mirror of
https://github.com/ysoftdevs/terraform-aws-eks.git
synced 2026-04-18 06:49:37 +02:00
chore: Update examples for Fargate high availability (#2378)
This commit is contained in:
Bryant Biggs
@@ -54,44 +54,48 @@ module "eks" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fargate_profiles = {
|
fargate_profiles = merge(
|
||||||
example = {
|
{
|
||||||
name = "example"
|
example = {
|
||||||
selectors = [
|
name = "example"
|
||||||
{
|
selectors = [
|
||||||
namespace = "backend"
|
{
|
||||||
labels = {
|
namespace = "backend"
|
||||||
Application = "backend"
|
labels = {
|
||||||
}
|
Application = "backend"
|
||||||
},
|
}
|
||||||
{
|
},
|
||||||
namespace = "app-*"
|
{
|
||||||
labels = {
|
namespace = "app-*"
|
||||||
Application = "app-wildcard"
|
labels = {
|
||||||
|
Application = "app-wildcard"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
# Using specific subnets instead of the subnets supplied for the cluster itself
|
||||||
|
subnet_ids = [module.vpc.private_subnets[1]]
|
||||||
|
|
||||||
|
tags = {
|
||||||
|
Owner = "secondary"
|
||||||
}
|
}
|
||||||
]
|
|
||||||
|
|
||||||
# Using specific subnets instead of the subnets supplied for the cluster itself
|
timeouts = {
|
||||||
subnet_ids = [module.vpc.private_subnets[1]]
|
create = "20m"
|
||||||
|
delete = "20m"
|
||||||
tags = {
|
}
|
||||||
Owner = "secondary"
|
|
||||||
}
|
}
|
||||||
|
},
|
||||||
timeouts = {
|
{ for i in range(3) :
|
||||||
create = "20m"
|
"kube-system-${element(split("-", local.azs[i]), 2)}" => {
|
||||||
delete = "20m"
|
selectors = [
|
||||||
|
{ namespace = "kube-system" }
|
||||||
|
]
|
||||||
|
# We want to create a profile per AZ for high availability
|
||||||
|
subnet_ids = element(module.vpc.private_subnets, i)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
)
|
||||||
kube_system = {
|
|
||||||
name = "kube-system"
|
|
||||||
selectors = [
|
|
||||||
{ namespace = "kube-system" }
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
tags = local.tags
|
tags = local.tags
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -92,6 +92,10 @@ module "eks" {
|
|||||||
subnet_ids = module.vpc.private_subnets
|
subnet_ids = module.vpc.private_subnets
|
||||||
control_plane_subnet_ids = module.vpc.intra_subnets
|
control_plane_subnet_ids = module.vpc.intra_subnets
|
||||||
|
|
||||||
|
# Fargate profiles use the cluster primary security group so these are not utilized
|
||||||
|
create_cluster_security_group = false
|
||||||
|
create_node_security_group = false
|
||||||
|
|
||||||
manage_aws_auth_configmap = true
|
manage_aws_auth_configmap = true
|
||||||
aws_auth_roles = [
|
aws_auth_roles = [
|
||||||
# We need to add in the Karpenter node IAM role for nodes launched by Karpenter
|
# We need to add in the Karpenter node IAM role for nodes launched by Karpenter
|
||||||
@@ -105,21 +109,26 @@ module "eks" {
|
|||||||
},
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
fargate_profiles = {
|
fargate_profiles = merge(
|
||||||
kube_system = {
|
{ for i in range(3) :
|
||||||
name = "kube-system"
|
"kube-system-${element(split("-", local.azs[i]), 2)}" => {
|
||||||
selectors = [
|
selectors = [
|
||||||
{ namespace = "kube-system" }
|
{ namespace = "kube-system" }
|
||||||
]
|
]
|
||||||
}
|
# We want to create a profile per AZ for high availability
|
||||||
|
subnet_ids = [element(module.vpc.private_subnets, i)]
|
||||||
karpenter = {
|
}
|
||||||
name = "karpenter"
|
},
|
||||||
selectors = [
|
{ for i in range(3) :
|
||||||
{ namespace = "karpenter" }
|
"karpenter-${element(split("-", local.azs[i]), 2)}" => {
|
||||||
]
|
selectors = [
|
||||||
}
|
{ namespace = "karpenter" }
|
||||||
}
|
]
|
||||||
|
# We want to create a profile per AZ for high availability
|
||||||
|
subnet_ids = [element(module.vpc.private_subnets, i)]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
tags = merge(local.tags, {
|
tags = merge(local.tags, {
|
||||||
# NOTE - if creating multiple security groups with this module, only tag the
|
# NOTE - if creating multiple security groups with this module, only tag the
|
||||||
@@ -151,7 +160,7 @@ resource "helm_release" "karpenter" {
|
|||||||
repository_username = data.aws_ecrpublic_authorization_token.token.user_name
|
repository_username = data.aws_ecrpublic_authorization_token.token.user_name
|
||||||
repository_password = data.aws_ecrpublic_authorization_token.token.password
|
repository_password = data.aws_ecrpublic_authorization_token.token.password
|
||||||
chart = "karpenter"
|
chart = "karpenter"
|
||||||
version = "v0.19.3"
|
version = "v0.21.1"
|
||||||
|
|
||||||
set {
|
set {
|
||||||
name = "settings.aws.clusterName"
|
name = "settings.aws.clusterName"
|
||||||
|
|||||||
@@ -64,14 +64,6 @@ module "eks" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
self_managed_node_group_defaults = {
|
|
||||||
attach_cluster_primary_security_group = true
|
|
||||||
|
|
||||||
iam_role_additional_policies = {
|
|
||||||
AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
self_managed_node_groups = {
|
self_managed_node_groups = {
|
||||||
outpost = {
|
outpost = {
|
||||||
name = local.name
|
name = local.name
|
||||||
|
|||||||
Reference in New Issue
Block a user