feat: cluster module upgrade to support auto_mode and karpenter version upgrade

uchinda-sph · uchinda-sph · commit 49d8ab61b27e · 2025-02-10T12:14:42.000+08:00
diff --git a/README.md b/README.md
diff --git a/aws_auth.tf b/aws_auth.tf
@@ -55,7 +55,7 @@ module "eks_aws_auth" {
   count = var.authentication_mode != "API" ? 1 : 0
 
   source  = "terraform-aws-modules/eks/aws//modules/aws-auth"
-  version = "~> 20.29.0"
+  version = "~> 20.33.1"
 
   create_aws_auth_configmap = var.create_aws_auth_configmap
   manage_aws_auth_configmap = var.manage_aws_auth_configmap
diff --git a/iam.tf b/iam.tf
@@ -126,7 +126,7 @@ module "aws_vpc_cni_pod_identity" {
   count = var.enable_pod_identity_for_eks_addons ? 1 : 0
 
   source  = "terraform-aws-modules/eks-pod-identity/aws"
-  version = "~> 1.7.0"
+  version = "~> 1.10"
 
   name = "aws-vpc-cni-${var.cluster_ip_family}"
 
@@ -141,7 +141,7 @@ module "aws_ebs_csi_pod_identity" {
   count = var.enable_pod_identity_for_eks_addons ? 1 : 0
 
   source  = "terraform-aws-modules/eks-pod-identity/aws"
-  version = "~> 1.7.0"
+  version = "~> 1.10"
 
   name = "aws-ebs-csi"
 
diff --git a/karpenter.tf b/karpenter.tf
@@ -11,12 +11,8 @@ locals {
         tags = var.karpenter_default_subnet_selector_tags,
         }
       ]
-      karpenter_node_role = aws_iam_role.workers.name
-      karpenter_security_group_selector_maps = [{
-        tags = merge({
-          "karpenter.sh/discovery" = module.eks.cluster_name
-        }, var.additional_karpenter_security_group_selector_tags)
-      }]
+      karpenter_node_role                    = aws_iam_role.workers.name
+      karpenter_security_group_selector_maps = lookup(local.karpenter_security_group_maps, var.karpenter_security_group_selector_terms_type, {})
       karpenter_node_metadata_options = {
         httpEndpoint            = "enabled"
         httpProtocolIPv6        = var.cluster_ip_family != "ipv6" ? "disabled" : "enabled"
@@ -69,6 +65,25 @@ locals {
         nodeclass_name = "${nodeclass.nodeclass_name}-upgrade"
     })]
   ]), local.karpenter_nodepools)
+
+  # Kaprenter Security Groups Selector
+  additional_karpenter_security_group_id_maps = [
+    for val in var.additional_karpenter_security_group_selector_ids : {
+      "id" = val
+    }
+  ]
+
+  karpenter_security_group_maps = {
+    tags = [{
+      tags = merge({
+        "karpenter.sh/discovery" = module.eks.cluster_name
+      }, var.additional_karpenter_security_group_selector_tags)
+    }]
+    ids = flatten(concat([{
+      "id" = module.eks.cluster_primary_security_group_id
+      }, local.additional_karpenter_security_group_id_maps
+    ]))
+  }
 }
 
 module "karpenter" {
diff --git a/main.tf b/main.tf
@@ -84,7 +84,7 @@ locals {
 #tfsec:ignore:aws-eks-enable-control-plane-logging
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "~> 20.29.0"
+  version = "~> 20.33.1"
 
   cluster_name              = var.cluster_name
   cluster_version           = var.cluster_version
@@ -119,6 +119,7 @@ module "eks" {
       }
     } : {}
   , var.cluster_security_group_additional_rules)
+  cluster_compute_config = var.cluster_compute_config
 
   node_security_group_name        = coalesce(var.worker_security_group_name, join("_", [var.cluster_name, "worker"]))
   node_security_group_description = "EKS Cluster ${var.cluster_name} Nodes"
diff --git a/modules/eks_managed_nodes/README.md b/modules/eks_managed_nodes/README.md
@@ -16,7 +16,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_eks_managed_node_group"></a> [eks\_managed\_node\_group](#module\_eks\_managed\_node\_group) | terraform-aws-modules/eks/aws//modules/eks-managed-node-group | ~> 20.29.0 |
+| <a name="module_eks_managed_node_group"></a> [eks\_managed\_node\_group](#module\_eks\_managed\_node\_group) | terraform-aws-modules/eks/aws//modules/eks-managed-node-group | ~> 20.33.1 |
 
