From 4811f02509aaba947796b7d4ca37f0fde368264a Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 30 Sep 2022 16:00:39 -0400 Subject: [PATCH 1/5] fix: Remove optional variable attribute experiment from `helm_addon` sub-module --- modules/kubernetes-addons/README.md | 2 +- .../kubernetes-addons/helm-addon/README.md | 4 +- modules/kubernetes-addons/helm-addon/main.tf | 8 ++-- .../kubernetes-addons/helm-addon/variables.tf | 48 ++++++++++--------- .../kubernetes-addons/helm-addon/versions.tf | 2 - modules/kubernetes-addons/versions.tf | 2 +- 6 files changed, 33 insertions(+), 33 deletions(-) diff --git a/modules/kubernetes-addons/README.md b/modules/kubernetes-addons/README.md index f363d10e96..d8d5c9ee41 100644 --- a/modules/kubernetes-addons/README.md +++ b/modules/kubernetes-addons/README.md @@ -5,7 +5,7 @@ | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.0, < 1.3.0 | +| [terraform](#requirement\_terraform) | >= 1.0.0 | | [aws](#requirement\_aws) | >= 3.72 | ## Providers diff --git a/modules/kubernetes-addons/helm-addon/README.md b/modules/kubernetes-addons/helm-addon/README.md index e75d0e724d..d40a22dc96 100644 --- a/modules/kubernetes-addons/helm-addon/README.md +++ b/modules/kubernetes-addons/helm-addon/README.md @@ -37,9 +37,9 @@ Helm Addon module can be used to provision a generic Helm Chart as an Add-On for | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [addon\_context](#input\_addon\_context) | Input configuration for the addon | 
object({
    aws_caller_identity_account_id = string
    aws_caller_identity_arn        = string
    aws_eks_cluster_endpoint       = string
    aws_partition_id               = string
    aws_region_name                = string
    eks_cluster_id                 = string
    eks_oidc_issuer_url            = string
    eks_oidc_provider_arn          = string
    tags                           = map(string)
    irsa_iam_role_path             = optional(string)
    irsa_iam_permissions_boundary  = optional(string)
  })
| n/a | yes | +| [addon\_context](#input\_addon\_context) | Input configuration for the addon | `any` | n/a | yes | | [helm\_config](#input\_helm\_config) | Helm chart config. Repository and version required. See https://registry.terraform.io/providers/hashicorp/helm/latest/docs | `any` | n/a | yes | -| [irsa\_config](#input\_irsa\_config) | Input configuration for IRSA module | 
object({
    kubernetes_namespace              = string
    create_kubernetes_namespace       = optional(bool)
    kubernetes_service_account        = string
    create_kubernetes_service_account = optional(bool)
    kubernetes_svc_image_pull_secrets = optional(list(string))
    irsa_iam_policies                 = optional(list(string))
  })
| `null` | no | +| [irsa\_config](#input\_irsa\_config) | Input configuration for IRSA module | `any` | `{}` | no | | [irsa\_iam\_role\_name](#input\_irsa\_iam\_role\_name) | IAM role name for IRSA | `string` | `""` | no | | [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps | `bool` | `false` | no | | [set\_sensitive\_values](#input\_set\_sensitive\_values) | Forced set\_sensitive values | `any` | `[]` | no | diff --git a/modules/kubernetes-addons/helm-addon/main.tf b/modules/kubernetes-addons/helm-addon/main.tf index 33cf812f6d..3ec401dc32 100644 --- a/modules/kubernetes-addons/helm-addon/main.tf +++ b/modules/kubernetes-addons/helm-addon/main.tf @@ -67,11 +67,11 @@ module "irsa" { create_kubernetes_service_account = try(var.irsa_config.create_kubernetes_service_account, true) kubernetes_namespace = var.irsa_config.kubernetes_namespace kubernetes_service_account = var.irsa_config.kubernetes_service_account - kubernetes_svc_image_pull_secrets = var.irsa_config.kubernetes_svc_image_pull_secrets - irsa_iam_policies = var.irsa_config.irsa_iam_policies + kubernetes_svc_image_pull_secrets = try(var.irsa_config.kubernetes_svc_image_pull_secrets, null) + irsa_iam_policies = lookup(var.irsa_config, "irsa_iam_policies", null) irsa_iam_role_name = var.irsa_iam_role_name - irsa_iam_role_path = var.addon_context.irsa_iam_role_path - irsa_iam_permissions_boundary = var.addon_context.irsa_iam_permissions_boundary + irsa_iam_role_path = lookup(var.addon_context, "irsa_iam_role_path", null) + irsa_iam_permissions_boundary = lookup(var.addon_context, "irsa_iam_permissions_boundary", null) eks_cluster_id = var.addon_context.eks_cluster_id eks_oidc_provider_arn = var.addon_context.eks_oidc_provider_arn } diff --git a/modules/kubernetes-addons/helm-addon/variables.tf b/modules/kubernetes-addons/helm-addon/variables.tf index a8b5e46b04..0bc0154159 100644 --- a/modules/kubernetes-addons/helm-addon/variables.tf +++ b/modules/kubernetes-addons/helm-addon/variables.tf @@ -22,37 +22,39 @@ variable "manage_via_gitops" { } variable "irsa_iam_role_name" { - type = string description = "IAM role name for IRSA" + type = string default = "" } variable "irsa_config" { description = "Input configuration for IRSA module" - type = object({ - kubernetes_namespace = string - create_kubernetes_namespace = optional(bool) - kubernetes_service_account = string - create_kubernetes_service_account = optional(bool) - kubernetes_svc_image_pull_secrets = optional(list(string)) - irsa_iam_policies = optional(list(string)) - }) - default = null + type = any + default = {} + # type = object({ + # kubernetes_namespace = string + # create_kubernetes_namespace = optional(bool) + # kubernetes_service_account = string + # create_kubernetes_service_account = optional(bool) + # kubernetes_svc_image_pull_secrets = optional(list(string)) + # irsa_iam_policies = optional(list(string)) + # }) } variable "addon_context" { description = "Input configuration for the addon" - type = object({ - aws_caller_identity_account_id = string - aws_caller_identity_arn = string - aws_eks_cluster_endpoint = string - aws_partition_id = string - aws_region_name = string - eks_cluster_id = string - eks_oidc_issuer_url = string - eks_oidc_provider_arn = string - tags = map(string) - irsa_iam_role_path = optional(string) - irsa_iam_permissions_boundary = optional(string) - }) + type = any + # type = object({ + # aws_caller_identity_account_id = string + # aws_caller_identity_arn = string + # aws_eks_cluster_endpoint = string + # aws_partition_id = string + # aws_region_name = string + # eks_cluster_id = string + # eks_oidc_issuer_url = string + # eks_oidc_provider_arn = string + # tags = map(string) + # irsa_iam_role_path = optional(string) + # irsa_iam_permissions_boundary = optional(string) + # }) } diff --git a/modules/kubernetes-addons/helm-addon/versions.tf b/modules/kubernetes-addons/helm-addon/versions.tf index b07efcd9f6..278a4fbb4d 100644 --- a/modules/kubernetes-addons/helm-addon/versions.tf +++ b/modules/kubernetes-addons/helm-addon/versions.tf @@ -1,8 +1,6 @@ terraform { required_version = ">= 1.0.0" - experiments = [module_variable_optional_attrs] - required_providers { helm = { source = "hashicorp/helm" diff --git a/modules/kubernetes-addons/versions.tf b/modules/kubernetes-addons/versions.tf index 6b8f195336..f92f41b9e7 100644 --- a/modules/kubernetes-addons/versions.tf +++ b/modules/kubernetes-addons/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0.0, < 1.3.0" + required_version = ">= 1.0.0" required_providers { aws = { From 7342d6de060f5de8b7753d127703a0011a2d8d23 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 30 Sep 2022 17:22:59 -0400 Subject: [PATCH 2/5] fix: Remove optional variable attribute experiment from `launch_templates` sub-module --- modules/kubernetes-addons/helm-addon/main.tf | 10 ++-- .../kubernetes-addons/helm-addon/variables.tf | 21 -------- modules/launch-templates/README.md | 4 +- modules/launch-templates/data.tf | 3 -- modules/launch-templates/locals.tf | 45 ----------------- modules/launch-templates/main.tf | 49 ++++++++++--------- modules/launch-templates/variables.tf | 44 +---------------- modules/launch-templates/versions.tf | 2 +- 8 files changed, 37 insertions(+), 141 deletions(-) delete mode 100644 modules/launch-templates/data.tf delete mode 100644 modules/launch-templates/locals.tf diff --git a/modules/kubernetes-addons/helm-addon/main.tf b/modules/kubernetes-addons/helm-addon/main.tf index 3ec401dc32..252c8f79bc 100644 --- a/modules/kubernetes-addons/helm-addon/main.tf +++ b/modules/kubernetes-addons/helm-addon/main.tf @@ -61,12 +61,14 @@ resource "helm_release" "addon" { } module "irsa" { - count = var.irsa_config != null ? 