diff --git a/examples/fargate_profile/main.tf b/examples/fargate_profile/main.tf index 860ec55..ac24389 100644 --- a/examples/fargate_profile/main.tf +++ b/examples/fargate_profile/main.tf @@ -54,44 +54,48 @@ module "eks" { } } - fargate_profiles = { - example = { - name = "example" - selectors = [ - { - namespace = "backend" - labels = { - Application = "backend" - } - }, - { - namespace = "app-*" - labels = { - Application = "app-wildcard" + fargate_profiles = merge( + { + example = { + name = "example" + selectors = [ + { + namespace = "backend" + labels = { + Application = "backend" + } + }, + { + namespace = "app-*" + labels = { + Application = "app-wildcard" + } } + ] + + # Using specific subnets instead of the subnets supplied for the cluster itself + subnet_ids = [module.vpc.private_subnets[1]] + + tags = { + Owner = "secondary" } - ] - # Using specific subnets instead of the subnets supplied for the cluster itself - subnet_ids = [module.vpc.private_subnets[1]] - - tags = { - Owner = "secondary" + timeouts = { + create = "20m" + delete = "20m" + } } - - timeouts = { - create = "20m" - delete = "20m" + }, + { for i in range(3) : + "kube-system-${element(split("-", local.azs[i]), 2)}" => { + selectors = [ + { namespace = "kube-system" } + ] + # We want to create a profile per AZ for high availability + subnet_ids = element(module.vpc.private_subnets, i) } } - - kube_system = { - name = "kube-system" - selectors = [ - { namespace = "kube-system" } - ] - } - } + ) tags = local.tags } diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf index 6667470..497fab7 100644 --- a/examples/karpenter/main.tf +++ b/examples/karpenter/main.tf @@ -92,6 +92,10 @@ module "eks" { subnet_ids = module.vpc.private_subnets control_plane_subnet_ids = module.vpc.intra_subnets + # Fargate profiles use the cluster primary security group so these are not utilized + create_cluster_security_group = false + create_node_security_group = false + manage_aws_auth_configmap = true aws_auth_roles = [ # We need to add in the Karpenter node IAM role for nodes launched by Karpenter @@ -105,21 +109,26 @@ module "eks" { }, ] - fargate_profiles = { - kube_system = { - name = "kube-system" - selectors = [ - { namespace = "kube-system" } - ] - } - - karpenter = { - name = "karpenter" - selectors = [ - { namespace = "karpenter" } - ] - } - } + fargate_profiles = merge( + { for i in range(3) : + "kube-system-${element(split("-", local.azs[i]), 2)}" => { + selectors = [ + { namespace = "kube-system" } + ] + # We want to create a profile per AZ for high availability + subnet_ids = [element(module.vpc.private_subnets, i)] + } + }, + { for i in range(3) : + "karpenter-${element(split("-", local.azs[i]), 2)}" => { + selectors = [ + { namespace = "karpenter" } + ] + # We want to create a profile per AZ for high availability + subnet_ids = [element(module.vpc.private_subnets, i)] + } + }, + ) tags = merge(local.tags, { # NOTE - if creating multiple security groups with this module, only tag the @@ -151,7 +160,7 @@ resource "helm_release" "karpenter" { repository_username = data.aws_ecrpublic_authorization_token.token.user_name repository_password = data.aws_ecrpublic_authorization_token.token.password chart = "karpenter" - version = "v0.19.3" + version = "v0.21.1" set { name = "settings.aws.clusterName" diff --git a/examples/outposts/main.tf b/examples/outposts/main.tf index 50cbc95..5dc4797 100644 --- a/examples/outposts/main.tf +++ b/examples/outposts/main.tf @@ -64,14 +64,6 @@ module "eks" { } } - self_managed_node_group_defaults = { - attach_cluster_primary_security_group = true - - iam_role_additional_policies = { - AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" - } - } - self_managed_node_groups = { outpost = { name = local.name