From 4264a5fe6ef6ca157644221fefa944e24a0ccee5 Mon Sep 17 00:00:00 2001 From: "Thierno IB. BARRY" Date: Wed, 11 Sep 2019 18:25:33 +0200 Subject: [PATCH] use default_iam_role_id interpolation for aws_iam_instance_profile (#489) --- CHANGELOG.md | 1 + local.tf | 70 ++++++++++++++++---------------- workers.tf | 2 +- workers_launch_template.tf | 2 +- workers_launch_template_mixed.tf | 2 +- 5 files changed, 39 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fd848f07d2..55ce4a23e8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,7 @@ project adheres to [Semantic Versioning](http://semver.org/). - Removed historical mention of adding caller's IPv4 to cluster security group (by @dpiddockcmp) - Wrapped `kubelet_extra_args` in double quotes instead of singe quotes (by @nxf5025) - Write your awesome change here (by @you) + - Make terraform plan more consistent and avoid unnecessary "(known after apply)" (by @barryib) # History diff --git a/local.tf b/local.tf index c4cdab0a14..a66452f3b8 100644 --- a/local.tf +++ b/local.tf @@ -14,41 +14,41 @@ locals { worker_group_launch_template_mixed_count = length(var.worker_groups_launch_template_mixed) workers_group_defaults_defaults = { - name = "count.index" # Name of the worker group. Literal count.index will never be used but if name is not set, the count.index interpolation will be used. - tags = [] # A list of map defining extra tags to be applied to the worker group ASG. - ami_id = data.aws_ami.eks_worker.id # AMI ID for the eks workers. If none is provided, Terraform will search for the latest version of their EKS optimized worker AMI. - asg_desired_capacity = "1" # Desired worker capacity in the autoscaling group. - asg_max_size = "3" # Maximum worker capacity in the autoscaling group. - asg_min_size = "1" # Minimum worker capacity in the autoscaling group. - asg_force_delete = false # Enable forced deletion for the autoscaling group. - asg_initial_lifecycle_hooks = [] # Initital lifecycle hook for the autoscaling group. - asg_recreate_on_change = false # Recreate the autoscaling group when LT or LC change. - instance_type = "m4.large" # Size of the workers instances. - spot_price = "" # Cost of spot instance. - placement_tenancy = "" # The tenancy of the instance. Valid values are "default" or "dedicated". - root_volume_size = "100" # root volume size of workers instances. - root_volume_type = "gp2" # root volume type of workers instances, can be 'standard', 'gp2', or 'io1' - root_iops = "0" # The amount of provisioned IOPS. This must be set with a volume_type of "io1". - key_name = "" # The key name that should be used for the instances in the autoscaling group - pre_userdata = "" # userdata to pre-append to the default userdata. - bootstrap_extra_args = "" # Extra arguments passed to the bootstrap.sh script from the EKS AMI. - additional_userdata = "" # userdata to append to the default userdata. - ebs_optimized = true # sets whether to use ebs optimization on supported types. - enable_monitoring = true # Enables/disables detailed monitoring. - public_ip = false # Associate a public ip address with a worker - kubelet_extra_args = "" # This string is passed directly to kubelet if set. Useful for adding labels or taints. - subnets = var.subnets # A list of subnets to place the worker nodes in. i.e. ["subnet-123", "subnet-456", "subnet-789"] - autoscaling_enabled = false # Sets whether policy and matching tags will be added to allow autoscaling. - additional_security_group_ids = [] # A list of additional security group ids to include in worker launch config - protect_from_scale_in = false # Prevent AWS from scaling in, so that cluster-autoscaler is solely responsible. - iam_instance_profile_name = "" # A custom IAM instance profile name. Used when manage_worker_iam_resources is set to false. Incompatible with iam_role_id. - iam_role_id = local.default_iam_role_id # A custom IAM role id. Incompatible with iam_instance_profile_name. - suspended_processes = ["AZRebalance"] # A list of processes to suspend. i.e. ["AZRebalance", "HealthCheck", "ReplaceUnhealthy"] - target_group_arns = [] # A list of ALB target group ARNs to be associated to the ASG - enabled_metrics = [] # A list of metrics to be collected i.e. ["GroupMinSize", "GroupMaxSize", "GroupDesiredCapacity"] - placement_group = "" # The name of the placement group into which to launch the instances, if any. - service_linked_role_arn = "" # Arn of custom service linked role that Auto Scaling group will use. Useful when you have encrypted EBS - termination_policies = [] # A list of policies to decide how the instances in the auto scale group should be terminated. + name = "count.index" # Name of the worker group. Literal count.index will never be used but if name is not set, the count.index interpolation will be used. + tags = [] # A list of map defining extra tags to be applied to the worker group ASG. + ami_id = data.aws_ami.eks_worker.id # AMI ID for the eks workers. If none is provided, Terraform will search for the latest version of their EKS optimized worker AMI. + asg_desired_capacity = "1" # Desired worker capacity in the autoscaling group. + asg_max_size = "3" # Maximum worker capacity in the autoscaling group. + asg_min_size = "1" # Minimum worker capacity in the autoscaling group. + asg_force_delete = false # Enable forced deletion for the autoscaling group. + asg_initial_lifecycle_hooks = [] # Initital lifecycle hook for the autoscaling group. + asg_recreate_on_change = false # Recreate the autoscaling group when LT or LC change. + instance_type = "m4.large" # Size of the workers instances. + spot_price = "" # Cost of spot instance. + placement_tenancy = "" # The tenancy of the instance. Valid values are "default" or "dedicated". + root_volume_size = "100" # root volume size of workers instances. + root_volume_type = "gp2" # root volume type of workers instances, can be 'standard', 'gp2', or 'io1' + root_iops = "0" # The amount of provisioned IOPS. This must be set with a volume_type of "io1". + key_name = "" # The key name that should be used for the instances in the autoscaling group + pre_userdata = "" # userdata to pre-append to the default userdata. + bootstrap_extra_args = "" # Extra arguments passed to the bootstrap.sh script from the EKS AMI. + additional_userdata = "" # userdata to append to the default userdata. + ebs_optimized = true # sets whether to use ebs optimization on supported types. + enable_monitoring = true # Enables/disables detailed monitoring. + public_ip = false # Associate a public ip address with a worker + kubelet_extra_args = "" # This string is passed directly to kubelet if set. Useful for adding labels or taints. + subnets = var.subnets # A list of subnets to place the worker nodes in. i.e. ["subnet-123", "subnet-456", "subnet-789"] + autoscaling_enabled = false # Sets whether policy and matching tags will be added to allow autoscaling. + additional_security_group_ids = [] # A list of additional security group ids to include in worker launch config + protect_from_scale_in = false # Prevent AWS from scaling in, so that cluster-autoscaler is solely responsible. + iam_instance_profile_name = "" # A custom IAM instance profile name. Used when manage_worker_iam_resources is set to false. Incompatible with iam_role_id. + iam_role_id = "local.default_iam_role_id" # A custom IAM role id. Incompatible with iam_instance_profile_name. Literal local.default_iam_role_id will never be used but if iam_role_id is not set, the local.default_iam_role_id interpolation will be used. + suspended_processes = ["AZRebalance"] # A list of processes to suspend. i.e. ["AZRebalance", "HealthCheck", "ReplaceUnhealthy"] + target_group_arns = [] # A list of ALB target group ARNs to be associated to the ASG + enabled_metrics = [] # A list of metrics to be collected i.e. ["GroupMinSize", "GroupMaxSize", "GroupDesiredCapacity"] + placement_group = "" # The name of the placement group into which to launch the instances, if any. + service_linked_role_arn = "" # Arn of custom service linked role that Auto Scaling group will use. Useful when you have encrypted EBS + termination_policies = [] # A list of policies to decide how the instances in the auto scale group should be terminated. # Settings for launch templates root_block_device_name = data.aws_ami.eks_worker.root_device_name # Root device name for workers. If non is provided, will assume default AMI was used. root_kms_key_id = "" # The KMS key to use when encrypting the root storage device diff --git a/workers.tf b/workers.tf index cda6865090..ec919024d2 100644 --- a/workers.tf +++ b/workers.tf @@ -328,7 +328,7 @@ resource "aws_iam_instance_profile" "workers" { role = lookup( var.worker_groups[count.index], "iam_role_id", - local.workers_group_defaults["iam_role_id"], + local.default_iam_role_id, ) path = var.iam_path diff --git a/workers_launch_template.tf b/workers_launch_template.tf index 18d09ba92d..6860187651 100644 --- a/workers_launch_template.tf +++ b/workers_launch_template.tf @@ -339,7 +339,7 @@ resource "aws_iam_instance_profile" "workers_launch_template" { role = lookup( var.worker_groups_launch_template[count.index], "iam_role_id", - local.workers_group_defaults["iam_role_id"], + local.default_iam_role_id, ) path = var.iam_path } diff --git a/workers_launch_template_mixed.tf b/workers_launch_template_mixed.tf index 5bf66c499c..3faa8a7ae8 100644 --- a/workers_launch_template_mixed.tf +++ b/workers_launch_template_mixed.tf @@ -382,7 +382,7 @@ resource "aws_iam_instance_profile" "workers_launch_template_mixed" { role = lookup( var.worker_groups_launch_template_mixed[count.index], "iam_role_id", - local.workers_group_defaults["iam_role_id"], + local.default_iam_role_id, ) path = var.iam_path }