mirror of
https://github.com/terraform-aws-modules/terraform-aws-eks.git
synced 2025-09-09 19:32:58 +08:00
Bryant Biggs
416515a0da
* feat!: Upgrade min AWS provider and Terraform versions to `6.0` and `1.5.7` respectively * fix: Remove deprecated arguments in AWS v6.0 provider, upgrade Helm provider to v3.0, bump VPC module to v6.0 * fix: Remove `aws-auth` sub-module * fix: Remove `platform` and `cluster_service_ipv4_cidr` variables from `user-data` sub-module * fix: Resolve all marked `todos` that have been accumulated * fix: Set default `http_put_response_hop_limit` to `1` * fix: Remove IRSA support from Karpenter sub-module * fix: Avoid making GET requests from data sources unless absolutely necessary * feat: Add variable optional attribute definitions * feat: Bump KMS key module version to latest, add remaining variable attribute definitions * fix: Remove `cluster_` prefix from variable names to better match the underlying API * fix: Move all EFA logic to the nodegroup itself * fix: Remove arguments that do not make sense in EKS * fix: Updates from plan validation * fix: Remove more self-managed node group attributes that are commonly not used in EKS clusters * fix: Remove data plane compute `*_defaults` variables that do not work with variable optional attributes * fix: Ignore changes to `bootstrap_self_managed_addons` to aid in upgrade * feat: Add support for `region` argument on relevant resources * feat: Initial pass on upgrade guide * fix: Updates from testing and validating EKS managed node group * fix: Updates from testing and validating self-managed node group * docs: Ensure addon ussage documented is aligned * feat: Switch to dualstack OIDC issuer URL * feat: Allow sourcing over overriding the Karpenter assume role policy * fix: Use `Bool` instead of `StringEquals` for DenyHTTP queue policy * fix: Correct use of `nullable` and default value propagation
EKS Hybrid Nodes
Caution
EC2 instances are not supported with EKS Hybrid Nodes. This example is provided for reference only in lieu of users having to provision a VM in their own environment.
Usage
Note
The Packer CLI is required to build a custom AMI for the Hybrid node used in the example.
To provision the provided configurations you need to execute:
terraform init
terraform apply -target=module.remote_node_vpc -target=local_file.key_pem -target=module.key_pair --auto-approve
cd ami && packer build -var 'ssh_keypair_name=hybrid-node' -var 'ssh_private_key_file=../key.pem' . && cd -
terraform apply --auto-approve
./join.sh
Note that this example may create resources which cost money. Run terraform destroy when you don't need these resources.
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.5.7 |
| aws | >= 6.0 |
| helm | >= 3.0 |
| http | >= 3.4 |
| local | >= 2.5 |
| tls | >= 4.0 |
Providers
| Name | Version |
|---|---|
| aws | >= 6.0 |
| aws.remote | >= 6.0 |
| helm | >= 3.0 |
| http | >= 3.4 |
| local | >= 2.5 |
Modules
| Name | Source | Version |
|---|---|---|
| eks | ../.. | n/a |
| eks_hybrid_node_role | ../../modules/hybrid-node-role | n/a |
| key_pair | terraform-aws-modules/key-pair/aws | ~> 2.0 |
| remote_node_vpc | terraform-aws-modules/vpc/aws | ~> 6.0 |
| vpc | terraform-aws-modules/vpc/aws | ~> 6.0 |
Resources
| Name | Type |
|---|---|
| aws_instance.hybrid_node | resource |
| aws_route.peer | resource |
| aws_route.remote_node_private | resource |
| aws_route.remote_node_public | resource |
| aws_security_group.remote_node | resource |
| aws_ssm_activation.this | resource |
| aws_vpc_peering_connection.remote_node | resource |
| aws_vpc_peering_connection_accepter.peer | resource |
| aws_vpc_security_group_egress_rule.remote_node | resource |
| aws_vpc_security_group_ingress_rule.remote_node | resource |
| helm_release.cilium | resource |
| local_file.join | resource |
| local_file.key_pem | resource |
| local_file.key_pub_pem | resource |
| aws_ami.hybrid_node | data source |
| aws_availability_zones.available | data source |
| aws_availability_zones.remote | data source |
| http_http.icanhazip | data source |
Inputs
No inputs.
Outputs
No outputs.