diff --git a/README.md b/README.md
index d52ea63..94c0770 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,8 @@ module "captain" {
availability_zones = ["us-west-2a", "us-west-2b"]
node_pools = [
# {
-# "ami_image_id" : "ami-0a62f3a52fa691069",
+# "ami_release_version" : "1.28.11-20240807",
+# "ami_type" : "AL2_x86_64",
# "instance_type" : "t3a.large",
# "name" : "glueops-platform-node-pool-1",
# "node_count" : 4,
@@ -46,7 +47,8 @@ module "captain" {
# ]
# },
# {
-# "ami_image_id" : "ami-0a62f3a52fa691069",
+# "ami_release_version" : "1.28.11-20240807",
+# "ami_type" : "AL2_x86_64",
# "instance_type" : "t3a.small",
# "name" : "glueops-platform-node-pool-argocd-app-controller-1",
# "node_count" : 2,
@@ -66,7 +68,8 @@ module "captain" {
# ]
# },
# {
-# "ami_image_id" : "ami-0a62f3a52fa691069",
+# "ami_release_version" : "1.28.11-20240807",
+# "ami_type" : "AL2_x86_64",
# "instance_type" : "t3a.medium",
# "name" : "clusterwide-node-pool-1",
# "node_count" : 2,
@@ -164,7 +167,7 @@ No requirements.
| Name | Source | Version |
|------|--------|---------|
| [kubernetes](#module\_kubernetes) | cloudposse/eks-cluster/aws | 3.0.0 |
-| [node\_pool](#module\_node\_pool) | cloudposse/eks-node-group/aws | 2.12.0 |
+| [node\_pool](#module\_node\_pool) | cloudposse/eks-node-group/aws | 3.1.0 |
| [subnets](#module\_subnets) | cloudposse/dynamic-subnets/aws | 2.4.2 |
| [vpc](#module\_vpc) | cloudposse/vpc/aws | 2.2.0 |
| [vpc\_peering\_accepter\_with\_routes](#module\_vpc\_peering\_accepter\_with\_routes) | ./modules/vpc_peering_accepter_with_routes | n/a |
@@ -181,7 +184,6 @@ No requirements.
| [aws_security_group.captain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.allow_all_within_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.captain_egress_all_ipv4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_security_group_rule.captain_ingress_all_private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_iam_openid_connect_provider.provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_openid_connect_provider) | data source |
| [aws_iam_policy_document.eks_assume_addon_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -195,7 +197,7 @@ No requirements.
| [eks\_version](#input\_eks\_version) | The version of EKS to deploy | `string` | `"1.27"` | no |
| [iam\_role\_to\_assume](#input\_iam\_role\_to\_assume) | The full ARN of the IAM role to assume | `string` | n/a | yes |
| [kube\_proxy\_version](#input\_kube\_proxy\_version) | You should grab the appropriate version number from: https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html | `string` | `"v1.28.8-eksbuild.5"` | no |
-| [node\_pools](#input\_node\_pools) | node pool configurations:
- name (string): Name of the node pool. MUST BE UNIQUE! Recommended to use YYYYMMDD in the name
- node\_count (number): number of nodes to create in the node pool.
- instance\_type (string): Instance type to use for the nodes. ref: https://instances.vantage.sh/
- ami\_image\_id (string): AMI image ID to use for EKS worker nodes. This varies per region!! ref: https://github.com/awslabs/amazon-eks-ami/releases to find the AMI ID go to the console: https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#Images:visibility=public-images;search=amazon-eks-node-1.28-v20230703
- spot (bool): Enable spot instances for the nodes. DO NOT ENABLE IN PROD!
- disk\_size\_gb (number): Disk size in GB for the nodes.
- max\_pods (number): max pods that can be scheduled per node.