1 : 0 - source = "../../irsa" + source = "../../irsa" + + count = length(var.irsa_config) > 0 ? 1 : 0 + create_kubernetes_namespace = try(var.irsa_config.create_kubernetes_namespace, true) create_kubernetes_service_account = try(var.irsa_config.create_kubernetes_service_account, true) - kubernetes_namespace = var.irsa_config.kubernetes_namespace - kubernetes_service_account = var.irsa_config.kubernetes_service_account + kubernetes_namespace = lookup(var.irsa_config, "kubernetes_namespace", "") + kubernetes_service_account = lookup(var.irsa_config, "kubernetes_service_account", "") kubernetes_svc_image_pull_secrets = try(var.irsa_config.kubernetes_svc_image_pull_secrets, null) irsa_iam_policies = lookup(var.irsa_config, "irsa_iam_policies", null) irsa_iam_role_name = var.irsa_iam_role_name diff --git a/modules/kubernetes-addons/helm-addon/variables.tf b/modules/kubernetes-addons/helm-addon/variables.tf index 0bc0154159..d8d706e8fd 100644 --- a/modules/kubernetes-addons/helm-addon/variables.tf +++ b/modules/kubernetes-addons/helm-addon/variables.tf @@ -31,30 +31,9 @@ variable "irsa_config" { description = "Input configuration for IRSA module" type = any default = {} - # type = object({ - # kubernetes_namespace = string - # create_kubernetes_namespace = optional(bool) - # kubernetes_service_account = string - # create_kubernetes_service_account = optional(bool) - # kubernetes_svc_image_pull_secrets = optional(list(string)) - # irsa_iam_policies = optional(list(string)) - # }) } variable "addon_context" { description = "Input configuration for the addon" type = any - # type = object({ - # aws_caller_identity_account_id = string - # aws_caller_identity_arn = string - # aws_eks_cluster_endpoint = string - # aws_partition_id = string - # aws_region_name = string - # eks_cluster_id = string - # eks_oidc_issuer_url = string - # eks_oidc_provider_arn = string - # tags = map(string) - # irsa_iam_role_path = optional(string) - # irsa_iam_permissions_boundary = optional(string) - # }) } diff --git a/modules/launch-templates/README.md b/modules/launch-templates/README.md index 94540d9ad9..74626e66c6 100644 --- a/modules/launch-templates/README.md +++ b/modules/launch-templates/README.md @@ -97,7 +97,7 @@ module "launch_templates" { | Name | Version | |------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.0, < 1.3.0 | +| [terraform](#requirement\_terraform) | >= 1.0.0 | | [aws](#requirement\_aws) | >= 3.72 | ## Providers @@ -122,7 +122,7 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [eks\_cluster\_id](#input\_eks\_cluster\_id) | EKS Cluster ID | `string` | n/a | yes | -| [launch\_template\_config](#input\_launch\_template\_config) | Launch template configuration | 
map(object({
    ami                    = string
    launch_template_os     = optional(string)
    launch_template_prefix = string
    instance_type          = optional(string)
    capacity_type          = optional(string)
    iam_instance_profile   = optional(string)
    vpc_security_group_ids = optional(list(string)) # conflicts with network_interfaces

    network_interfaces = optional(list(object({
      public_ip       = optional(bool)
      security_groups = optional(list(string))
    })))

    block_device_mappings = list(object({
      device_name           = string
      volume_type           = string
      volume_size           = string
      delete_on_termination = optional(bool)
