Skip to content

Commit

Permalink
Define kubernetes_network_config explicitly - 5.10.0 (#309)
Browse files Browse the repository at this point in the history 
(cherry picked from commit 32e61f0)
  • Loading branch information
@miguelhar @ddl-aabdala
miguelhar authored and ddl-aabdala committed Jan 16, 2025
1 parent 33e9b07 commit 31b169c
Show file tree
Hide file tree
Showing 8 changed files with 43 additions and 19 deletions.
2 changes: 1 addition & 1 deletion .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ repos:
args:
- '--args=--compact'
- '--args=--quiet'
- '--args=--skip-check CKV_CIRCLECIPIPELINES_2,CKV_CIRCLECIPIPELINES_6,CKV2_AWS_11,CKV2_AWS_12,CKV2_AWS_6,CKV_AWS_109,CKV_AWS_111,CKV_AWS_135,CKV_AWS_144,CKV_AWS_145,CKV_AWS_158,CKV_AWS_18,CKV_AWS_184,CKV_AWS_19,CKV_AWS_21,CKV_AWS_66,CKV_AWS_88,CKV2_GHA_1,CKV_AWS_163,CKV_AWS_39,CKV_AWS_38,CKV2_AWS_61,CKV2_AWS_62,CKV_AWS_136,CKV_AWS_329,CKV_AWS_338,CKV_AWS_339,CKV_AWS_341,CKV_AWS_356,CKV2_AWS_19,CKV2_AWS_5,CKV_AWS_150,CKV_AWS_123,CKV2_AWS_65'
- '--args=--skip-check CKV_CIRCLECIPIPELINES_2,CKV_CIRCLECIPIPELINES_6,CKV2_AWS_11,CKV2_AWS_12,CKV2_AWS_6,CKV_AWS_109,CKV_AWS_111,CKV_AWS_135,CKV_AWS_144,CKV_AWS_145,CKV_AWS_158,CKV_AWS_18,CKV_AWS_184,CKV_AWS_19,CKV_AWS_21,CKV_AWS_66,CKV_AWS_88,CKV2_GHA_1,CKV_AWS_163,CKV_AWS_39,CKV_AWS_38,CKV2_AWS_61,CKV2_AWS_62,CKV_AWS_136,CKV_AWS_329,CKV_AWS_338,CKV_AWS_339,CKV_AWS_341,CKV_AWS_356,CKV2_AWS_19,CKV2_AWS_5,CKV_AWS_150,CKV_AWS_123,CKV2_AWS_65,CKV_AWS_67,CKV_AWS_382'
- id: terraform_trivy
args:
- '--args=--severity=HIGH,CRITICAL'
Expand Down
20 changes: 15 additions & 5 deletions modules/eks/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,14 +197,24 @@ locals {
} : {})


eks_network_config = aws_eks_cluster.this.kubernetes_network_config[0]

eks_info = {
cluster = {
specs = {
name = aws_eks_cluster.this.name
endpoint = aws_eks_cluster.this.endpoint
certificate_authority = aws_eks_cluster.this.certificate_authority
kubernetes_network_config = aws_eks_cluster.this.kubernetes_network_config
account_id = data.aws_caller_identity.cluster_aws_account.account_id
name = aws_eks_cluster.this.name
endpoint = aws_eks_cluster.this.endpoint
certificate_authority = aws_eks_cluster.this.certificate_authority
kubernetes_network_config = {
elastic_load_balancing = {
enabled = try(local.eks_network_config.elastic_load_balancing[0].enabled, false)
}
ip_family = local.eks_network_config.ip_family
service_ipv4_cidr = local.eks_network_config.service_ipv4_cidr
service_ipv6_cidr = local.eks_network_config.service_ipv6_cidr