- ssh\_key\_pair\_names (list(string)): List of SSH key pair names to associate with the nodes. ref: https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#KeyPairs:
- kubernetes\_labels (map(string)): Map of labels to apply to the nodes. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
- kubernetes\_taints (list(object)): List of taints to apply to the nodes. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | list(object({
name = string
node_count = number
instance_type = string
ami_image_id = string
spot = bool
disk_size_gb = number
max_pods = number
ssh_key_pair_names = list(string)
kubernetes_labels = map(string)
kubernetes_taints = list(object({
key = string
value = string
effect = string
}))
})) | [
{
"ami_image_id": "ami-0a62f3a52fa691069",
"disk_size_gb": 20,
"instance_type": "t3a.large",
"kubernetes_labels": {},
"kubernetes_taints": [],
"max_pods": 110,
"name": "default-pool",
"node_count": 1,
"spot": false,
"ssh_key_pair_names": []
}
]
| no |
+| [node\_pools](#input\_node\_pools) | node pool configurations:
- name (string): Name of the node pool. MUST BE UNIQUE! Recommended to use YYYYMMDD in the name
- node\_count (number): number of nodes to create in the node pool.
- instance\_type (string): Instance type to use for the nodes. ref: https://instances.vantage.sh/
- ami\_image\_id (string): AMI image ID to use for EKS worker nodes. This varies per region!! ref: https://github.com/awslabs/amazon-eks-ami/releases to find the AMI ID go to the console: https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#Images:visibility=public-images;search=amazon-eks-node-1.28-v20230703
- spot (bool): Enable spot instances for the nodes. DO NOT ENABLE IN PROD!
- disk\_size\_gb (number): Disk size in GB for the nodes.
- max\_pods (number): max pods that can be scheduled per node.
- ssh\_key\_pair\_names (list(string)): List of SSH key pair names to associate with the nodes. ref: https://us-west-2.console.aws.amazon.com/ec2/home?region=us-west-2#KeyPairs:
- kubernetes\_labels (map(string)): Map of labels to apply to the nodes. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
- kubernetes\_taints (list(object)): List of taints to apply to the nodes. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | list(object({
name = string
node_count = number
instance_type = string
ami_release_version = string
ami_type = string
spot = bool
disk_size_gb = number
max_pods = number
ssh_key_pair_names = list(string)
kubernetes_labels = map(string)
kubernetes_taints = list(object({
key = string
value = string
effect = string
}))
})) | [
{
"ami_release_version": "1.29.6-20240807",
"ami_type": "AL2_x86_64",
"disk_size_gb": 20,
"instance_type": "t3a.large",
"kubernetes_labels": {},
"kubernetes_taints": [],
"max_pods": 110,
"name": "default-pool",
"node_count": 1,
"spot": false,
"ssh_key_pair_names": []
}
]
| no |
| [peering\_configs](#input\_peering\_configs) | A list of maps containing VPC peering configuration details | list(object({
vpc_peering_connection_id = string
destination_cidr_block = string
})) | `[]` | no |
| [region](#input\_region) | The AWS region to deploy into | `string` | n/a | yes |
| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | The CIDR block for the VPC | `string` | `"10.65.0.0/26"` | no |
diff --git a/addons.tf b/addons.tf
index 588fe31..5573ff1 100644
--- a/addons.tf
+++ b/addons.tf
@@ -64,7 +64,7 @@ resource "aws_eks_addon" "coredns" {
service_account_role_arn = aws_iam_role.eks_addon_ebs_csi_role.arn
depends_on = [module.node_pool]
count = length(var.node_pools) > 0 ? 1 : 0
- configuration_values = local.coredns_addon_node_tolerations
+ configuration_values = local.coredns_addon_node_tolerations
}
@@ -75,6 +75,6 @@ resource "aws_eks_addon" "kube_proxy" {