      encrypted             = optional(bool)
      kms_key_id            = optional(string)
      iops                  = optional(string)
      throughput            = optional(string)
    }))

    format_mount_nvme_disk = optional(bool)
    pre_userdata           = optional(string)
    bootstrap_extra_args   = optional(string)
    post_userdata          = optional(string)
    kubelet_extra_args     = optional(string)

    enable_metadata_options     = optional(bool)
    http_endpoint               = optional(string)
    http_tokens                 = optional(string)
    http_put_response_hop_limit = optional(number)
    http_protocol_ipv6          = optional(string)
    instance_metadata_tags      = optional(string)

    service_ipv6_cidr = optional(string)
    service_ipv4_cidr = optional(string)

    monitoring = optional(bool)
  }))
| n/a | yes | +| [launch\_template\_config](#input\_launch\_template\_config) | Launch template configuration | `any` | n/a | yes | | [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | `map(string)` | `{}` | no | ## Outputs diff --git a/modules/launch-templates/data.tf b/modules/launch-templates/data.tf deleted file mode 100644 index 81be7d557f..0000000000 --- a/modules/launch-templates/data.tf +++ /dev/null @@ -1,3 +0,0 @@ -data "aws_eks_cluster" "eks" { - name = var.eks_cluster_id -} diff --git a/modules/launch-templates/locals.tf b/modules/launch-templates/locals.tf deleted file mode 100644 index 79328b2398..0000000000 --- a/modules/launch-templates/locals.tf +++ /dev/null @@ -1,45 +0,0 @@ -terraform { - # Optional attributes and the defaults function are - # both experimental, so we must opt in to the experiment. - experiments = [module_variable_optional_attrs] -} - -locals { - launch_template_config = defaults(var.launch_template_config, { - ami = "" - launch_template_os = "amazonlinux2eks" #bottlerocket - launch_template_prefix = "" - instance_type = "" - capacity_type = "" - iam_instance_profile = "" - vpc_security_group_ids = "" - - network_interfaces = { - public_ip = false - security_groups = "" - } - - block_device_mappings = { - device_name = "/dev/xvda" - volume_type = "gp3" # The volume type. Can be standard, gp2, gp3, io1, io2, sc1 or st1 (Default: gp3). - volume_size = 200 - delete_on_termination = true - encrypted = true - kms_key_id = "" - iops = 3000 - throughput = 125 - } - - pre_userdata = "" - bootstrap_extra_args = "" - post_userdata = "" - kubelet_extra_args = "" - - service_ipv6_cidr = "" - service_ipv4_cidr = "" - format_mount_nvme_disk = false - - monitoring = true - enable_metadata_options = true - }) -} diff --git a/modules/launch-templates/main.tf b/modules/launch-templates/main.tf index c248e815d1..34f202756f 100644 --- a/modules/launch-templates/main.tf +++ b/modules/launch-templates/main.tf @@ -1,30 +1,34 @@ +data "aws_eks_cluster" "eks" { + name = var.eks_cluster_id +} + resource "aws_launch_template" "this" { - for_each = local.launch_template_config + for_each = var.launch_template_config - name = format("%s-%s", each.value.launch_template_prefix, var.eks_cluster_id) + name = format("%s-%s", try(each.value.launch_template_prefix, ""), var.eks_cluster_id) description = "Launch Template for Amazon EKS Worker Nodes" - image_id = each.value.ami + image_id = try(each.value.ami, null) update_default_version = true - instance_type = try(length(each.value.instance_type), 0) == 0 ? null : each.value.instance_type + instance_type = try(each.value.instance_type, null) - user_data = base64encode(templatefile("${path.module}/templates/userdata-${each.value.launch_template_os}.tpl", + user_data = base64encode(templatefile("${path.module}/templates/userdata-${try(each.value.launch_template_os, "amazonlinux2eks")}.tpl", { - pre_userdata = each.value.pre_userdata - post_userdata = each.value.post_userdata - bootstrap_extra_args = each.value.bootstrap_extra_args - kubelet_extra_args = each.value.kubelet_extra_args + pre_userdata = try(each.value.pre_userdata, "") + post_userdata = try(each.value.post_userdata, "") + bootstrap_extra_args = try(each.value.bootstrap_extra_args, "") + kubelet_extra_args = try(each.value.kubelet_extra_args, "") eks_cluster_id = var.eks_cluster_id cluster_ca_base64 = data.aws_eks_cluster.eks.certificate_authority[0].data cluster_endpoint = data.aws_eks_cluster.eks.endpoint - service_ipv6_cidr = try(each.value.service_ipv6_cidr, "") - service_ipv4_cidr = try(each.value.service_ipv4_cidr, "") - format_mount_nvme_disk = each.value.format_mount_nvme_disk + service_ipv6_cidr = try(each.value.service_ipv6_cidr, "") == null ? "" : each.value.service_ipv6_cidr + service_ipv4_cidr = try(each.value.service_ipv4_cidr, "") == null ? "" : each.value.service_ipv4_cidr + format_mount_nvme_disk = try(each.value.format_mount_nvme_disk, false) })) dynamic "iam_instance_profile" { - for_each = try(length(each.value.iam_instance_profile), 0) == 0 ? {} : { iam_instance_profile : each.value.iam_instance_profile } + for_each = length(try(each.value.iam_instance_profile, {})) > 0 ? { iam_instance_profile : each.value.iam_instance_profile } : {} iterator = iam content { name = iam.value @@ -32,7 +36,7 @@ resource "aws_launch_template" "this" { } dynamic "instance_market_options" { - for_each = trimspace(lower(each.value.capacity_type)) == "spot" ? { enabled = true } : {} + for_each = trimspace(lower(try(each.value.capacity_type, null))) == "spot" ? { enabled = true } : {} content { market_type = each.value.capacity_type @@ -42,7 +46,7 @@ resource "aws_launch_template" "this" { ebs_optimized = true dynamic "block_device_mappings" { - for_each = each.value.block_device_mappings + for_each = try(each.value.block_device_mappings, {}) content { device_name = try(block_device_mappings.value.device_name, null) @@ -53,24 +57,25 @@ resource "aws_launch_template" "this" { kms_key_id = try(block_device_mappings.value.kms_key_id, null) volume_size = try(block_device_mappings.value.volume_size, null) volume_type = try(block_device_mappings.value.volume_type, null) - iops = block_device_mappings.value.volume_type == "gp3" || block_device_mappings.value.volume_type == "io1" || block_device_mappings.value.volume_type == "io2" ? block_device_mappings.value.iops : null - throughput = block_device_mappings.value.volume_type == "gp3" ? block_device_mappings.value.throughput : null + iops = contains(["gp3", "io1", "io2"], try(block_device_mappings.value.volume_type, "")) ? try(block_device_mappings.value.iops, 3000) : null + throughput = try(block_device_mappings.value.volume_type, "") == "gp3" ? try(block_device_mappings.value.throughput, 125) : null } } } - vpc_security_group_ids = try(length(each.value.vpc_security_group_ids), 0) == 0 ? null : each.value.vpc_security_group_ids + vpc_security_group_ids = try(each.value.vpc_security_group_ids, null) dynamic "network_interfaces" { - for_each = each.value.network_interfaces + for_each = try(each.value.network_interfaces, {}) + content { associate_public_ip_address = try(network_interfaces.value.public_ip, false) - security_groups = try(length(network_interfaces.value.security_groups), 0) == 0 ? null : network_interfaces.value.security_groups + security_groups = try(network_interfaces.value.security_groups, null) } } dynamic "monitoring" { - for_each = each.value.monitoring ? [1] : [] + for_each = try(each.value.monitoring, true) ? [1] : [] content { enabled = true @@ -78,7 +83,7 @@ resource "aws_launch_template" "this" { } dynamic "metadata_options" { - for_each = each.value.enable_metadata_options ? [1] : [] + for_each = try(each.value.enable_metadata_options, true) ? [1] : [] content { http_endpoint = try(each.value.http_endpoint, "enabled") diff --git a/modules/launch-templates/variables.tf b/modules/launch-templates/variables.tf index 46f90560d6..2702804f54 100644 --- a/modules/launch-templates/variables.tf +++ b/modules/launch-templates/variables.tf @@ -1,48 +1,6 @@ variable "launch_template_config" { description = "Launch template configuration" - type = map(object({ - ami = string - launch_template_os = optional(string) - launch_template_prefix = string - instance_type = optional(string) - capacity_type = optional(string) - iam_instance_profile = optional(string) - vpc_security_group_ids = optional(list(string)) # conflicts with network_interfaces - - network_interfaces = optional(list(object({ - public_ip = optional(bool) - security_groups = optional(list(string)) - }))) - - block_device_mappings = list(object({ - device_name = string - volume_type = string - volume_size = string - delete_on_termination = optional(bool) - encrypted = optional(bool) - kms_key_id = optional(string) - iops = optional(string) - throughput = optional(string) - })) - - format_mount_nvme_disk = optional(bool) - pre_userdata = optional(string) - bootstrap_extra_args = optional(string) - post_userdata = optional(string) - kubelet_extra_args = optional(string) - - enable_metadata_options = optional(bool) - http_endpoint = optional(string) - http_tokens = optional(string) - http_put_response_hop_limit = optional(number) - http_protocol_ipv6 = optional(string) - instance_metadata_tags = optional(string) - - service_ipv6_cidr = optional(string) - service_ipv4_cidr = optional(string) - - monitoring = optional(bool) - })) + type = any } variable "eks_cluster_id" { diff --git a/modules/launch-templates/versions.tf b/modules/launch-templates/versions.tf index 6b8f195336..f92f41b9e7 100644 --- a/modules/launch-templates/versions.tf +++ b/modules/launch-templates/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = ">= 1.0.0, < 1.3.0" + required_version = ">= 1.0.0" required_providers { aws = { From aaca4d934ddfd60c951ee458f2900d2d739991f4 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 30 Sep 2022 17:58:08 -0400 Subject: [PATCH 3/5] fix: Correct `null` value assignment for `irsa_config` --- modules/kubernetes-addons/agones/main.tf | 4 ++-- modules/kubernetes-addons/airflow/main.tf | 4 ++-- modules/kubernetes-addons/argo-rollouts/main.tf | 4 ++-- modules/kubernetes-addons/argocd/main.tf | 4 ++-- modules/kubernetes-addons/cert-manager-csi-driver/main.tf | 4 ++-- .../kubernetes-addons/cluster-proportional-autoscaler/main.tf | 4 ++-- modules/kubernetes-addons/crossplane/main.tf | 4 ++-- modules/kubernetes-addons/ingress-nginx/main.tf | 4 ++-- modules/kubernetes-addons/kuberay-operator/main.tf | 1 - modules/kubernetes-addons/kubernetes-dashboard/main.tf | 4 ++-- modules/kubernetes-addons/metrics-server/main.tf | 4 ++-- modules/kubernetes-addons/opentelemetry-operator/main.tf | 1 - modules/kubernetes-addons/prometheus/main.tf | 1 - modules/kubernetes-addons/reloader/main.tf | 4 ++-- modules/kubernetes-addons/spark-k8s-operator/main.tf | 4 ++-- modules/kubernetes-addons/traefik/main.tf | 4 ++-- modules/kubernetes-addons/vpa/main.tf | 4 ++-- modules/kubernetes-addons/yunikorn/main.tf | 4 ++-- 18 files changed, 30 insertions(+), 33 deletions(-) diff --git a/modules/kubernetes-addons/agones/main.tf b/modules/kubernetes-addons/agones/main.tf index c38340fdd5..43db28f9be 100644 --- a/modules/kubernetes-addons/agones/main.tf +++ b/modules/kubernetes-addons/agones/main.tf @@ -1,8 +1,8 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.this] diff --git a/modules/kubernetes-addons/airflow/main.tf b/modules/kubernetes-addons/airflow/main.tf index 83e8241e33..ab74c4a6f7 100644 --- a/modules/kubernetes-addons/airflow/main.tf +++ b/modules/kubernetes-addons/airflow/main.tf @@ -19,8 +19,8 @@ locals { # Apache Airflow Helm Add-on #------------------------------------------------- module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context } diff --git a/modules/kubernetes-addons/argo-rollouts/main.tf b/modules/kubernetes-addons/argo-rollouts/main.tf index 1ad1291c3d..dc13a29d51 100644 --- a/modules/kubernetes-addons/argo-rollouts/main.tf +++ b/modules/kubernetes-addons/argo-rollouts/main.tf @@ -1,8 +1,8 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.this] diff --git a/modules/kubernetes-addons/argocd/main.tf b/modules/kubernetes-addons/argocd/main.tf index 96f78947b3..05a795c86d 100644 --- a/modules/kubernetes-addons/argocd/main.tf +++ b/modules/kubernetes-addons/argocd/main.tf @@ -1,7 +1,7 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.this] diff --git a/modules/kubernetes-addons/cert-manager-csi-driver/main.tf b/modules/kubernetes-addons/cert-manager-csi-driver/main.tf index 72a9047c55..b846ae9538 100644 --- a/modules/kubernetes-addons/cert-manager-csi-driver/main.tf +++ b/modules/kubernetes-addons/cert-manager-csi-driver/main.tf @@ -1,7 +1,7 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context } diff --git a/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf b/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf index 5f1f00a16a..13cbb4217b 100644 --- a/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf +++ b/modules/kubernetes-addons/cluster-proportional-autoscaler/main.tf @@ -2,10 +2,10 @@ # Cluster Proportional Autoscaler Helm Add-on #------------------------------------------------- module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config set_values = local.set_values - irsa_config = null addon_context = var.addon_context } diff --git a/modules/kubernetes-addons/crossplane/main.tf b/modules/kubernetes-addons/crossplane/main.tf index e9e748ba92..e9318f115e 100644 --- a/modules/kubernetes-addons/crossplane/main.tf +++ b/modules/kubernetes-addons/crossplane/main.tf @@ -6,9 +6,9 @@ resource "kubernetes_namespace_v1" "crossplane" { } module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.crossplane] diff --git a/modules/kubernetes-addons/ingress-nginx/main.tf b/modules/kubernetes-addons/ingress-nginx/main.tf index f2ab1060b5..09d42c4ab2 100644 --- a/modules/kubernetes-addons/ingress-nginx/main.tf +++ b/modules/kubernetes-addons/ingress-nginx/main.tf @@ -3,10 +3,10 @@ #------------------------------------- module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.this] diff --git a/modules/kubernetes-addons/kuberay-operator/main.tf b/modules/kubernetes-addons/kuberay-operator/main.tf index 70c8cc4470..dfc8f90d20 100644 --- a/modules/kubernetes-addons/kuberay-operator/main.tf +++ b/modules/kubernetes-addons/kuberay-operator/main.tf @@ -23,6 +23,5 @@ module "helm_addon" { var.helm_config ) - irsa_config = null addon_context = var.addon_context } diff --git a/modules/kubernetes-addons/kubernetes-dashboard/main.tf b/modules/kubernetes-addons/kubernetes-dashboard/main.tf index 1e039842d2..c5efe40051 100644 --- a/modules/kubernetes-addons/kubernetes-dashboard/main.tf +++ b/modules/kubernetes-addons/kubernetes-dashboard/main.tf @@ -1,8 +1,8 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.this] diff --git a/modules/kubernetes-addons/metrics-server/main.tf b/modules/kubernetes-addons/metrics-server/main.tf index cf8814fc12..eaf3a4aaff 100644 --- a/modules/kubernetes-addons/metrics-server/main.tf +++ b/modules/kubernetes-addons/metrics-server/main.tf @@ -1,8 +1,8 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.this] diff --git a/modules/kubernetes-addons/opentelemetry-operator/main.tf b/modules/kubernetes-addons/opentelemetry-operator/main.tf index b4b39abaf6..b1e538e41c 100644 --- a/modules/kubernetes-addons/opentelemetry-operator/main.tf +++ b/modules/kubernetes-addons/opentelemetry-operator/main.tf @@ -292,7 +292,6 @@ module "helm_addon" { count = var.enable_opentelemetry_operator ? 