}
account_id = data.aws_caller_identity.cluster_aws_account.account_id
}
addons = var.eks.cluster_addons
vpc_cni = var.eks.vpc_cni
Expand Down
4 changes: 2 additions & 2 deletions modules/nodes/README.md
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion modules/nodes/nodes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ resource "aws_launch_template" "node_groups" {
cluster_endpoint = var.eks_info.cluster.specs.endpoint
cluster_auth_base64 = var.eks_info.cluster.specs.certificate_authority[0].data
# Optional
cluster_service_ipv4_cidr = var.eks_info.cluster.specs.kubernetes_network_config[0].service_ipv4_cidr != null ? var.eks_info.cluster.specs.kubernetes_network_config[0].service_ipv4_cidr : ""
cluster_service_ipv4_cidr = var.eks_info.cluster.specs.kubernetes_network_config.service_ipv4_cidr != null ? var.eks_info.cluster.specs.kubernetes_network_config.service_ipv4_cidr : ""
bootstrap_extra_args = each.value.bootstrap_extra_args
pre_bootstrap_user_data = ""
post_bootstrap_user_data = ""
Expand Down
15 changes: 11 additions & 4 deletions modules/nodes/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,10 +109,17 @@ variable "eks_info" {
annotate_pod_ip = optional(bool, true)
}))
specs = object({
name = string
endpoint = string
kubernetes_network_config = list(map(any))
certificate_authority = list(map(any))
name = string
endpoint = string
kubernetes_network_config = object({
elastic_load_balancing = object({
enabled = bool
})
ip_family = string
service_ipv4_cidr = string
service_ipv6_cidr = string
})
certificate_authority = list(map(any))
})
version = string
arn = string
Expand Down
2 changes: 1 addition & 1 deletion modules/single-node/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ No modules.

