github-mirrors/terraform-aws-eks
1
0
Fork 0
mirror of https://github.com/ysoftdevs/terraform-aws-eks.git synced 2026-01-17 09:07:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: Compact result of cluster security group to avoid disruptive updates when no security groups are supplied (#1934)

Browse Source
This commit is contained in:
Bryant Biggs
2022-03-15 17:06:15 -04:00
committed by GitHub
parent 48906c342b
commit 5935670503
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -27,13 +27,13 @@ Users may encounter an error such as `Error: Invalid for_each argument - The "fo
This error is due to an upstream issue with [Terraform core](https://github.com/hashicorp/terraform/issues/4149). There are two potential options you can take to help mitigate this issue: This error is due to an upstream issue with [Terraform core](https://github.com/hashicorp/terraform/issues/4149). There are two potential options you can take to help mitigate this issue:
1. Create the dependent resources before the cluster => `terraform apply -target <your policy or your security group>` and then `terraform apply` for the cluster (or other similar means to just ensure the referenced resources exist before creating the cluster) 1. Create the dependent resources before the cluster => `terraform apply -target <your policy or your security group>` and then `terraform apply` for the cluster (or other similar means to just ensure the referenced resources exist before creating the cluster)
- Note: this is the route users will have to take for adding additonal security groups to nodes since there isn't a separate "security group attachment" resource - Note: this is the route users will have to take for adding additional security groups to nodes since there isn't a separate "security group attachment" resource
2. For addtional IAM policies, users can attach the policies outside of the cluster definition as demonstrated below 2. For additional IAM policies, users can attach the policies outside of the cluster definition as demonstrated below
```hcl ```hcl
resource "aws_iam_role_policy_attachment" "additional" { resource "aws_iam_role_policy_attachment" "additional" {
for_each = module.eks.eks_managed_node_groups for_each = module.eks.eks_managed_node_groups
# you could also do the following or any comibination: # you could also do the following or any combination:
# for_each = merge( # for_each = merge(
# module.eks.eks_managed_node_groups, # module.eks.eks_managed_node_groups,
# module.eks.self_managed_node_group, # module.eks.self_managed_node_group,

2
main.tf
View File

@@ -17,7 +17,7 @@ resource "aws_eks_cluster" "this" {
enabled_cluster_log_types = var.cluster_enabled_log_types enabled_cluster_log_types = var.cluster_enabled_log_types
vpc_config { vpc_config {
security_group_ids = distinct(concat(var.cluster_additional_security_group_ids, [local.cluster_security_group_id])) security_group_ids = compact(distinct(concat(var.cluster_additional_security_group_ids, [local.cluster_security_group_id])))
subnet_ids = var.subnet_ids subnet_ids = var.subnet_ids
endpoint_private_access = var.cluster_endpoint_private_access endpoint_private_access = var.cluster_endpoint_private_access
endpoint_public_access = var.cluster_endpoint_public_access endpoint_public_access = var.cluster_endpoint_public_access