resolve_conflicts_on_create = "OVERWRITE"
resolve_conflicts_on_update = "OVERWRITE"
- depends_on = [module.node_pool]
- count = length(var.node_pools) > 0 ? 1 : 0
+ depends_on = [module.node_pool]
+ count = length(var.node_pools) > 0 ? 1 : 0
}
diff --git a/docs/.header.md b/docs/.header.md
index 0bbe89c..b3aa9c6 100644
--- a/docs/.header.md
+++ b/docs/.header.md
@@ -25,7 +25,8 @@ module "captain" {
availability_zones = ["us-west-2a", "us-west-2b"]
node_pools = [
# {
-# "ami_image_id" : "ami-0a62f3a52fa691069",
+# "ami_release_version" : "1.28.11-20240807",
+# "ami_type" : "AL2_x86_64",
# "instance_type" : "t3a.large",
# "name" : "glueops-platform-node-pool-1",
# "node_count" : 4,
@@ -45,7 +46,8 @@ module "captain" {
# ]
# },
# {
-# "ami_image_id" : "ami-0a62f3a52fa691069",
+# "ami_release_version" : "1.28.11-20240807",
+# "ami_type" : "AL2_x86_64",
# "instance_type" : "t3a.small",
# "name" : "glueops-platform-node-pool-argocd-app-controller-1",
# "node_count" : 2,
@@ -65,7 +67,8 @@ module "captain" {
# ]
# },
# {
-# "ami_image_id" : "ami-0a62f3a52fa691069",
+# "ami_release_version" : "1.28.11-20240807",
+# "ami_type" : "AL2_x86_64",
# "instance_type" : "t3a.medium",
# "name" : "clusterwide-node-pool-1",
# "node_count" : 2,
diff --git a/network.tf b/network.tf
index 9f0b81a..dfda50e 100644
--- a/network.tf
+++ b/network.tf
@@ -29,15 +29,6 @@ resource "aws_security_group" "captain" {
vpc_id = module.vpc.vpc_id
}
-resource "aws_security_group_rule" "captain_ingress_all_private" {
- type = "ingress"
- from_port = 0
- to_port = 65535
- protocol = "-1"
- cidr_blocks = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
- security_group_id = aws_security_group.captain.id
-}
-
resource "aws_security_group_rule" "captain_egress_all_ipv4" {
type = "egress"
from_port = 0
diff --git a/node_pool.tf b/node_pool.tf
index 545b3ec..3ead663 100644
--- a/node_pool.tf
+++ b/node_pool.tf
@@ -3,18 +3,20 @@ module "node_pool" {
for_each = { for np in var.node_pools : np.name => np }
source = "cloudposse/eks-node-group/aws"
# Cloud Posse recommends pinning every module to a specific version
- version = "2.12.0"
- ec2_ssh_key_name = each.value.ssh_key_pair_names
- instance_types = [each.value.instance_type]
- subnet_ids = module.subnets.public_subnet_ids
- desired_size = each.value.node_count
- min_size = each.value.node_count
- max_size = each.value.node_count + 1
- cluster_name = module.kubernetes.eks_cluster_id
- capacity_type = each.value.spot ? "SPOT" : "ON_DEMAND"
- ami_image_id = [each.value.ami_image_id]
- kubernetes_labels = each.value.kubernetes_labels
- kubernetes_taints = each.value.kubernetes_taints
+ version = "3.1.0"
+ ec2_ssh_key_name = each.value.ssh_key_pair_names
+ instance_types = [each.value.instance_type]
+ subnet_ids = module.subnets.public_subnet_ids
+ desired_size = each.value.node_count
+ min_size = each.value.node_count
+ max_size = each.value.node_count + 1
+ cluster_name = module.kubernetes.eks_cluster_id
+ capacity_type = each.value.spot ? "SPOT" : "ON_DEMAND"
+ ami_release_version = [each.value.ami_release_version]
+ ami_type = each.value.ami_type
+ kubernetes_labels = each.value.kubernetes_labels
+ kubernetes_taints = each.value.kubernetes_taints
+ create_before_destroy = false
cluster_autoscaler_enabled = false
name = each.value.name
diff --git a/tests/aws-nuke.yaml b/tests/aws-nuke.yaml
index d3f9e7d..39ae750 100644
--- a/tests/aws-nuke.yaml
+++ b/tests/aws-nuke.yaml
@@ -25,6 +25,10 @@ presets:
IAMUserAccessKey:
- "glueops-deployment-svc -> AKIA3COQJC7C2PNUKZV4" #Update `glueops-deployment-svc-account-name` to whatever your IAM user you created is called AND change `ABCDEFGHIJKLMNOPQRST` to whatever the AccessKey ID actually is from when you created it.
