Merge pull request #110 from kbst/eks_node_group

EKS node groups
kbst · May 25, 2020 · fa8dc07 · fa8dc07
2 parents e6b68bc + 7885080
commit fa8dc07
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 162 deletions.
diff --git a/aws/_modules/eks/node_pool.tf b/aws/_modules/eks/node_pool.tf
@@ -1,24 +1,20 @@
 module "node_pool" {
   source = "./node_pool"
 
-  metadata_name = var.metadata_name
+  metadata_labels   = var.metadata_labels
+  eks_metadata_tags = local.eks_metadata_tags
 
-  cluster_name     = aws_eks_cluster.current.name
-  cluster_endpoint = aws_eks_cluster.current.endpoint
-  cluster_version  = aws_eks_cluster.current.version
-  cluster_ca       = aws_eks_cluster.current.certificate_authority[0].data
+  cluster_name    = aws_eks_cluster.current.name
+  node_group_name = "default"
 
-  iam_instance_profile_name = aws_iam_instance_profile.nodes.name
+  role_arn = aws_iam_role.node.arn
 
-  security_groups = [aws_security_group.nodes.id]
+  subnet_ids = aws_subnet.current.*.id
 
-  instance_type    = var.instance_type
-  desired_capacity = var.desired_capacity
-  max_size         = var.max_size
-  min_size         = var.min_size
+  instance_type = var.instance_type
+  desired_size  = var.desired_capacity
+  max_size      = var.max_size
+  min_size      = var.min_size
 
-  root_device_volume_size = var.root_device_volume_size
-  root_device_encrypted = var.root_device_encrypted
-
-  vpc_zone_identifiers = aws_subnet.current.*.id
+  disk_size = var.root_device_volume_size
 }
diff --git a/aws/_modules/eks/node_pool/main.tf b/aws/_modules/eks/node_pool/main.tf
@@ -1,59 +1,18 @@
-data "aws_ami" "eks_node" {
-  filter {
-    name   = "name"
-    values = ["amazon-eks-node-${var.cluster_version}-v*"]
+resource "aws_eks_node_group" "nodes" {
+  cluster_name    = var.cluster_name
+  node_group_name = var.node_group_name
+  node_role_arn   = var.role_arn
+  subnet_ids      = var.subnet_ids
+
+  scaling_config {
+    desired_size = var.desired_size
+    max_size     = var.max_size
+    min_size     = var.min_size
   }
 
-  most_recent = true
-  owners      = ["602401143452"] # Amazon EKS AMI Account ID
-}
-
-locals {
-  node_userdata = <<USERDATA
-#!/bin/bash
-set -o xtrace
-/etc/eks/bootstrap.sh --apiserver-endpoint '${var.cluster_endpoint}' --b64-cluster-ca '${var.cluster_ca}' '${var.cluster_name}'
-USERDATA
-
-}
+  instance_types = [var.instance_type]
+  disk_size      = var.disk_size
 
-resource "aws_launch_configuration" "nodes" {
-  associate_public_ip_address = true
-  iam_instance_profile = var.iam_instance_profile_name
-  image_id = data.aws_ami.eks_node.id
-  instance_type = var.instance_type
-  name_prefix = var.metadata_name
-  security_groups = var.security_groups
-  user_data_base64 = base64encode(local.node_userdata)
-
-  root_block_device {
-    volume_size = var.root_device_volume_size
-    encrypted = var.root_device_encrypted
-  }
-
-  lifecycle {
-    create_before_destroy = true
-  }
+  tags   = var.eks_metadata_tags
+  labels = var.metadata_labels
 }
-
-resource "aws_autoscaling_group" "nodes" {
-  desired_capacity = var.desired_capacity
-  launch_configuration = aws_launch_configuration.nodes.id
-  max_size = var.max_size
-  min_size = var.min_size
-  name = var.metadata_name
-  vpc_zone_identifier = var.vpc_zone_identifiers
-
-  tag {
-    key = "Name"
-    value = var.metadata_name
-    propagate_at_launch = true
-  }
-
-  tag {
-    key = "kubernetes.io/cluster/${var.metadata_name}"
-    value = "owned"
-    propagate_at_launch = true
-  }
-}
-
diff --git a/aws/_modules/eks/node_pool/variables.tf b/aws/_modules/eks/node_pool/variables.tf
@@ -1,44 +1,34 @@
-variable "metadata_name" {
-  type        = string
-  description = "Metadata name to use."
-}
-
-variable "cluster_version" {
-  type        = string
-  description = "Kubernetes version of the EKS cluster."
+variable "metadata_labels" {
+  type        = map(string)
+  description = "Metadata labels to use."
 }
 
