diff --git a/README.md b/README.md
index ecb551c..c2ceb3c 100644
--- a/README.md
+++ b/README.md
@@ -415,6 +415,7 @@ Available targets:
| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If provided, the KMS Key ID to use to encrypt AWS CloudWatch logs | `string` | `null` | no |
| [cluster\_attributes](#input\_cluster\_attributes) | Override label module default cluster attributes | `list(string)` | [
"cluster"
]
| no |
+| [cluster\_compute\_config](#input\_cluster\_compute\_config) | Configuration block with compute configuration for EKS Auto Mode
enabled: Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
node\_pools: Optional configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are general-purpose and system.
node\_role\_arn: Optional ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. | object({
enabled = optional(bool, false)
node_pools = optional(list(string), [])
node_role_arn = optional(string, null)
}) | `{}` | no |
| [cluster\_depends\_on](#input\_cluster\_depends\_on) | If provided, the EKS will depend on this object, and therefore not be created until this object is finalized.
This is useful if you want to ensure that the cluster is not created before some other condition is met, e.g. VPNs into the subnet are created. | `any` | `null` | no |
| [cluster\_encryption\_config\_enabled](#input\_cluster\_encryption\_config\_enabled) | Set to `true` to enable Cluster Encryption Configuration | `bool` | `true` | no |
| [cluster\_encryption\_config\_kms\_key\_deletion\_window\_in\_days](#input\_cluster\_encryption\_config\_kms\_key\_deletion\_window\_in\_days) | Cluster Encryption Config KMS Key Resource argument - key deletion windows in days post destruction | `number` | `10` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index b9e1870..aa3a004 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -70,6 +70,7 @@
| [cloudwatch\_log\_group\_class](#input\_cloudwatch\_log\_group\_class) | Specified the log class of the log group. Possible values are: `STANDARD` or `INFREQUENT_ACCESS` | `string` | `null` | no |
| [cloudwatch\_log\_group\_kms\_key\_id](#input\_cloudwatch\_log\_group\_kms\_key\_id) | If provided, the KMS Key ID to use to encrypt AWS CloudWatch logs | `string` | `null` | no |
| [cluster\_attributes](#input\_cluster\_attributes) | Override label module default cluster attributes | `list(string)` | [
"cluster"
]
| no |
+| [cluster\_compute\_config](#input\_cluster\_compute\_config) | Configuration block with compute configuration for EKS Auto Mode
enabled: Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
node\_pools: Optional configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are general-purpose and system.
node\_role\_arn: Optional ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. | object({
enabled = optional(bool, false)
node_pools = optional(list(string), [])
node_role_arn = optional(string, null)
}) | `{}` | no |
| [cluster\_depends\_on](#input\_cluster\_depends\_on) | If provided, the EKS will depend on this object, and therefore not be created until this object is finalized.
This is useful if you want to ensure that the cluster is not created before some other condition is met, e.g. VPNs into the subnet are created. | `any` | `null` | no |
| [cluster\_encryption\_config\_enabled](#input\_cluster\_encryption\_config\_enabled) | Set to `true` to enable Cluster Encryption Configuration | `bool` | `true` | no |
| [cluster\_encryption\_config\_kms\_key\_deletion\_window\_in\_days](#input\_cluster\_encryption\_config\_kms\_key\_deletion\_window\_in\_days) | Cluster Encryption Config KMS Key Resource argument - key deletion windows in days post destruction | `number` | `10` | no |
diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
index 9ebd76a..30e90ae 100644
--- a/examples/complete/fixtures.us-east-2.tfvars
+++ b/examples/complete/fixtures.us-east-2.tfvars
@@ -57,3 +57,8 @@ upgrade_policy = {
zonal_shift_config = {
enabled = true
}
+
+cluster_compute_config = {
+ enabled = false
+}
+
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 2500f29..9eef224 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -115,6 +115,7 @@ module "eks_cluster" {
bootstrap_self_managed_addons_enabled = var.bootstrap_self_managed_addons_enabled
upgrade_policy = var.upgrade_policy
zonal_shift_config = var.zonal_shift_config
+ cluster_compute_config = var.cluster_compute_config
access_entry_map = local.access_entry_map
access_config = {
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 18fee22..b6acfc2 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -131,6 +131,22 @@ variable "zonal_shift_config" {
default = null
}
+variable "cluster_compute_config" {
+ type = object({
+ enabled = optional(bool, false)
+ node_pools = optional(list(string), [])
+ node_role_arn = optional(string, null)
+ })
+ description = <<-EOT
+ Configuration block with compute configuration for EKS Auto Mode
+
+ enabled: Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
+ node_pools: Optional configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are general-purpose and system.
+ node_role_arn: Optional ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster.