+resource-types:
+ excludes:
+ # don't nuke OpenSearch Packages, see https://github.com/rebuy-de/aws-nuke/issues/1123
+ - OSPackage
regions: #this regions list was last updated on April 2, 2022.
diff --git a/tests/destroy-aws.sh b/tests/destroy-aws.sh
index 4aa89f2..baf4dc2 100755
--- a/tests/destroy-aws.sh
+++ b/tests/destroy-aws.sh
@@ -2,5 +2,5 @@
# reference: https://github.com/GlueOps/scripts-teardown-aws-amazon-web-services
echo "Preform an AWS Cleanup with AWS Nuke"
-wget https://github.com/rebuy-de/aws-nuke/releases/download/v2.24.2/aws-nuke-v2.24.2-linux-amd64.tar.gz && tar -xvf aws-nuke-v2.24.2-linux-amd64.tar.gz && rm aws-nuke-v2.24.2-linux-amd64.tar.gz && mv aws-nuke-v2.24.2-linux-amd64 aws-nuke
+wget https://github.com/rebuy-de/aws-nuke/releases/download/v2.25.0/aws-nuke-v2.25.0-linux-amd64.tar.gz && tar -xvf aws-nuke-v2.25.0-linux-amd64.tar.gz && rm aws-nuke-v2.25.0-linux-amd64.tar.gz && mv aws-nuke-v2.25.0-linux-amd64 aws-nuke
./aws-nuke -c aws-nuke.yaml --no-dry-run --force
diff --git a/tests/main.tf b/tests/main.tf
index 0ff7023..1d52591 100644
--- a/tests/main.tf
+++ b/tests/main.tf
@@ -1,5 +1,5 @@
module "captain" {
- iam_role_to_assume = "arn:aws:iam::761182885829:role/glueops-captain-role"
+ iam_role_to_assume = "arn:aws:iam::761182885829:role/glueops-captain-role"
source = "../"
eks_version = "1.28"
csi_driver_version = "v1.33.0-eksbuild.1"
@@ -9,57 +9,60 @@ module "captain" {
region = "us-west-2"
availability_zones = ["us-west-2a", "us-west-2b"]
node_pools = [
-# {
-# "ami_image_id" : "ami-0a62f3a52fa691069",
-# "instance_type" : "t3a.large",
-# "name" : "glueops-platform-node-pool-1",
-# "node_count" : 4,
-# "spot" : false,
-# "disk_size_gb" : 20,
-# "max_pods" : 110,
-# "ssh_key_pair_names" : [],
-# "kubernetes_labels" : {
-# "glueops.dev/role" : "glueops-platform"
-# },
-# "kubernetes_taints" : [
-# {
-# key = "glueops.dev/role"
-# value = "glueops-platform"
-# effect = "NO_SCHEDULE"
-# }
-# ]
-# },
-# {
-# "ami_image_id" : "ami-0a62f3a52fa691069",
-# "instance_type" : "t3a.small",
-# "name" : "glueops-platform-node-pool-argocd-app-controller-1",
-# "node_count" : 2,
-# "spot" : false,
-# "disk_size_gb" : 20,
-# "max_pods" : 110,
-# "ssh_key_pair_names" : [],
-# "kubernetes_labels" : {
-# "glueops.dev/role" : "glueops-platform-argocd-app-controller"
-# },
-# "kubernetes_taints" : [
-# {
-# key = "glueops.dev/role"
-# value = "glueops-platform-argocd-app-controller"
-# effect = "NO_SCHEDULE"
-# }
-# ]
-# },
-# {
-# "ami_image_id" : "ami-0a62f3a52fa691069",
-# "instance_type" : "t3a.medium",
-# "name" : "clusterwide-node-pool-1",
-# "node_count" : 2,
-# "spot" : false,
-# "disk_size_gb" : 20,
-# "max_pods" : 110,
-# "ssh_key_pair_names" : [],
-# "kubernetes_labels" : {},
-# "kubernetes_taints" : []