-variable "cluster_endpoint" {
-  type        = string
-  description = "Kubernetes API endpoint of the EKS cluster."
+variable "eks_metadata_tags" {
+  type        = map
+  description = "EKS metadata tags to use."
 }
 
-variable "cluster_ca" {
+variable "cluster_name" {
   type        = string
-  description = "Certificate authority of the EKS cluster."
+  description = "Cluster name of the EKS cluster."
 }
 
-variable "cluster_name" {
+variable "node_group_name" {
   type        = string
-  description = "Cluster name of the EKS cluster."
+  description = "Name for this node pool."
 }
 
-variable "iam_instance_profile_name" {
+variable "role_arn" {
   type        = string
-  description = "IAM instance profile to use for nodes."
+  description = "ARN of the IAM role for worker nodes."
 }
 
 variable "instance_type" {
   type        = string
   description = "AWS instance type to use for nodes."
 }
 
-variable "security_groups" {
-  type        = list(string)
-  description = "List of security group IDs to use for nodes."
-}
-
-variable "desired_capacity" {
+variable "desired_size" {
   type        = string
   description = "Desired number of worker nodes."
 }
@@ -53,20 +43,13 @@ variable "min_size" {
   description = "Minimum number of worker nodes."
 }
 
-variable "root_device_encrypted" {
-  type = bool
-  default = true
-  description = "Will encrypted the root device."
-}
-
-variable "root_device_volume_size" {
-  type = string
-  default = "20"
+variable "disk_size" {
+  type        = string
+  default     = "20"
   description = "Will set the volume size of the root device"
 }
 
-variable "vpc_zone_identifiers" {
+variable "subnet_ids" {
   type        = list(string)
   description = "List of VPC subnet IDs to use for nodes."
 }
-
diff --git a/aws/_modules/eks/sg_masters.tf b/aws/_modules/eks/sg_masters.tf
@@ -22,14 +22,3 @@ resource "aws_security_group_rule" "masters_ingress_apiserver_public" {
   to_port           = 443
   type              = "ingress"
 }
-
-resource "aws_security_group_rule" "masters_ingress_apiserver_nodes" {
-  description              = "Allow pods to communicate with the cluster API Server"
-  from_port                = 443
-  protocol                 = "tcp"
-  security_group_id        = aws_security_group.masters.id
-  source_security_group_id = aws_security_group.nodes.id
-  to_port                  = 443
-  type                     = "ingress"
-}
-
diff --git a/aws/_modules/eks/sg_workers.tf b/aws/_modules/eks/sg_workers.tf
diff --git a/aws/_modules/eks/vpc.tf b/aws/_modules/eks/vpc.tf
@@ -7,9 +7,10 @@ resource "aws_vpc" "current" {
 resource "aws_subnet" "current" {
   count = length(var.availability_zones)
 
-  availability_zone = var.availability_zones[count.index]
-  cidr_block        = "10.0.${count.index}.0/24"
-  vpc_id            = aws_vpc.current.id
+  availability_zone       = var.availability_zones[count.index]
+  cidr_block              = "10.0.${count.index}.0/24"
+  vpc_id                  = aws_vpc.current.id
+  map_public_ip_on_launch = true
 
   tags = local.eks_metadata_tags
 }