Merge pull request #276 from cookpad/aidy/eks-addons

Manage vpc-cni, coredns and kube-proxy via eks addons
cookpad · Dec 1, 2021 · 1faaeba · 1faaeba
2 parents aac76f4 + 24041aa
commit 1faaeba
Show file tree

Hide file tree

Showing 18 changed files with 29 additions and 693 deletions.
diff --git a/README.md b/README.md
@@ -78,7 +78,7 @@ to assume a common IAM role in the aws provider definition.
 ```hcl
 provider "aws" {
   region              = "us-east-1"
-  version             = "3.49.0"
+  version             = "3.53.0"
   assume_role {
     role_arn = "arn:aws:iam::<your account id>:role/Terraform"
   }

diff --git a/UPGRADING.md b/UPGRADING.md
@@ -8,6 +8,7 @@
 ## 1.19 -> 1.20
 [247](https://github.com/cookpad/terraform-aws-eks/pull/247) 💥 Breaking Change. The `k8s_version` variable has been removed. Use the correct version of the module for the k8s version you want to use.
 [156](https://github.com/cookpad/terraform-aws-eks/issues/156) 💥 Breaking Change. The root module has been removed. Please refactor using the README as a guide.
+[276](https://github.com/cookpad/terraform-aws-eks/pull/276) 💥 Breaking Change. The `dns_cluster_ip` variable has been removed from the `asg_node_group` module.
 
 ## 1.18 -> 1.19
 

diff --git a/examples/cluster/bottlerocket_node_group/main.tf b/examples/cluster/bottlerocket_node_group/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "3.49.0"
+      version = "3.53.0"
     }
   }
 }

diff --git a/examples/cluster/environment/main.tf b/examples/cluster/environment/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "3.49.0"
+      version = "3.53.0"
     }
   }
 }

diff --git a/examples/cluster/gpu_node_group/main.tf b/examples/cluster/gpu_node_group/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "3.49.0"
+      version = "3.53.0"
     }
   }
 }

diff --git a/examples/cluster/main.tf b/examples/cluster/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "3.49.0"
+      version = "3.53.0"
     }
   }
 }

diff --git a/examples/cluster/standard_node_group/main.tf b/examples/cluster/standard_node_group/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "3.49.0"
+      version = "3.53.0"
     }
   }
 }

diff --git a/examples/vpc/main.tf b/examples/vpc/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "3.49.0"
+      version = "3.53.0"
     }
   }
 }

diff --git a/modules/asg_node_group/bottlerocket_config.toml.tpl b/modules/asg_node_group/bottlerocket_config.toml.tpl
@@ -2,7 +2,6 @@
 cluster-name = "${cluster_name}"
 api-server = "${cluster_endpoint}"
 cluster-certificate = "${cluster_ca_data}"
-cluster-dns-ip = "${dns_cluster_ip}"
 [settings.kubernetes.node-labels]
 ${node_labels}
 [settings.kubernetes.node-taints]

diff --git a/modules/asg_node_group/cloud_config.tpl b/modules/asg_node_group/cloud_config.tpl
@@ -4,4 +4,4 @@ fqdn: eks-node-${cluster_name}-{{ v1.instance_id }}
 runcmd:
 - [aws, --region={{ v1.region }}, ec2, create-tags, --resources={{ v1.instance_id }}, "--tags=Key=Name,Value=eks-node-${cluster_name}-{{ v1.instance_id }}"]
 - [systemctl, restart, docker]
-- [/etc/eks/bootstrap.sh, ${cluster_name}, --kubelet-extra-args, '--node-labels=${labels} --register-with-taints="${taints}"', --dns-cluster-ip, ${dns_cluster_ip}]
+- [/etc/eks/bootstrap.sh, ${cluster_name}, --kubelet-extra-args, '--node-labels=${labels} --register-with-taints="${taints}"']
diff --git a/modules/asg_node_group/main.tf b/modules/asg_node_group/main.tf
@@ -60,10 +60,9 @@ data "aws_region" "current" {}
 data "template_file" "cloud_config" {
   template = file("${path.module}/cloud_config.tpl")
   vars = {
