chore: Update examples to better demonstrate questions raised through issues (#2294)

Resolves undefined
2026-03-21 17:09:04 +01:00 · 2022-11-08 03:29:42 -05:00
parent 417788cc2b
commit 1bc86e19aa
1 changed files with 45 additions and 17 deletions
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -1,11 +1,5 @@
 provider "aws" {
  region = local.region
-
-  default_tags {
-    tags = {
-      ExampleDefaultTag = "ExampleDefaultValue"
-    }
-  }
 }

 provider "kubernetes" {
@@ -196,12 +190,14 @@ module "eks" {
    }
  }

-  # OIDC Identity provider
-  cluster_identity_providers = {
-    sts = {
-      client_id = "sts.amazonaws.com"
-    }
-  }
+  # Create a new cluster where both an identity provider and Fargate profile is created
+  # will result in conflicts since only one can take place at a time
+  # # OIDC Identity provider
+  # cluster_identity_providers = {
+  #   sts = {
+  #     client_id = "sts.amazonaws.com"
+  #   }
+  # }

  # aws-auth configmap
  manage_aws_auth_configmap = true
@@ -216,10 +212,30 @@ module "eks" {

  aws_auth_roles = [
    {
-      rolearn  = "arn:aws:iam::66666666666:role/role1"
-      username = "role1"
-      groups   = ["system:masters"]
+      rolearn  = module.eks_managed_node_group.iam_role_arn
+      username = "system:node:{{EC2PrivateDNSName}}"
+      groups = [
+        "system:bootstrappers",
+        "system:nodes",
+      ]
    },
+    {
+      rolearn  = module.self_managed_node_group.iam_role_arn
+      username = "system:node:{{EC2PrivateDNSName}}"
+      groups = [
+        "system:bootstrappers",
+        "system:nodes",
+      ]
+    },
+    {
+      rolearn  = module.fargate_profile.fargate_profile_pod_execution_role_arn
+      username = "system:node:{{SessionName}}"
+      groups = [
+        "system:bootstrappers",
+        "system:nodes",
+        "system:node-proxier",
+      ]
+    }
  ]

  aws_auth_users = [
@@ -261,6 +277,20 @@ module "eks_managed_node_group" {
    module.eks.cluster_security_group_id,
  ]

+  ami_type = "BOTTLEROCKET_x86_64"
+  platform = "bottlerocket"
+
+  # this will get added to what AWS provides
+  bootstrap_extra_args = <<-EOT
+    # extra args added
+    [settings.kernel]
+    lockdown = "integrity"
+
+    [settings.kubernetes.node-labels]
+    "label1" = "foo"
+    "label2" = "bar"
+  EOT
+
  tags = merge(local.tags, { Separate = "eks-managed-node-group" })
 }

@@ -282,8 +312,6 @@ module "self_managed_node_group" {
    module.eks.cluster_security_group_id,
  ]

-  use_default_tags = true
-
  tags = merge(local.tags, { Separate = "self-managed-node-group" })
 }