+ EOT
+ default = {}
+}
+
variable "private_ipv6_enabled" {
type = bool
default = false
diff --git a/main.tf b/main.tf
index cf3752e..9711964 100644
--- a/main.tf
+++ b/main.tf
@@ -14,6 +14,8 @@ locals {
}
cloudwatch_log_group_name = "/aws/eks/${module.label.id}/cluster"
+
+ auto_mode_enabled = try(var.cluster_compute_config.enabled, false)
}
module "label" {
@@ -56,19 +58,31 @@ resource "aws_kms_alias" "cluster" {
resource "aws_eks_cluster" "default" {
#bridgecrew:skip=BC_AWS_KUBERNETES_1:Allow permissive security group for public access, difficult to restrict without a VPN
#bridgecrew:skip=BC_AWS_KUBERNETES_4:Let user decide on control plane logging, not necessary in non-production environments
- count = local.enabled ? 1 : 0
- name = module.label.id
- tags = module.label.tags
- role_arn = local.eks_service_role_arn
- version = var.kubernetes_version
- enabled_cluster_log_types = var.enabled_cluster_log_types
- bootstrap_self_managed_addons = var.bootstrap_self_managed_addons_enabled
+ count = local.enabled ? 1 : 0
+ name = module.label.id
+ tags = module.label.tags
+ role_arn = local.eks_service_role_arn
+ version = var.kubernetes_version
+ enabled_cluster_log_types = var.enabled_cluster_log_types
+ # Enabling EKS Auto Mode also requires that bootstrap_self_managed_addons is set to false
+ bootstrap_self_managed_addons = local.auto_mode_enabled ? false : var.bootstrap_self_managed_addons_enabled
access_config {
authentication_mode = var.access_config.authentication_mode
bootstrap_cluster_creator_admin_permissions = var.access_config.bootstrap_cluster_creator_admin_permissions
}
+ # EKS Auto Mode
+ dynamic "compute_config" {
+ for_each = local.auto_mode_enabled && length(var.cluster_compute_config) > 0 ? [var.cluster_compute_config] : []
+
+ content {
+ enabled = local.auto_mode_enabled
+ node_pools = local.auto_mode_enabled ? try(compute_config.value.node_pools, []) : null
+ node_role_arn = local.auto_mode_enabled && length(try(compute_config.value.node_pools, [])) > 0 ? try(compute_config.value.node_role_arn, aws_iam_role.default[0].arn, null) : null
+ }
+ }
+
lifecycle {
# bootstrap_cluster_creator_admin_permissions is documented as only applying
# to the initial creation of the cluster, and being unreliable afterward,
@@ -98,6 +112,7 @@ resource "aws_eks_cluster" "default" {
dynamic "kubernetes_network_config" {
for_each = local.use_ipv6 ? [] : compact([var.service_ipv4_cidr])
+
content {
service_ipv4_cidr = kubernetes_network_config.value
}
@@ -105,11 +120,35 @@ resource "aws_eks_cluster" "default" {
dynamic "kubernetes_network_config" {
for_each = local.use_ipv6 ? [true] : []
+
content {
ip_family = "ipv6"
}
}
+ dynamic "kubernetes_network_config" {
+ for_each = local.auto_mode_enabled ? [1] : []
+
+ content {
+ dynamic "elastic_load_balancing" {
+ for_each = local.auto_mode_enabled ? [1] : []
+ content {
+ enabled = local.auto_mode_enabled
+ }
+ }
+ }
+ }
+
+ dynamic "storage_config" {
+ for_each = local.auto_mode_enabled ? [1] : []
+
+ content {
+ block_storage {
+ enabled = local.auto_mode_enabled
+ }
+ }
+ }
+
dynamic "upgrade_policy" {
for_each = var.upgrade_policy != null ? [var.upgrade_policy] : []
content {
diff --git a/variables.tf b/variables.tf
index caf6f7a..4c19e38 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,6 +1,5 @@
# tflint-ignore: terraform_unused_declarations
variable "region" {
-
type = string
description = "OBSOLETE (not needed): AWS Region"
default = null
@@ -29,6 +28,22 @@ variable "cluster_depends_on" {
default = null
}
+variable "cluster_compute_config" {
+ type = object({
+ enabled = optional(bool, false)
+ node_pools = optional(list(string), [])
+ node_role_arn = optional(string, null)
+ })
+ description = <<-EOT
+ Configuration block with compute configuration for EKS Auto Mode
+
+ enabled: Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
+ node_pools: Optional configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are general-purpose and system.
+ node_role_arn: Optional ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster.
+ EOT
+ default = {}
+}
+
variable "create_eks_service_role" {
type = bool
description = "Set `false` to use existing `eks_cluster_service_role_arn` instead of creating one"
@@ -45,7 +60,6 @@ variable "eks_cluster_service_role_arn" {
default = null
}
-
variable "kubernetes_version" {
type = string
description = "Desired Kubernetes master version. If you do not specify a value, the latest available version is used"