform-aws-modules/terraform-aws-eks/tree/master/examples/launch_templates_with_managed_node_group) for more details.
90 lines
3.1 KiB
Terraform
90 lines
3.1 KiB
Terraform
data "template_file" "launch_template_userdata" {
|
|
template = file("${path.module}/templates/userdata.sh.tpl")
|
|
|
|
vars = {
|
|
cluster_name = local.cluster_name
|
|
endpoint = module.eks.cluster_endpoint
|
|
cluster_auth_base64 = module.eks.cluster_certificate_authority_data
|
|
|
|
bootstrap_extra_args = ""
|
|
kubelet_extra_args = ""
|
|
}
|
|
}
|
|
|
|
// this is based on the LT that EKS would create if no custom one is specified (aws ec2 describe-launch-template-versions --launch-template-id xxx)
|
|
// there are several more options one could set but you probably dont need to modify them
|
|
// you can take the default and add your custom AMI and/or custom tags
|
|
//
|
|
// Trivia: AWS transparently creates a copy of your LaunchTemplate and actually uses that copy then for the node group. If you DONT use a custom AMI,
|
|
// then the default user-data for bootstrapping a cluster is merged in the copy.
|
|
resource "aws_launch_template" "default" {
|
|
name_prefix = "eks-example-"
|
|
description = "Default Launch-Template"
|
|
update_default_version = true
|
|
|
|
block_device_mappings {
|
|
device_name = "/dev/xvda"
|
|
|
|
ebs {
|
|
volume_size = 100
|
|
volume_type = "gp2"
|
|
delete_on_termination = true
|
|
//encrypted = true
|
|
// enable this if you want to encrypt your node root volumes with a KMS/CMK. encryption of PVCs is handled via k8s StorageClass tho
|
|
// you also need to attach data.aws_iam_policy_document.ebs_decryption.json from the disk_encryption_policy.tf to the KMS/CMK key then !!
|
|
//kms_key_id = var.kms_key_arn
|
|
}
|
|
}
|
|
|
|
instance_type = var.instance_type
|
|
|
|
monitoring {
|
|
enabled = true
|
|
}
|
|
|
|
network_interfaces {
|
|
associate_public_ip_address = false
|
|
delete_on_termination = true
|
|
security_groups = [module.eks.worker_security_group_id]
|
|
}
|
|
|
|
//image_id = var.ami_id // if you want to use a custom AMI
|
|
|
|
// if you use a custom AMI, you need to supply via user-data, the bootstrap script as EKS DOESNT merge its managed user-data then
|
|
// you can add more than the minimum code you see in the template, e.g. install SSM agent, see https://github.com/aws/containers-roadmap/issues/593#issuecomment-577181345
|
|
//
|
|
// (optionally you can use https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/cloudinit_config to render the script, example: https://github.com/terraform-aws-modules/terraform-aws-eks/pull/997#issuecomment-705286151)
|
|
|
|
// user_data = base64encode(
|
|
// data.template_file.launch_template_userdata.rendered,
|
|
// )
|
|
|
|
|
|
// supplying custom tags to EKS instances is another use-case for LaunchTemplates
|
|
tag_specifications {
|
|
resource_type = "instance"
|
|
|
|
tags = {
|
|
CustomTag = "EKS example"
|
|
}
|
|
}
|
|
|
|
// supplying custom tags to EKS instances root volumes is another use-case for LaunchTemplates. (doesnt add tags to dynamically provisioned volumes via PVC tho)
|
|
tag_specifications {
|
|
resource_type = "volume"
|
|
|
|
tags = {
|
|
CustomTag = "EKS example"
|
|
}
|
|
}
|
|
|
|
// tag the LT itself
|
|
tags = {
|
|
CustomTag = "EKS example"
|
|
}
|
|
|
|
lifecycle {
|
|
create_before_destroy = true
|
|
}
|
|
}
|