 ## Resources
 
diff --git a/modules/eks_managed_nodes/main.tf b/modules/eks_managed_nodes/main.tf
@@ -54,7 +54,7 @@ locals {
 ################################################################################
 module "eks_managed_node_group" {
   source  = "terraform-aws-modules/eks/aws//modules/eks-managed-node-group"
-  version = "~> 20.29.0"
+  version = "~> 20.33.1"
 
   for_each = local.eks_managed_node_groups
 
diff --git a/modules/fargate_profile/README.md b/modules/fargate_profile/README.md
@@ -73,7 +73,7 @@ module "fargate_profile" {
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_fargate_profile"></a> [fargate\_profile](#module\_fargate\_profile) | terraform-aws-modules/eks/aws//modules/fargate-profile | ~> 20.29.0 |
+| <a name="module_fargate_profile"></a> [fargate\_profile](#module\_fargate\_profile) | terraform-aws-modules/eks/aws//modules/fargate-profile | ~> 20.33.1 |
 
 ## Resources
 
diff --git a/modules/fargate_profile/main.tf b/modules/fargate_profile/main.tf
@@ -1,6 +1,6 @@
 module "fargate_profile" {
   source  = "terraform-aws-modules/eks/aws//modules/fargate-profile"
-  version = "~> 20.29.0"
+  version = "~> 20.33.1"
 
   for_each          = var.fargate_profiles
   cluster_ip_family = var.cluster_ip_family
diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md
@@ -34,7 +34,7 @@
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_karpenter"></a> [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | ~> 20.29.0 |
+| <a name="module_karpenter"></a> [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | ~> 20.33.1 |
 | <a name="module_karpenter_fargate_profile"></a> [karpenter\_fargate\_profile](#module\_karpenter\_fargate\_profile) | ../fargate_profile | n/a |
 
 ## Resources
diff --git a/modules/karpenter/karpenter.tf b/modules/karpenter/karpenter.tf
@@ -1,6 +1,6 @@
 module "karpenter" {
   source  = "terraform-aws-modules/eks/aws//modules/karpenter"
-  version = "~> 20.29.0"
+  version = "~> 20.33.1"
 
   cluster_name = var.cluster_name
 
diff --git a/modules/self_managed_nodes/README.md b/modules/self_managed_nodes/README.md
@@ -53,7 +53,7 @@ the type of images:
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_self_managed_group"></a> [self\_managed\_group](#module\_self\_managed\_group) | terraform-aws-modules/eks/aws//modules/self-managed-node-group | ~> 20.29.0 |
+| <a name="module_self_managed_group"></a> [self\_managed\_group](#module\_self\_managed\_group) | terraform-aws-modules/eks/aws//modules/self-managed-node-group | ~> 20.33.1 |
 
 ## Resources
 
diff --git a/modules/self_managed_nodes/main.tf b/modules/self_managed_nodes/main.tf
@@ -58,7 +58,7 @@ locals {
 
 module "self_managed_group" {
   source  = "terraform-aws-modules/eks/aws//modules/self-managed-node-group"
-  version = "~> 20.29.0"
+  version = "~> 20.33.1"
 
   for_each = local.self_managed_node_groups
 
diff --git a/variables.tf b/variables.tf
@@ -33,6 +33,12 @@ variable "authentication_mode" {
     error_message = "Invalid authentication mode. Valid values are `CONFIG_MAP`, `API` or `API_AND_CONFIG_MAP`"
   }
 }
+
+variable "cluster_compute_config" {
+  description = "Configuration block for the cluster compute configuration"
+  type        = any
+  default     = {}
+}
 #######################
 # Cluster IAM Role
 #######################
@@ -558,13 +564,13 @@ variable "create_fargate_logging_policy_for_karpenter" {
 variable "karpenter_chart_version" {
   description = "Chart version for Karpenter"
   type        = string
-  default     = "1.0.8"
+  default     = "1.2.1"
 }
 
 variable "karpenter_crd_chart_version" {
   description = "Chart version for Karpenter CRDs same version as `karpenter_chart_version`"
   type        = string
-  default     = "1.0.8"
+  default     = "1.2.1"
 }
 
 variable "karpenter_default_subnet_selector_tags" {
@@ -576,11 +582,28 @@ variable "karpenter_default_subnet_selector_tags" {
 }
 
 variable "additional_karpenter_security_group_selector_tags" {
-  description = "Additional security group tags to add to the Karpenter node groups"
+  description = "Additional security group tags to add to the Karpenter node groups. Pass values if `karpenter_security_group_selector_terms_type = tags`"
   type        = map(string)
   default     = {}
 }
 
+variable "additional_karpenter_security_group_selector_ids" {
+  description = "Additional security group IDs to add to the Karpenter node groups, Pass values if `karpenter_security_group_selector_terms_type = ids`"
+  type        = list(string)
+  default     = []
+}
+
+variable "karpenter_security_group_selector_terms_type" {
+  description = "Type of terms to use in the security group selector"
+  type        = string
+  default     = "tags"
+
+  validation {
+    condition     = contains(["tags", "ids"], var.karpenter_security_group_selector_terms_type)
+    error_message = "Invalid security group selector terms type. Valid values are `tags` or `ids`"
+  }
+}
+
 variable "karpenter_ephemeral_volume_size" {
   description = "Ephemeral volume size for Karpenter node groups"
   type        = string