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br> addons = List of addons<br> specs = Cluster spes. {<br> name = Cluster name.<br> endpoint = Cluster endpont.<br> kubernetes\_network\_config = Cluster k8s nw config.<br> }<br> version = K8s version.<br> arn = EKS Cluster arn.<br> security\_group\_id = EKS Cluster security group id.<br> endpoint = EKS Cluster API endpoint.<br> roles = Default IAM Roles associated with the EKS cluster. {<br> name = string<br> arn = string<br> }<br> custom\_roles = Custom IAM Roles associated with the EKS cluster. {<br> rolearn = string<br> username = string<br> groups = list(string)<br> }<br> oidc = {<br> arn = OIDC provider ARN.<br> url = OIDC provider url.<br> }<br> }<br> nodes = {<br> security\_group\_id = EKS Nodes security group id.<br> roles = IAM Roles associated with the EKS Nodes.{<br> name = string<br> arn = string<br> }<br> }<br> kubeconfig = Kubeconfig details.{<br> path = string<br> extra\_args = string<br> } | <pre>object({<br> k8s_pre_setup_sh_file = string<br> cluster = object({<br> addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br> vpc_cni = optional(object({<br> prefix_delegation = optional(bool, false)<br> annotate_pod_ip = optional(bool, true)<br> }))<br> specs = object({<br> name = string<br> endpoint = string<br> kubernetes_network_config = list(map(any))<br> certificate_authority = list(map(any))<br> })<br> version = string<br> arn = string<br> security_group_id = string<br> endpoint = string<br> roles = list(object({<br> name = string<br> arn = string<br> }))<br> custom_roles = list(object({<br> rolearn = string<br> username = string<br> groups = list(string)<br> }))<br> oidc = object({<br> arn = string<br> url = string<br> })<br> })<br> nodes = object({<br> security_group_id = string<br> roles = list(object({<br> name = string<br> arn = string<br> }))<br> })<br> kubeconfig = object({<br> path = string<br> extra_args = string<br> })<br> })</pre> | n/a | yes |
| <a name="input_eks_info"></a> [eks\_info](#input\_eks\_info) | cluster = {<br> addons = List of addons<br> specs = Cluster spes. {<br> name = Cluster name.<br> endpoint = Cluster endpont.<br> kubernetes\_network\_config = Cluster k8s nw config.<br> }<br> version = K8s version.<br> arn = EKS Cluster arn.<br> security\_group\_id = EKS Cluster security group id.<br> endpoint = EKS Cluster API endpoint.<br> roles = Default IAM Roles associated with the EKS cluster. {<br> name = string<br> arn = string<br> }<br> custom\_roles = Custom IAM Roles associated with the EKS cluster. {<br> rolearn = string<br> username = string<br> groups = list(string)<br> }<br> oidc = {<br> arn = OIDC provider ARN.<br> url = OIDC provider url.<br> }<br> }<br> nodes = {<br> security\_group\_id = EKS Nodes security group id.<br> roles = IAM Roles associated with the EKS Nodes.{<br> name = string<br> arn = string<br> }<br> }<br> kubeconfig = Kubeconfig details.{<br> path = string<br> extra\_args = string<br> } | <pre>object({<br> k8s_pre_setup_sh_file = string<br> cluster = object({<br> addons = optional(list(string), ["kube-proxy", "coredns", "vpc-cni"])<br> vpc_cni = optional(object({<br> prefix_delegation = optional(bool, false)<br> annotate_pod_ip = optional(bool, true)<br> }))<br> specs = object({<br> name = string<br> endpoint = string<br> kubernetes_network_config = object({<br> elastic_load_balancing = object({<br> enabled = bool<br> })<br> ip_family = string<br> service_ipv4_cidr = string<br> service_ipv6_cidr = string<br> })<br> certificate_authority = list(map(any))<br> })<br> version = string<br> arn = string<br> security_group_id = string<br> endpoint = string<br> roles = list(object({<br> name = string<br> arn = string<br> }))<br> custom_roles = list(object({<br> rolearn = string<br> username = string<br> groups = list(string)<br> }))<br> oidc = object({<br> arn = string<br> url = string<br> })<br> })<br> nodes = object({<br> security_group_id = string<br> roles = list(object({<br> name = string<br> arn = string<br> }))<br> })<br> kubeconfig = object({<br> path = string<br> extra_args = string<br> })<br> })</pre> | n/a | yes |
| <a name="input_kms_info"></a> [kms\_info](#input\_kms\_info) | key\_id = KMS key id.<br> key\_arn = KMS key arn.<br> enabled = KMS key is enabled | <pre>object({<br> key_id = string<br> key_arn = string<br> enabled = bool<br> })</pre> | n/a | yes |
| <a name="input_network_info"></a> [network\_info](#input\_network\_info) | id = VPC ID.<br> subnets = {<br> public = List of public Subnets.<br> [{<br> name = Subnet name.<br> subnet\_id = Subnet ud<br> az = Subnet availability\_zone<br> az\_id = Subnet availability\_zone\_id<br> }]<br> private = List of private Subnets.<br> [{<br> name = Subnet name.<br> subnet\_id = Subnet ud<br> az = Subnet availability\_zone<br> az\_id = Subnet availability\_zone\_id<br> }]<br> pod = List of pod Subnets.<br> [{<br> name = Subnet name.<br> subnet\_id = Subnet ud<br> az = Subnet availability\_zone<br> az\_id = Subnet availability\_zone\_id<br> }]<br> } | <pre>object({<br> vpc_id = string<br> subnets = object({<br> public = list(object({<br> name = string<br> subnet_id = string<br> az = string<br> az_id = string<br> }))<br> private = optional(list(object({<br> name = string<br> subnet_id = string<br> az = string<br> az_id = string<br> })), [])<br> pod = optional(list(object({<br> name = string<br> subnet_id = string<br> az = string<br> az_id = string<br> })), [])<br> })<br> })</pre> | n/a | yes |
| <a name="input_region"></a> [region](#input\_region) | AWS region for the deployment | `string` | n/a | yes |
Expand Down
2 changes: 1 addition & 1 deletion modules/single-node/single-node.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ resource "aws_launch_template" "single_node" {
cluster_endpoint = var.eks_info.cluster.specs.endpoint
cluster_auth_base64 = var.eks_info.cluster.specs.certificate_authority[0].data
# Optional
cluster_service_ipv4_cidr = var.eks_info.cluster.specs.kubernetes_network_config[0].service_ipv4_cidr != null ? var.eks_info.cluster.specs.kubernetes_network_config[0].service_ipv4_cidr : ""
cluster_service_ipv4_cidr = var.eks_info.cluster.specs.kubernetes_network_config.service_ipv4_cidr != null ? var.eks_info.cluster.specs.kubernetes_network_config.service_ipv4_cidr : ""
bootstrap_extra_args = local.bootstrap_extra_args
pre_bootstrap_user_data = ""
post_bootstrap_user_data = ""
Expand Down
15 changes: 11 additions & 4 deletions modules/single-node/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,10 +109,17 @@ variable "eks_info" {
annotate_pod_ip = optional(bool, true)
}))
specs = object({
name = string
endpoint = string
kubernetes_network_config = list(map(any))
certificate_authority = list(map(any))
name = string
endpoint = string
kubernetes_network_config = object({
elastic_load_balancing = object({
enabled = bool
})
ip_family = string
service_ipv4_cidr = string
service_ipv6_cidr = string
})
certificate_authority = list(map(any))
})
version = string
arn = string
Expand Down

0 comments on commit 31b169c

Please sign in to comment.