How do I set HTTP proxy for Amazon EKS containerd nodes? #1672
Comments
|
Hi @chugai-so-ukiyama, thanks for issue. At the moment we do not have this pattern implemented in this project. I will add this to our backlog for now. In the meantime, I recommend taking a look at https://github.com/terraform-aws-modules/terraform-aws-eks/blob/master/docs/user_data.md for information on how to pass user data provided in that article to nodes of a MNG. Please feel free to post any findings/issues here. |
|
Hi @askulkarni2 Maybe you'll be able to light my lantern ? 🤞 I've a similar demand for a [settings.kubernetes]
"cluster-name" = "eks-z1-mwaa-test-mng-calico"
"api-server" = "https://44B08416040A17E5F574A6E63F6738D5.gr7.eu-west-3.eks.amazonaws.com"
"cluster-certificate" = ...
"cluster-dns-ip" = "172.20.0.10"
[settings.kubernetes.node-labels] <==== created through k8s_labels variable
"lifecycle" = "on_demand"
"eks.amazonaws.com/nodegroup-image" = "ami-0e63a05ceec3cf941"
"eks.amazonaws.com/capacityType" = "ON_DEMAND"
"eks.amazonaws.com/nodegroup" = "managed-ondemand-1-20230908145012907000000005"Am I missing something, or is it a normal behavior from the Sample code from module call: module "eks_blueprints" {
source = "github.com/aws-ia/terraform-aws-eks-blueprints?ref=v4.32.1"
...
managed_node_groups = var.managed_node_groups
}
managed_node_groups = {
"airflow-workers" = {
ami_type = "BOTTLEROCKET_x86_64"
capacity_type = "ON_DEMAND"
instance_types = var.eks_mng_instance_types
subnet_ids = data.aws_subnets.private["z1"].ids
max_size = var.eks_mng_max_size
min_size = var.eks_mng_min_size
desired_size = var.eks_mng_desired_size
node_group_name = "${var.node_group_name}-1"
k8s_taints = []
k8s_labels = { lifecycle = lower(var.eks_mng_capacity_type) } # var.eks_mng_k8s_labels
enable_metadata_options = true
http_endpoint = "disabled"
http_tokens = "required" #tfsec:ignore:aws-autoscaling-enforce-http-token-imds
http_put_response_hop_limit = 1
http_protocol_ipv6 = null
instance_metadata_tags = "disabled"
bootstrap_extra_args = "--use-max-pods false --container-runtime containerd"
kubelet_extra_args = "--node-labels=arch=x86,WorkerType=${var.eks_mng_capacity_type} --max-pods=110"
custom_ami_id = data.aws_ami.mng_ami.id #"ami-0e63a05ceec3cf941"
launch_template_os = "bottlerocket" <====
create_launch_template = true <==== Is it set to true (https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/8a06a6e7006e4bed5630bd49c7434d76c59e0b5e/modules/aws-eks-managed-node-groups/managed-launch-templates.tf#L2)
pre_userdata = ""
post_userdata = templatefile("${path.module}/templates/eks_mng_node_postuserdata.tpl",
{
node_proxy = local.node_proxy,
node_no_proxy = local.node_no_proxy
})
# block_device_mappings only used when create_launch_template is set to true
# https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/v4.32.1/modules/aws-eks-managed-node-groups/managed-launch-templates.tf#L2
block_device_mappings = [{
device_name = "/dev/xvda"
volume_type = var.eks_mng_block_volume_type #"gp3" # The volume type. Can be standard, gp2, gp3, io1, io2, sc1 or st1 (Default: gp3).
volume_size = 150
delete_on_termination = true
encrypted = true
kms_key_id = var.ebs_kms_key_id
throughput = 125
}]
}
}
[settings.network]
https-proxy = "${node_proxy}"
no-proxy = "${node_no_proxy}"By the way, same issue with Can you help with this? Thanks a lot for your time. Emmanuel |
Please describe your question here
I would like to set up an https proxy for the nodes of my fully-private EKS cluster.
How can I implement like the link below in terraform?
https://repost.aws/knowledge-center/eks-http-proxy-containerd-automation
Provide a link to the example/module related to the question
Additional context
best regards.
The text was updated successfully, but these errors were encountered: