diff --git a/bootstrap/terraform/aws-bootstrap/existing.tf b/bootstrap/terraform/aws-bootstrap/existing.tf index 5971e0999..5c173035b 100644 --- a/bootstrap/terraform/aws-bootstrap/existing.tf +++ b/bootstrap/terraform/aws-bootstrap/existing.tf @@ -1,24 +1,31 @@ data "aws_eks_cluster" "cluster" { - count = var.create_cluster ? 0 : 1 - name = var.cluster_name + count = var.create_cluster ? 0 : 1 + name = var.cluster_name } data "aws_vpc" "vpc" { - count = var.create_cluster ? 0 : 1 - id = local.vpc_id + count = var.create_cluster ? 0 : 1 + id = local.vpc_id } -data "aws_subnet" "worker_private_subnets" { - count = length(local.worker_private_subnet_ids) - id = local.worker_private_subnet_ids[count.index] +data "aws_eks_node_groups" "cluster" { + count = var.create_cluster ? 0 : 1 + cluster_name = var.cluster_name +} + +data "aws_eks_node_group" "cluster" { + count = var.create_cluster ? 0 : length(one(data.aws_eks_node_groups.cluster[*].names)) + cluster_name = var.cluster_name + node_group_name = tolist(one(data.aws_eks_node_groups.cluster[*].names))[count.index] } -data "aws_subnet" "private_subnets" { - count = length(local.private_subnet_ids) - id = local.private_subnet_ids[count.index] +data "aws_subnet" "cluster_subnets" { + count = var.create_cluster ? 0 : length(one(data.aws_eks_cluster.test_cluster[*].vpc_config[0].subnet_ids)) + id = tolist(one(data.aws_eks_cluster.test_cluster[*].vpc_config[0].subnet_ids))[count.index] } -data "aws_subnet" "public_subnets" { - count = length(local.public_subnet_ids) - id = local.public_subnet_ids[count.index] + +data "aws_subnet" "worker_private_subnets" { + count = length(local.worker_private_subnet_ids) + id = local.worker_private_subnet_ids[count.index] } diff --git a/bootstrap/terraform/aws-bootstrap/irsa.tf b/bootstrap/terraform/aws-bootstrap/irsa.tf index 33e5d4c9c..b5c447a1c 100644 --- a/bootstrap/terraform/aws-bootstrap/irsa.tf +++ b/bootstrap/terraform/aws-bootstrap/irsa.tf @@ -1,5 +1,5 @@ resource "aws_iam_openid_connect_provider" "oidc_provider" { - count = var.enable_irsa ? 0 : 1 + count = var.enable_irsa && !var.create_cluster ? 1 : 0 client_id_list = [local.sts_principal] thumbprint_list = [var.eks_oidc_root_ca_thumbprint] url = local.cluster_oidc_issuer_url diff --git a/bootstrap/terraform/aws-bootstrap/locals.tf b/bootstrap/terraform/aws-bootstrap/locals.tf index 3a67e77ae..1c60a8ac4 100644 --- a/bootstrap/terraform/aws-bootstrap/locals.tf +++ b/bootstrap/terraform/aws-bootstrap/locals.tf @@ -1,12 +1,17 @@ locals { - sts_principal = "sts.${data.aws_partition.current.dns_suffix}" - create_vpc = var.create_cluster && var.create_vpc ? true : false - private_subnet_ids = var.create_cluster ? one(module.vpc[*].private_subnets_ids) : var.private_subnet_ids - public_subnet_ids = var.create_cluster ? one(module.vpc[*].public_subnets_ids) : var.public_subnet_ids - worker_private_subnet_ids = var.create_cluster ? one(module.vpc[*].worker_private_subnets_ids) : var.worker_private_subnet_ids - vpc_id = var.create_cluster ? one(module.vpc[*].vpc_id) : data.aws_eks_cluster.cluster[0].vpc_config[0].vpc_id - cluster_id = var.create_cluster ? one(module.cluster[*].cluster_id) : one(data.aws_eks_cluster.cluster[*].id) - cluster_config = try(var.create_cluster ? one(module.cluster[*].config_map_aws_auth) : tomap(false), {}) - cluster_oidc_issuer_url = var.create_cluster ? one(module.cluster[*].cluster_oidc_issuer_url) : one(data.aws_eks_cluster.cluster[*].identity[0].oidc.0.issuer) - cluster_endpoint = var.create_cluster ? one(module.cluster[*].cluster_endpoint) : one(data.aws_eks_cluster.cluster[*].endpoint) + sts_principal = "sts.${data.aws_partition.current.dns_suffix}" + create_vpc = var.create_cluster && var.create_vpc ? true : false + vpc_id = var.create_cluster ? one(module.vpc[*].vpc_id) : one(data.aws_eks_cluster.cluster[*].vpc_config[0].vpc_id) + cluster_id = var.create_cluster ? one(module.cluster[*].cluster_id) : one(data.aws_eks_cluster.cluster[*].id) + cluster_config = var.create_cluster ? one(module.cluster[*].config_map_aws_auth) : {} + cluster_oidc_issuer_url = var.create_cluster ? one(module.cluster[*].cluster_oidc_issuer_url) : one(data.aws_eks_cluster.cluster[*].identity[0].oidc.0.issuer) + cluster_endpoint = var.create_cluster ? one(module.cluster[*].cluster_endpoint) : one(data.aws_eks_cluster.cluster[*].endpoint) +} + +locals { + private_subnet_ids = var.create_cluster ? one(module.vpc[*].private_subnets_ids) : [for index, subnet in data.aws_subnet.cluster_subnets : subnet.id if contains(keys(subnet.tags), "kubernetes.io/role/internal-elb")] + private_subnet = var.create_cluster ? one(module.vpc[*].private_subnets_ids) : [for index, subnet in data.aws_subnet.cluster_subnets : subnet if contains(keys(subnet.tags), "kubernetes.io/role/internal-elb")] + public_subnet_ids = var.create_cluster ? one(module.vpc[*].public_subnets_ids) : [for index, subnet in data.aws_subnet.cluster_subnets : subnet.id if contains(keys(subnet.tags), "kubernetes.io/role/elb")] + public_subnet = var.create_cluster ? one(module.vpc[*].public_subnets_ids) : [for index, subnet in data.aws_subnet.cluster_subnets : subnet if contains(keys(subnet.tags), "kubernetes.io/role/elb")] + worker_private_subnet_ids = var.create_cluster ? one(module.vpc[*].worker_private_subnets_ids) : distinct(flatten([for index, group in data.aws_eks_node_group.cluster : group.subnet_ids ])) } diff --git a/bootstrap/terraform/aws-bootstrap/main.tf b/bootstrap/terraform/aws-bootstrap/main.tf index ec6329fd8..b17e2cb5a 100644 --- a/bootstrap/terraform/aws-bootstrap/main.tf +++ b/bootstrap/terraform/aws-bootstrap/main.tf @@ -3,7 +3,7 @@ data "aws_availability_zones" "available" {} data "aws_caller_identity" "current" {} module "vpc" { - count = var.create_cluster ? 1:0 + count = local.create_vpc ? 1 : 0 source = "github.com/pluralsh/terraform-aws-vpc?ref=worker_subnet" name = var.vpc_name @@ -14,7 +14,6 @@ module "vpc" { worker_private_subnets = var.worker_private_subnets enable_dns_hostnames = true enable_ipv6 = true - create_vpc = local.create_vpc database_subnets = var.database_subnets @@ -38,7 +37,7 @@ module "vpc" { } module "cluster" { - count = var.create_cluster ? 1:0 + count = var.create_cluster ? 1 : 0 source = "github.com/pluralsh/terraform-aws-eks?ref=output-service-cidr" cluster_name = var.cluster_name @@ -49,7 +48,6 @@ module "cluster" { vpc_id = local.vpc_id enable_irsa = true write_kubeconfig = false - create_eks = var.create_cluster cluster_enabled_log_types = var.cluster_enabled_log_types cluster_log_retention_in_days = var.cluster_log_retention_in_days cluster_log_kms_key_id = var.cluster_log_kms_key_id @@ -63,17 +61,17 @@ module "cluster" { } module "single_az_node_groups" { - count = var.create_cluster ? 1:0 + count = var.create_cluster ? 1 : 0 source = "github.com/pluralsh/module-library//terraform/eks-node-groups/single-az-node-groups?ref=20e64863ffc5e361045db8e6b81b9d244a55809e" cluster_name = var.cluster_name - default_iam_role_arn = module.cluster[0].worker_iam_role_arn + default_iam_role_arn = one(module.cluster[*].worker_iam_role_arn) tags = {} node_groups_defaults = var.node_groups_defaults - node_groups = try(var.create_cluster ? var.single_az_node_groups : tomap(false), {}) + node_groups = var.single_az_node_groups set_desired_size = false - private_subnets = var.create_cluster ? module.vpc[0].worker_private_subnets : [] + private_subnets = one(module.vpc[*].worker_private_subnets) ng_depends_on = [ local.cluster_config @@ -81,7 +79,7 @@ module "single_az_node_groups" { } module "multi_az_node_groups" { - count = var.create_cluster ? 1:0 + count = var.create_cluster ? 1 : 0 source = "github.com/pluralsh/module-library//terraform/eks-node-groups/multi-az-node-groups?ref=20e64863ffc5e361045db8e6b81b9d244a55809e" cluster_name = var.cluster_name @@ -89,7 +87,7 @@ module "multi_az_node_groups" { tags = {} node_groups_defaults = var.node_groups_defaults - node_groups = try(var.create_cluster ? var.multi_az_node_groups : tomap(false), {}) + node_groups = var.multi_az_node_groups set_desired_size = false private_subnet_ids = local.worker_private_subnet_ids @@ -100,6 +98,7 @@ module "multi_az_node_groups" { resource "aws_eks_addon" "vpc_cni" { count = var.create_cluster ? 1 : 0 + cluster_name = local.cluster_id addon_name = "vpc-cni" addon_version = var.vpc_cni_addon_version @@ -115,6 +114,7 @@ resource "aws_eks_addon" "vpc_cni" { resource "aws_eks_addon" "core_dns" { count = var.create_cluster ? 1 : 0 + cluster_name = local.cluster_id addon_name = "coredns" addon_version = var.core_dns_addon_version @@ -130,6 +130,7 @@ resource "aws_eks_addon" "core_dns" { resource "aws_eks_addon" "kube_proxy" { count = var.create_cluster ? 1 : 0 + cluster_name = local.cluster_id addon_name = "kube-proxy" addon_version = var.kube_proxy_addon_version @@ -144,7 +145,7 @@ resource "aws_eks_addon" "kube_proxy" { } resource "kubernetes_namespace" "bootstrap" { - count = var.create_cluster ? 1:0 + count = var.create_cluster ? 1 : 0 metadata { name = "bootstrap" diff --git a/bootstrap/terraform/aws-bootstrap/output.tf b/bootstrap/terraform/aws-bootstrap/output.tf index 147841aad..e9f369f80 100644 --- a/bootstrap/terraform/aws-bootstrap/output.tf +++ b/bootstrap/terraform/aws-bootstrap/output.tf @@ -11,7 +11,7 @@ output "cluster_oidc_issuer_url" { } output "cluster_private_subnets" { - value = data.aws_subnet.private_subnets + value = local.private_subnet } output "cluster_worker_private_subnets" { @@ -19,7 +19,7 @@ output "cluster_worker_private_subnets" { } output "cluster_public_subnets" { - value = data.aws_subnet.public_subnets + value = local.public_subnet } output "cluster_private_subnet_ids" { @@ -35,28 +35,28 @@ output "cluster_public_subnet_ids" { } output "worker_role_arn" { - value = var.create_cluster ? module.cluster[0].worker_iam_role_arn : "" + value = var.create_cluster ? one(module.cluster[*].worker_iam_role_arn) : "" } output "node_groups" { - value = try(var.create_cluster ?[for d in merge(module.single_az_node_groups[0].node_groups, module.multi_az_node_groups[0].node_groups): d]: tomap(false), {}) + value = var.create_cluster ? [for d in merge(one(module.single_az_node_groups[*].node_groups), one(module.multi_az_node_groups[*].node_groups)): d] : {} } output "vpc" { - value = try(var.create_cluster ? module.vpc[0] : tomap(false), data.aws_vpc.vpc[0]) + value = var.create_cluster ? one(module.vpc[*]) : one(data.aws_vpc.vpc[*]) } output "vpc_cidr" { - value = var.create_cluster ? module.vpc[0].vpc_cidr_block : data.aws_vpc.vpc[0].cidr_block + value = var.create_cluster ? one(module.vpc[*].vpc_cidr_block) : one(data.aws_vpc.vpc[*].cidr_block) } output "cluster" { - value = try(var.create_cluster ? module.cluster[0] : tomap(false), data.aws_eks_cluster.cluster[0]) + value = var.create_cluster ? one(module.cluster[*]) : (data.aws_eks_cluster.cluster[*]) } output "cluster_service_ipv4_cidr" { - value = var.create_cluster ? module.cluster[0].cluster_service_ipv4_cidr : data.aws_eks_cluster.cluster[0].kubernetes_network_config[0].service_ipv4_cidr + value = var.create_cluster ? one(module.cluster[*].cluster_service_ipv4_cidr) : one(data.aws_eks_cluster.cluster[*].kubernetes_network_config[0].service_ipv4_cidr) } output "capa_iam_role_arn" { diff --git a/bootstrap/terraform/aws-bootstrap/terraform.tfvars b/bootstrap/terraform/aws-bootstrap/terraform.tfvars index 037036bdf..437a4acb8 100644 --- a/bootstrap/terraform/aws-bootstrap/terraform.tfvars +++ b/bootstrap/terraform/aws-bootstrap/terraform.tfvars @@ -2,6 +2,7 @@ vpc_name = {{ .Values.vpc_name | quote }} cluster_name = {{ .Cluster | quote }} {{- if eq .ClusterAPI true }} create_cluster = false +enable_irsa = false {{- end }} map_roles = [