1 : 0 helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [module.cert_manager] diff --git a/modules/kubernetes-addons/prometheus/main.tf b/modules/kubernetes-addons/prometheus/main.tf index 0d3b8a3956..4edbe44b7a 100644 --- a/modules/kubernetes-addons/prometheus/main.tf +++ b/modules/kubernetes-addons/prometheus/main.tf @@ -61,7 +61,6 @@ module "helm_addon" { } ] : [] - irsa_config = null addon_context = var.addon_context } diff --git a/modules/kubernetes-addons/reloader/main.tf b/modules/kubernetes-addons/reloader/main.tf index 72a9047c55..b846ae9538 100644 --- a/modules/kubernetes-addons/reloader/main.tf +++ b/modules/kubernetes-addons/reloader/main.tf @@ -1,7 +1,7 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context } diff --git a/modules/kubernetes-addons/spark-k8s-operator/main.tf b/modules/kubernetes-addons/spark-k8s-operator/main.tf index 1ad1291c3d..dc13a29d51 100644 --- a/modules/kubernetes-addons/spark-k8s-operator/main.tf +++ b/modules/kubernetes-addons/spark-k8s-operator/main.tf @@ -1,8 +1,8 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.this] diff --git a/modules/kubernetes-addons/traefik/main.tf b/modules/kubernetes-addons/traefik/main.tf index 1ad1291c3d..dc13a29d51 100644 --- a/modules/kubernetes-addons/traefik/main.tf +++ b/modules/kubernetes-addons/traefik/main.tf @@ -1,8 +1,8 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.this] diff --git a/modules/kubernetes-addons/vpa/main.tf b/modules/kubernetes-addons/vpa/main.tf index 828758a8df..813c8b094e 100644 --- a/modules/kubernetes-addons/vpa/main.tf +++ b/modules/kubernetes-addons/vpa/main.tf @@ -1,8 +1,8 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.vpa] diff --git a/modules/kubernetes-addons/yunikorn/main.tf b/modules/kubernetes-addons/yunikorn/main.tf index 21e921b3de..1a27469b01 100644 --- a/modules/kubernetes-addons/yunikorn/main.tf +++ b/modules/kubernetes-addons/yunikorn/main.tf @@ -1,8 +1,8 @@ module "helm_addon" { - source = "../helm-addon" + source = "../helm-addon" + manage_via_gitops = var.manage_via_gitops helm_config = local.helm_config - irsa_config = null addon_context = var.addon_context depends_on = [kubernetes_namespace_v1.yunikorn] From b4157a08c801ccc2049faee20ed2be8872b66f03 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 30 Sep 2022 18:09:21 -0400 Subject: [PATCH 4/5] fix: Some hacks to get this to work --- modules/launch-templates/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/launch-templates/main.tf b/modules/launch-templates/main.tf index 34f202756f..01d51b1732 100644 --- a/modules/launch-templates/main.tf +++ b/modules/launch-templates/main.tf @@ -22,8 +22,8 @@ resource "aws_launch_template" "this" { eks_cluster_id = var.eks_cluster_id cluster_ca_base64 = data.aws_eks_cluster.eks.certificate_authority[0].data cluster_endpoint = data.aws_eks_cluster.eks.endpoint - service_ipv6_cidr = try(each.value.service_ipv6_cidr, "") == null ? "" : each.value.service_ipv6_cidr - service_ipv4_cidr = try(each.value.service_ipv4_cidr, "") == null ? "" : each.value.service_ipv4_cidr + service_ipv6_cidr = try(each.value.service_ipv6_cidr, "") == null ? "" : try(each.value.service_ipv6_cidr, "") + service_ipv4_cidr = try(each.value.service_ipv4_cidr, "") == null ? "" : try(each.value.service_ipv4_cidr, "") format_mount_nvme_disk = try(each.value.format_mount_nvme_disk, false) })) @@ -36,7 +36,7 @@ resource "aws_launch_template" "this" { } dynamic "instance_market_options" { - for_each = trimspace(lower(try(each.value.capacity_type, null))) == "spot" ? { enabled = true } : {} + for_each = trimspace(lower(try(each.value.capacity_type, ""))) == "spot" ? { enabled = true } : {} content { market_type = each.value.capacity_type From f477cd5f818ba80ea51716f78508659bd8256fce Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Fri, 30 Sep 2022 18:27:06 -0400 Subject: [PATCH 5/5] fix: Ignoring launch template IMDS token enforcement check --- modules/launch-templates/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/launch-templates/main.tf b/modules/launch-templates/main.tf index 01d51b1732..4c21a52fa5 100644 --- a/modules/launch-templates/main.tf +++ b/modules/launch-templates/main.tf @@ -2,6 +2,7 @@ data "aws_eks_cluster" "eks" { name = var.eks_cluster_id } +#tfsec:ignore:aws-autoscaling-enforce-http-token-imds resource "aws_launch_template" "this" { for_each = var.launch_template_config