-    cluster_name   = var.cluster_config.name
-    labels         = join(",", [for label, value in local.labels : "${label}=${value}"])
-    taints         = join(",", [for taint, value_effect in var.taints : "${taint}=${value_effect}"])
-    dns_cluster_ip = var.cluster_config.dns_cluster_ip
+    cluster_name = var.cluster_config.name
+    labels       = join(",", [for label, value in local.labels : "${label}=${value}"])
+    taints       = join(",", [for taint, value_effect in var.taints : "${taint}=${value_effect}"])
   }
 }
 
@@ -92,7 +91,6 @@ data "template_file" "bottlerocket_config" {
     cluster_name                 = var.cluster_config.name
     cluster_endpoint             = var.cluster_config.endpoint
     cluster_ca_data              = var.cluster_config.ca_data
-    dns_cluster_ip               = var.cluster_config.dns_cluster_ip
     node_labels                  = join("\n", [for label, value in local.labels : "\"${label}\" = \"${value}\""])
     node_taints                  = join("\n", [for taint, value in var.taints : "\"${taint}\" = \"${value}\""])
     admin_container_enabled      = var.bottlerocket_admin_container_enabled
@@ -147,7 +145,7 @@ resource "aws_autoscaling_group" "nodes" {
   vpc_zone_identifier       = each.value
   termination_policies      = var.termination_policies
   enabled_metrics           = var.enabled_metrics
-  wait_for_capacity_timeout = 0
+  wait_for_capacity_timeout = "10m"
 
   mixed_instances_policy {
     launch_template {

diff --git a/modules/asg_node_group/variables.tf b/modules/asg_node_group/variables.tf
@@ -8,7 +8,6 @@ variable "cluster_config" {
     node_security_group   = string
     node_instance_profile = string
     tags                  = map(string)
-    dns_cluster_ip        = string
     aws_ebs_csi_driver    = bool
   })
 }

diff --git a/modules/cluster/addons.tf b/modules/cluster/addons.tf
@@ -25,42 +25,28 @@ module "critical_addons_node_group" {
 
 data "aws_region" "current" {}
 
-module "aws_k8s_cni" {
-  source = "./kubectl"
-  config = local.config
-  manifest = templatefile(
-    "${path.module}/addons/aws-k8s-cni.yaml",
-    { aws_region = data.aws_region.current.name }
-  )
-}
 
-data "aws_vpc" "network" {
-  id = var.vpc_config.vpc_id
-}
+// When upgrading k8s version run `aws eks describe-addon-versions --kubernetes-version <version>` to get addon_version numbers
 
-locals {
-  dns_cluster_ip = length(var.dns_cluster_ip) > 0 ? var.dns_cluster_ip : (split(".", data.aws_vpc.network.cidr_block)[0] == "10" ? "172.20.0.10" : "10.100.0.10")
+resource "aws_eks_addon" "kube-proxy" {
+  cluster_name      = local.config.name
+  addon_name        = "kube-proxy"
+  addon_version     = "v1.19.6-eksbuild.2"
+  resolve_conflicts = "OVERWRITE"
 }
 
-module "coredns" {
-  source = "./kubectl"
-  config = local.config
-  manifest = templatefile(
-    "${path.module}/addons/coredns.yaml",
-    {
-      aws_region     = data.aws_region.current.name
-      dns_cluster_ip = local.dns_cluster_ip
-    },
-  )
+resource "aws_eks_addon" "vpc-cni" {
+  cluster_name      = local.config.name
+  addon_name        = "vpc-cni"
+  addon_version     = "v1.9.0-eksbuild.1"
+  resolve_conflicts = "OVERWRITE"
 }
 
-module "kube_proxy" {
-  source = "./kubectl"
-  config = local.config
-  manifest = templatefile(
-    "${path.module}/addons/kube-proxy.yaml",
-    { aws_region = data.aws_region.current.name },
-  )
+resource "aws_eks_addon" "coredns" {
+  cluster_name      = local.config.name
+  addon_name        = "coredns"
+  addon_version     = "v1.8.3-eksbuild.1"
+  resolve_conflicts = "OVERWRITE"
 }
 
 module "cluster_autoscaler" {