-# }
+ # {
+ # "ami_release_version" : "1.28.11-20240807",
+ # "ami_type" : "AL2_x86_64",
+ # "instance_type" : "t3a.large",
+ # "name" : "glueops-platform-node-pool-1",
+ # "node_count" : 4,
+ # "spot" : false,
+ # "disk_size_gb" : 20,
+ # "max_pods" : 110,
+ # "ssh_key_pair_names" : [],
+ # "kubernetes_labels" : {
+ # "glueops.dev/role" : "glueops-platform"
+ # },
+ # "kubernetes_taints" : [
+ # {
+ # key = "glueops.dev/role"
+ # value = "glueops-platform"
+ # effect = "NO_SCHEDULE"
+ # }
+ # ]
+ # },
+ # {
+ # "ami_release_version" : "1.28.11-20240807",
+ # "ami_type" : "AL2_x86_64",
+ # "instance_type" : "t3a.small",
+ # "name" : "glueops-platform-node-pool-argocd-app-controller-1",
+ # "node_count" : 2,
+ # "spot" : false,
+ # "disk_size_gb" : 20,
+ # "max_pods" : 110,
+ # "ssh_key_pair_names" : [],
+ # "kubernetes_labels" : {
+ # "glueops.dev/role" : "glueops-platform-argocd-app-controller"
+ # },
+ # "kubernetes_taints" : [
+ # {
+ # key = "glueops.dev/role"
+ # value = "glueops-platform-argocd-app-controller"
+ # effect = "NO_SCHEDULE"
+ # }
+ # ]
+ # },
+ # {
+ # "ami_release_version" : "1.28.11-20240807",
+ # "ami_type" : "AL2_x86_64",
+ # "instance_type" : "t3a.medium",
+ # "name" : "clusterwide-node-pool-1",
+ # "node_count" : 2,
+ # "spot" : false,
+ # "disk_size_gb" : 20,
+ # "max_pods" : 110,
+ # "ssh_key_pair_names" : [],
+ # "kubernetes_labels" : {},
+ # "kubernetes_taints" : []
+ # }
]
}
diff --git a/variables.tf b/variables.tf
index d7f3182..182e05f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -70,15 +70,16 @@ variable "eks_version" {
variable "node_pools" {
type = list(object({
- name = string
- node_count = number
- instance_type = string
- ami_image_id = string
- spot = bool
- disk_size_gb = number
- max_pods = number
- ssh_key_pair_names = list(string)
- kubernetes_labels = map(string)
+ name = string
+ node_count = number
+ instance_type = string
+ ami_release_version = string
+ ami_type = string
+ spot = bool
+ disk_size_gb = number
+ max_pods = number
+ ssh_key_pair_names = list(string)
+ kubernetes_labels = map(string)
kubernetes_taints = list(object({
key = string
value = string
@@ -87,16 +88,17 @@ variable "node_pools" {
}))
default = [{
- name = "default-pool"
- node_count = 1
- instance_type = "t3a.large"
- ami_image_id = "ami-0a62f3a52fa691069"
- spot = false
- disk_size_gb = 20
- max_pods = 110
- ssh_key_pair_names = []
- kubernetes_labels = {}
- kubernetes_taints = []
+ name = "default-pool"
+ node_count = 1
+ instance_type = "t3a.large"
+ ami_release_version = "1.29.6-20240807"
+ ami_type = "AL2_x86_64"
+ spot = false
+ disk_size_gb = 20
+ max_pods = 110
+ ssh_key_pair_names = []
+ kubernetes_labels = {}
+ kubernetes_taints = []
}]
description = <<-DESC
node pool configurations: